What's wrong with my OpenSSH Include directive?
8
Recently OpenSSH on macOS Sierra was upgraded to 7.3p1 which means that the Include config directive is available, hurray!
However I'm having problems actually using it.
I have the following ~/.ssh/config:
Host github.com
Hostname github.com
User git
IdentityFile ~/.ssh/keys/github_rsa
Host den
HostName narzt-desktop.local
User camden
GSSAPIAuthentication no
AddressFamily inet
Host walle
User CamdenNarzt
HostName WALLE.local
AddressFamily inet
GSSAPIAuthentication no
Include ~/.ssh/config.d/*
I saw here that there might be some useful debug output if I added a bunch of -v flags to my ssh commands, yet when I test the config for a host in one of the included files I get this:
$ ssh -vvvvG git-codecommit.us-east-1.amazonaws.com
OpenSSH_7.3p1, LibreSSL 2.4.1
debug1: Reading configuration data /Users/camdennarzt/.ssh/config
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/family.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/family.conf
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/icloud.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/icloud.conf
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/metabolistics.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/metabolistics.conf
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/scanimetrics.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/scanimetrics.conf
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
user camdennarzt
hostname git-codecommit.us-east-1.amazonaws.com
port 22
addressfamily any
batchmode no
canonicalizefallbacklocal yes
canonicalizehostname false
challengeresponseauthentication yes
checkhostip yes
compression no
controlmaster false
enablesshkeysign no
clearallforwardings no
exitonforwardfailure no
fingerprinthash SHA256
forwardagent no
forwardx11 no
forwardx11trusted no
gatewayports no
gssapiauthentication no
gssapidelegatecredentials no
hashknownhosts no
hostbasedauthentication no
identitiesonly no
kbdinteractiveauthentication yes
nohostauthenticationforlocalhost no
passwordauthentication yes
permitlocalcommand no
protocol 2
proxyusefdpass no
pubkeyauthentication yes
requesttty auto
rhostsrsaauthentication no
rsaauthentication yes
streamlocalbindunlink no
stricthostkeychecking ask
tcpkeepalive yes
tunnel false
useprivilegedport no
verifyhostkeydns false
visualhostkey no
updatehostkeys false
canonicalizemaxdots 1
compressionlevel 6
connectionattempts 1
forwardx11timeout 1200
numberofpasswordprompts 3
serveralivecountmax 3
serveraliveinterval 0
ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
hostkeyalgorithms ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
hostbasedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
kexalgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
loglevel DEBUG3
macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
pubkeyacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
xauthlocation /opt/X11/bin/xauth
identityfile ~/.ssh/id_rsa
identityfile ~/.ssh/id_dsa
identityfile ~/.ssh/id_ecdsa
identityfile ~/.ssh/id_ed25519
canonicaldomains
globalknownhostsfile /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2
userknownhostsfile ~/.ssh/known_hosts ~/.ssh/known_hosts2
sendenv LANG
sendenv LC_*
connecttimeout none
tunneldevice any:any
controlpersist no
escapechar ~
ipqos lowdelay throughput
rekeylimit 0 0
streamlocalbindmask 0177
(Ignore the line numbers in the first bit, I deleted some comments to save space in the question) The user should be the user specified in the ~/.ssh/config.d/metabolistics.conf file, and the identity file should likewise be the one specified in the included config file. I can't post the contents of the ~/.ssh/config.d/metabolistics.conf file, but it's format is exactly the same as the main ~/.ssh/config file but without any further includes.
I checked the permissions and they look fine to me:
$ ls -lhRa ~/.ssh/config*
-rw------- 1 camdennarzt staff 541B 1 Jan 14:22 /Users/camdennarzt/.ssh/config
/Users/camdennarzt/.ssh/config.d:
total 32
drwxr-xr-x 6 camdennarzt staff 204B 1 Jan 14:37 .
drwx------ 9 camdennarzt staff 306B 1 Jan 14:22 ..
-rw------- 1 camdennarzt staff 260B 1 Jan 14:16 family.conf
-rw------- 1 camdennarzt staff 303B 1 Jan 14:17 icloud.conf
-rw------- 1 camdennarzt staff 524B 1 Jan 14:15 metabolistics.conf
-rw------- 1 camdennarzt staff 1.6K 1 Jan 14:15 scanimetrics.conf
macos ssh openssh
edited Mar 20 '17 at 10:16
Community♦
1
asked Jan 1 '17 at 22:26
Camden NarztCamden Narzt
464214
add a comment |
8
Recently OpenSSH on macOS Sierra was upgraded to 7.3p1 which means that the Include config directive is available, hurray!
However I'm having problems actually using it.
I have the following ~/.ssh/config:
Host github.com
Hostname github.com
User git
IdentityFile ~/.ssh/keys/github_rsa
Host den
HostName narzt-desktop.local
User camden
GSSAPIAuthentication no
AddressFamily inet
Host walle
User CamdenNarzt
HostName WALLE.local
AddressFamily inet
GSSAPIAuthentication no
Include ~/.ssh/config.d/*
I saw here that there might be some useful debug output if I added a bunch of -v flags to my ssh commands, yet when I test the config for a host in one of the included files I get this:
$ ssh -vvvvG git-codecommit.us-east-1.amazonaws.com
OpenSSH_7.3p1, LibreSSL 2.4.1
debug1: Reading configuration data /Users/camdennarzt/.ssh/config
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/family.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/family.conf
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/icloud.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/icloud.conf
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/metabolistics.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/metabolistics.conf
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/scanimetrics.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/scanimetrics.conf
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
user camdennarzt
hostname git-codecommit.us-east-1.amazonaws.com
port 22
addressfamily any
batchmode no
canonicalizefallbacklocal yes
canonicalizehostname false
challengeresponseauthentication yes
checkhostip yes
compression no
controlmaster false
enablesshkeysign no
clearallforwardings no
exitonforwardfailure no
fingerprinthash SHA256
forwardagent no
forwardx11 no
forwardx11trusted no
gatewayports no
gssapiauthentication no
gssapidelegatecredentials no
hashknownhosts no
hostbasedauthentication no
identitiesonly no
kbdinteractiveauthentication yes
nohostauthenticationforlocalhost no
passwordauthentication yes
permitlocalcommand no
protocol 2
proxyusefdpass no
pubkeyauthentication yes
requesttty auto
rhostsrsaauthentication no
rsaauthentication yes
streamlocalbindunlink no
stricthostkeychecking ask
tcpkeepalive yes
tunnel false
useprivilegedport no
verifyhostkeydns false
visualhostkey no
updatehostkeys false
canonicalizemaxdots 1
compressionlevel 6
connectionattempts 1
forwardx11timeout 1200
numberofpasswordprompts 3
serveralivecountmax 3
serveraliveinterval 0
ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
hostkeyalgorithms ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
hostbasedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
kexalgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
loglevel DEBUG3
macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
pubkeyacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
xauthlocation /opt/X11/bin/xauth
identityfile ~/.ssh/id_rsa
identityfile ~/.ssh/id_dsa
identityfile ~/.ssh/id_ecdsa
identityfile ~/.ssh/id_ed25519
canonicaldomains
globalknownhostsfile /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2
userknownhostsfile ~/.ssh/known_hosts ~/.ssh/known_hosts2
sendenv LANG
sendenv LC_*
connecttimeout none
tunneldevice any:any
controlpersist no
escapechar ~
ipqos lowdelay throughput
rekeylimit 0 0
streamlocalbindmask 0177
(Ignore the line numbers in the first bit, I deleted some comments to save space in the question) The user should be the user specified in the ~/.ssh/config.d/metabolistics.conf file, and the identity file should likewise be the one specified in the included config file. I can't post the contents of the ~/.ssh/config.d/metabolistics.conf file, but it's format is exactly the same as the main ~/.ssh/config file but without any further includes.
I checked the permissions and they look fine to me:
$ ls -lhRa ~/.ssh/config*
-rw------- 1 camdennarzt staff 541B 1 Jan 14:22 /Users/camdennarzt/.ssh/config
/Users/camdennarzt/.ssh/config.d:
total 32
drwxr-xr-x 6 camdennarzt staff 204B 1 Jan 14:37 .
drwx------ 9 camdennarzt staff 306B 1 Jan 14:22 ..
-rw------- 1 camdennarzt staff 260B 1 Jan 14:16 family.conf
-rw------- 1 camdennarzt staff 303B 1 Jan 14:17 icloud.conf
-rw------- 1 camdennarzt staff 524B 1 Jan 14:15 metabolistics.conf
-rw------- 1 camdennarzt staff 1.6K 1 Jan 14:15 scanimetrics.conf
macos ssh openssh
edited Mar 20 '17 at 10:16
Community♦
1
asked Jan 1 '17 at 22:26
Camden NarztCamden Narzt
464214
add a comment |
8
8
8
Recently OpenSSH on macOS Sierra was upgraded to 7.3p1 which means that the Include config directive is available, hurray!
However I'm having problems actually using it.
I have the following ~/.ssh/config:
Host github.com
Hostname github.com
User git
IdentityFile ~/.ssh/keys/github_rsa
Host den
HostName narzt-desktop.local
User camden
GSSAPIAuthentication no
AddressFamily inet
Host walle
User CamdenNarzt
HostName WALLE.local
AddressFamily inet
GSSAPIAuthentication no
Include ~/.ssh/config.d/*
I saw here that there might be some useful debug output if I added a bunch of -v flags to my ssh commands, yet when I test the config for a host in one of the included files I get this:
$ ssh -vvvvG git-codecommit.us-east-1.amazonaws.com
OpenSSH_7.3p1, LibreSSL 2.4.1
debug1: Reading configuration data /Users/camdennarzt/.ssh/config
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/family.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/family.conf
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/icloud.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/icloud.conf
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/metabolistics.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/metabolistics.conf
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/scanimetrics.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/scanimetrics.conf
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
user camdennarzt
hostname git-codecommit.us-east-1.amazonaws.com
port 22
addressfamily any
batchmode no
canonicalizefallbacklocal yes
canonicalizehostname false
challengeresponseauthentication yes
checkhostip yes
compression no
controlmaster false
enablesshkeysign no
clearallforwardings no
exitonforwardfailure no
fingerprinthash SHA256
forwardagent no
forwardx11 no
forwardx11trusted no
gatewayports no
gssapiauthentication no
gssapidelegatecredentials no
hashknownhosts no
hostbasedauthentication no
identitiesonly no
kbdinteractiveauthentication yes
nohostauthenticationforlocalhost no
passwordauthentication yes
permitlocalcommand no
protocol 2
proxyusefdpass no
pubkeyauthentication yes
requesttty auto
rhostsrsaauthentication no
rsaauthentication yes
streamlocalbindunlink no
stricthostkeychecking ask
tcpkeepalive yes
tunnel false
useprivilegedport no
verifyhostkeydns false
visualhostkey no
updatehostkeys false
canonicalizemaxdots 1
compressionlevel 6
connectionattempts 1
forwardx11timeout 1200
numberofpasswordprompts 3
serveralivecountmax 3
serveraliveinterval 0
ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
hostkeyalgorithms ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
hostbasedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
kexalgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
loglevel DEBUG3
macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
pubkeyacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
xauthlocation /opt/X11/bin/xauth
identityfile ~/.ssh/id_rsa
identityfile ~/.ssh/id_dsa
identityfile ~/.ssh/id_ecdsa
identityfile ~/.ssh/id_ed25519
canonicaldomains
globalknownhostsfile /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2
userknownhostsfile ~/.ssh/known_hosts ~/.ssh/known_hosts2
sendenv LANG
sendenv LC_*
connecttimeout none
tunneldevice any:any
controlpersist no
escapechar ~
ipqos lowdelay throughput
rekeylimit 0 0
streamlocalbindmask 0177
(Ignore the line numbers in the first bit, I deleted some comments to save space in the question) The user should be the user specified in the ~/.ssh/config.d/metabolistics.conf file, and the identity file should likewise be the one specified in the included config file. I can't post the contents of the ~/.ssh/config.d/metabolistics.conf file, but it's format is exactly the same as the main ~/.ssh/config file but without any further includes.
I checked the permissions and they look fine to me:
$ ls -lhRa ~/.ssh/config*
-rw------- 1 camdennarzt staff 541B 1 Jan 14:22 /Users/camdennarzt/.ssh/config
/Users/camdennarzt/.ssh/config.d:
total 32
drwxr-xr-x 6 camdennarzt staff 204B 1 Jan 14:37 .
drwx------ 9 camdennarzt staff 306B 1 Jan 14:22 ..
-rw------- 1 camdennarzt staff 260B 1 Jan 14:16 family.conf
-rw------- 1 camdennarzt staff 303B 1 Jan 14:17 icloud.conf
-rw------- 1 camdennarzt staff 524B 1 Jan 14:15 metabolistics.conf
-rw------- 1 camdennarzt staff 1.6K 1 Jan 14:15 scanimetrics.conf
macos ssh openssh
edited Mar 20 '17 at 10:16
Community♦
1
asked Jan 1 '17 at 22:26
Camden NarztCamden Narzt
464214
Recently OpenSSH on macOS Sierra was upgraded to 7.3p1 which means that the Include config directive is available, hurray!
However I'm having problems actually using it.
I have the following ~/.ssh/config:
Host github.com
Hostname github.com
User git
IdentityFile ~/.ssh/keys/github_rsa
Host den
HostName narzt-desktop.local
User camden
GSSAPIAuthentication no
AddressFamily inet
Host walle
User CamdenNarzt
HostName WALLE.local
AddressFamily inet
GSSAPIAuthentication no
Include ~/.ssh/config.d/*
I saw here that there might be some useful debug output if I added a bunch of -v flags to my ssh commands, yet when I test the config for a host in one of the included files I get this:
$ ssh -vvvvG git-codecommit.us-east-1.amazonaws.com
OpenSSH_7.3p1, LibreSSL 2.4.1
debug1: Reading configuration data /Users/camdennarzt/.ssh/config
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/family.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/family.conf
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/icloud.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/icloud.conf
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/metabolistics.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/metabolistics.conf
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/scanimetrics.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/scanimetrics.conf
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
user camdennarzt
hostname git-codecommit.us-east-1.amazonaws.com
port 22
addressfamily any
batchmode no
canonicalizefallbacklocal yes
canonicalizehostname false
challengeresponseauthentication yes
checkhostip yes
compression no
controlmaster false
enablesshkeysign no
clearallforwardings no
exitonforwardfailure no
fingerprinthash SHA256
forwardagent no
forwardx11 no
forwardx11trusted no
gatewayports no
gssapiauthentication no
gssapidelegatecredentials no
hashknownhosts no
hostbasedauthentication no
identitiesonly no
kbdinteractiveauthentication yes
nohostauthenticationforlocalhost no
passwordauthentication yes
permitlocalcommand no
protocol 2
proxyusefdpass no
pubkeyauthentication yes
requesttty auto
rhostsrsaauthentication no
rsaauthentication yes
streamlocalbindunlink no
stricthostkeychecking ask
tcpkeepalive yes
tunnel false
useprivilegedport no
verifyhostkeydns false
visualhostkey no
updatehostkeys false
canonicalizemaxdots 1
compressionlevel 6
connectionattempts 1
forwardx11timeout 1200
numberofpasswordprompts 3
serveralivecountmax 3
serveraliveinterval 0
ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
hostkeyalgorithms ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
hostbasedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
kexalgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
loglevel DEBUG3
macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
pubkeyacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
xauthlocation /opt/X11/bin/xauth
identityfile ~/.ssh/id_rsa
identityfile ~/.ssh/id_dsa
identityfile ~/.ssh/id_ecdsa
identityfile ~/.ssh/id_ed25519
canonicaldomains
globalknownhostsfile /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2
userknownhostsfile ~/.ssh/known_hosts ~/.ssh/known_hosts2
sendenv LANG
sendenv LC_*
connecttimeout none
tunneldevice any:any
controlpersist no
escapechar ~
ipqos lowdelay throughput
rekeylimit 0 0
streamlocalbindmask 0177
(Ignore the line numbers in the first bit, I deleted some comments to save space in the question) The user should be the user specified in the ~/.ssh/config.d/metabolistics.conf file, and the identity file should likewise be the one specified in the included config file. I can't post the contents of the ~/.ssh/config.d/metabolistics.conf file, but it's format is exactly the same as the main ~/.ssh/config file but without any further includes.
I checked the permissions and they look fine to me:
$ ls -lhRa ~/.ssh/config*
-rw------- 1 camdennarzt staff 541B 1 Jan 14:22 /Users/camdennarzt/.ssh/config
/Users/camdennarzt/.ssh/config.d:
total 32
drwxr-xr-x 6 camdennarzt staff 204B 1 Jan 14:37 .
drwx------ 9 camdennarzt staff 306B 1 Jan 14:22 ..
-rw------- 1 camdennarzt staff 260B 1 Jan 14:16 family.conf
-rw------- 1 camdennarzt staff 303B 1 Jan 14:17 icloud.conf
-rw------- 1 camdennarzt staff 524B 1 Jan 14:15 metabolistics.conf
-rw------- 1 camdennarzt staff 1.6K 1 Jan 14:15 scanimetrics.conf
macos ssh openssh
macos ssh openssh
edited Mar 20 '17 at 10:16
Community♦
1
asked Jan 1 '17 at 22:26
Camden NarztCamden Narzt
464214
edited Mar 20 '17 at 10:16
Community♦
1
asked Jan 1 '17 at 22:26
Camden NarztCamden Narzt
464214
edited Mar 20 '17 at 10:16
Community♦
1
edited Mar 20 '17 at 10:16
Community♦
1
edited Mar 20 '17 at 10:16
Community♦
1
1
asked Jan 1 '17 at 22:26
Camden NarztCamden Narzt
464214
asked Jan 1 '17 at 22:26
Camden NarztCamden Narzt
464214
asked Jan 1 '17 at 22:26
Camden NarztCamden Narzt
464214
464214
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
15
Figured it out myself. The clue was in the ssh_config man page:
Include
Include the specified configuration file(s). Multiple pathnames may be specified and each pathname may contain glob(3) wildcards and, for user configurations, shell-like
``~'' references to user home directories. Files without absolute paths are assumed to be in ~/.ssh if included in a user configuration file or /etc/ssh if included from
the system configuration file. Include directive may appear inside a Match or Host block to perform conditional inclusion.
I had my Include statement trailing a Host directive so it was being included into that Host's config.
answered Jan 1 '17 at 22:50
Camden NarztCamden Narzt
464214
4
In other words theIncludedirective must go to the top of theconfigfile (before the "body" made ofHostblocks)
– lucianf
Aug 6 '18 at 12:13
1
Thanks, while that does follow from the docs it isn't immediately obvious when trying to figure out why a config isn't working :)
– larsks
Oct 15 '18 at 2:09
add a comment |
0
actually no. It's a short-circuit bug in the SSHCONF_NEVERMATCH flag's use. I'm working on diffs to fix the mess. Includes should be able to go anywhere (and also be recursive) be it main body or inside a Host|Match block. The only tricky bit is knowing when you've unrolled the stack of read_config_file_depth() and can resume processing Host|Match again.
I'll be posting to my branch when I have something.
answered Jan 24 at 6:07
MattPMattP
1
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1162387%2fwhats-wrong-with-my-openssh-include-directive%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
15
Figured it out myself. The clue was in the ssh_config man page:
Include
Include the specified configuration file(s). Multiple pathnames may be specified and each pathname may contain glob(3) wildcards and, for user configurations, shell-like
``~'' references to user home directories. Files without absolute paths are assumed to be in ~/.ssh if included in a user configuration file or /etc/ssh if included from
the system configuration file. Include directive may appear inside a Match or Host block to perform conditional inclusion.
I had my Include statement trailing a Host directive so it was being included into that Host's config.
answered Jan 1 '17 at 22:50
Camden NarztCamden Narzt
464214
4
In other words theIncludedirective must go to the top of theconfigfile (before the "body" made ofHostblocks)
– lucianf
Aug 6 '18 at 12:13
1
Thanks, while that does follow from the docs it isn't immediately obvious when trying to figure out why a config isn't working :)
– larsks
Oct 15 '18 at 2:09
add a comment |
15
Figured it out myself. The clue was in the ssh_config man page:
Include
Include the specified configuration file(s). Multiple pathnames may be specified and each pathname may contain glob(3) wildcards and, for user configurations, shell-like
``~'' references to user home directories. Files without absolute paths are assumed to be in ~/.ssh if included in a user configuration file or /etc/ssh if included from
the system configuration file. Include directive may appear inside a Match or Host block to perform conditional inclusion.
I had my Include statement trailing a Host directive so it was being included into that Host's config.
answered Jan 1 '17 at 22:50
Camden NarztCamden Narzt
464214
4
In other words theIncludedirective must go to the top of theconfigfile (before the "body" made ofHostblocks)
– lucianf
Aug 6 '18 at 12:13
1
Thanks, while that does follow from the docs it isn't immediately obvious when trying to figure out why a config isn't working :)
– larsks
Oct 15 '18 at 2:09
add a comment |
15
15
15
Figured it out myself. The clue was in the ssh_config man page:
Include
Include the specified configuration file(s). Multiple pathnames may be specified and each pathname may contain glob(3) wildcards and, for user configurations, shell-like
``~'' references to user home directories. Files without absolute paths are assumed to be in ~/.ssh if included in a user configuration file or /etc/ssh if included from
the system configuration file. Include directive may appear inside a Match or Host block to perform conditional inclusion.
I had my Include statement trailing a Host directive so it was being included into that Host's config.
answered Jan 1 '17 at 22:50
Camden NarztCamden Narzt
464214
Figured it out myself. The clue was in the ssh_config man page:
Include
Include the specified configuration file(s). Multiple pathnames may be specified and each pathname may contain glob(3) wildcards and, for user configurations, shell-like
``~'' references to user home directories. Files without absolute paths are assumed to be in ~/.ssh if included in a user configuration file or /etc/ssh if included from
the system configuration file. Include directive may appear inside a Match or Host block to perform conditional inclusion.
I had my Include statement trailing a Host directive so it was being included into that Host's config.
answered Jan 1 '17 at 22:50
Camden NarztCamden Narzt
464214
answered Jan 1 '17 at 22:50
Camden NarztCamden Narzt
464214
answered Jan 1 '17 at 22:50
Camden NarztCamden Narzt
464214
answered Jan 1 '17 at 22:50
Camden NarztCamden Narzt
464214
464214
4
In other words theIncludedirective must go to the top of theconfigfile (before the "body" made ofHostblocks)
– lucianf
Aug 6 '18 at 12:13
1
Thanks, while that does follow from the docs it isn't immediately obvious when trying to figure out why a config isn't working :)
– larsks
Oct 15 '18 at 2:09
add a comment |
4
In other words theIncludedirective must go to the top of theconfigfile (before the "body" made ofHostblocks)
– lucianf
Aug 6 '18 at 12:13
1
Thanks, while that does follow from the docs it isn't immediately obvious when trying to figure out why a config isn't working :)
– larsks
Oct 15 '18 at 2:09
4
4
In other words the
Include directive must go to the top of the config file (before the "body" made of Host blocks)– lucianf
Aug 6 '18 at 12:13
In other words the
Include directive must go to the top of the config file (before the "body" made of Host blocks)– lucianf
Aug 6 '18 at 12:13
1
1
Thanks, while that does follow from the docs it isn't immediately obvious when trying to figure out why a config isn't working :)
– larsks
Oct 15 '18 at 2:09
Thanks, while that does follow from the docs it isn't immediately obvious when trying to figure out why a config isn't working :)
– larsks
Oct 15 '18 at 2:09
add a comment |
0
actually no. It's a short-circuit bug in the SSHCONF_NEVERMATCH flag's use. I'm working on diffs to fix the mess. Includes should be able to go anywhere (and also be recursive) be it main body or inside a Host|Match block. The only tricky bit is knowing when you've unrolled the stack of read_config_file_depth() and can resume processing Host|Match again.
I'll be posting to my branch when I have something.
answered Jan 24 at 6:07
MattPMattP
1
add a comment |
0
actually no. It's a short-circuit bug in the SSHCONF_NEVERMATCH flag's use. I'm working on diffs to fix the mess. Includes should be able to go anywhere (and also be recursive) be it main body or inside a Host|Match block. The only tricky bit is knowing when you've unrolled the stack of read_config_file_depth() and can resume processing Host|Match again.
I'll be posting to my branch when I have something.
answered Jan 24 at 6:07
MattPMattP
1
add a comment |
0
0
0
actually no. It's a short-circuit bug in the SSHCONF_NEVERMATCH flag's use. I'm working on diffs to fix the mess. Includes should be able to go anywhere (and also be recursive) be it main body or inside a Host|Match block. The only tricky bit is knowing when you've unrolled the stack of read_config_file_depth() and can resume processing Host|Match again.
I'll be posting to my branch when I have something.
answered Jan 24 at 6:07
MattPMattP
1
actually no. It's a short-circuit bug in the SSHCONF_NEVERMATCH flag's use. I'm working on diffs to fix the mess. Includes should be able to go anywhere (and also be recursive) be it main body or inside a Host|Match block. The only tricky bit is knowing when you've unrolled the stack of read_config_file_depth() and can resume processing Host|Match again.
I'll be posting to my branch when I have something.
answered Jan 24 at 6:07
MattPMattP
1
answered Jan 24 at 6:07
MattPMattP
1
answered Jan 24 at 6:07
MattPMattP
1
answered Jan 24 at 6:07
MattPMattP
1
1
add a comment |
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1162387%2fwhats-wrong-with-my-openssh-include-directive%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
