openssh bugs - Mar 2017 - [Bug 2693] New: ssh: Include'ed host is not resolved by ssh

https://bugzilla.mindrot.org/show_bug.cgi?id=2693

            Bug ID: 2693
           Summary: ssh: Include'ed host is not resolved by ssh
           Product: Portable OpenSSH
           Version: 7.4p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: peter.volkov at gmail.com

I'm trying to use ssh client. I've created following configs:

/home/pay/.ssh/config:
===========cut here=========Host thtv.db?
    User pva

Include ssh-config/*.ssh
===========cut here=========
/home/pay/.ssh/ssh-config/thtv.ssh:
===========cut here=========Host thtv.enc1
    Port 2249
    HostName 10.0.200.18
===========cut here=========
But ssh is not able to "resolve" thtv.enc1:

$ ssh thtv.enc1 -vvv
OpenSSH_7.4p1, OpenSSL 1.0.2k  26 Jan 2017
debug1: Reading configuration data /home/pay/.ssh/config
debug3: /home/pay/.ssh/config line 4: Including file
/home/pay/.ssh/ssh-config/thtv.ssh depth 0 (parse only)
debug1: Reading configuration data /home/pay/.ssh/ssh-config/thtv.ssh
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "thtv.enc1" port 22
ssh: Could not resolve hostname thtv.enc1: Name or service not known
$ 


If I comment first two lines in .ssh/config (Host thtv.db? and next
line) ssh starts to Apply options for thtv.enc1 in Included file and
everything magically starts to work! Also if I move Host thtv.enc1
config to .ssh/config everything starts to work as well.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2693

Jakub Jelen <jjelen at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jjelen at redhat.com

--- Comment #1 from Jakub Jelen <jjelen at redhat.com> ---
There is a problem, that the semantics of Include is evaluated after
the Match block. This basically means that the `ssh-config/*.ssh` is
included only if the host matches `thtv.db?`

It is clearly communicated in the manual page for ssh_config:
> Include directive may appear inside a Match or Host block to perform
conditional inclusion.
Your configuration files should look like below to include the file
unconditionally:

/home/pay/.ssh/config:
===========cut here=========Include ssh-config/*.ssh
Host thtv.db?
    User pva
===========cut here=========
/home/pay/.ssh/ssh-config/thtv.ssh:
===========cut here=========Host thtv.enc1
    Port 2249
    HostName 10.0.200.18
===========cut here=========
-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2693

--- Comment #2 from pva <peter.volkov at gmail.com> ---
Thank you very much for clarification! I need to define users for Hosts
before Include'd configs, since that configs define "default"
users as
well. So I'll use

Host *
    Include ssh-config/*.ssh

Yet this is not evident since debug log clearly states that configs are
read, but then silently not applied. Not self evident, but I see. I'll
leave resolution up to you guys.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2693

--- Comment #3 from Jakub Jelen <jjelen at redhat.com> ---
Well, the debug log says "(parse only)":

  debug3: ~/.ssh/config line 4: Including file
~/.ssh/ssh-config/thtv.ssh depth 0 (parse only)

It is not present in case the included file is parsed and used:

  debug3: ~/.ssh/config line 4: Including file
~/.ssh/ssh-config/thtv.ssh depth 0

It might not be completely clear what "parse only" means but with the
clarification in manual page it sounds pretty clear to me (but I was
here with the birth of this option). Improvements for both log and
manual pages are always welcomed.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2693

pva <peter.volkov at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |WORKSFORME
             Status|NEW                         |RESOLVED

--- Comment #4 from pva <peter.volkov at gmail.com> ---
Jakub, I think it will be more evident not to read and parse file at
all if it will not be used later. Also for very large ssh configs this
could add some performance gain :) But as I said, for me this issue
resolved and I'll update status as is. I was not attentive enough while
read documentation.

Thank you, guys, for you help!

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2693

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #5 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after release of OpenSSH 7.7.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.