openssh bugs - Oct 2024 - [Bug 3742] New: ssh_config default values with Host-specific values does not apply

https://bugzilla.mindrot.org/show_bug.cgi?id=3742

            Bug ID: 3742
           Summary: ssh_config default values with Host-specific values
                    does not apply
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: reukiodo at gmail.com

Without any configuration, ssh client uses the username of the logged
in user. If this is not a good default, there is an option to set `User
realusername` in ~/.ssh/config on a per-user basis. However, if there
is a length of hosts, there is no easy way to set a default username
while still allowing a per-Host override.

example 1:
User defaultusername
...
Host a
...
Host b
...
Host z
...
Host A
  User specificusername
...

example 2:
Host *
  User defaultusername
...
Host a
...
Host b
...
Host z
...
Host A
  User specificusername
...

example 3:
Host a
...
Host b
...
Host z
...
Host A
  User specificusername
...
Host *
  User defaultusername
...

In any of these examples, `specificusername` is never used for `Host
A`. The same applies for any setting in `Host *` to set a user default.

Previously there was a https://bugzilla.mindrot.org/show_bug.cgi?id=351
which requested for a ladder-like approach to build complete
configuration in a compact way. While this may be idealistic, at a bare
minimum each user should have the ability to set their own defaults
while still allowing for Host-based configuration overrides.

The steps to build a full config should be something like:
0. (built-in defaults)
1. consult environment (e.g. whoami, ~/.ssh/id_*, etc)
2. system-wide generic configuration (e.g. /etc/ssh/ssh_config:Host *)
3. system-wide specific configuration (e.g. /etc/ssh/ssh_config:Host x)
4. user-specific generic configuration (e.g. ~/.ssh/config:Host *)
5. user-specific specific configuration (e.g. ~/.ssh/config:Host x)
where each step overrides the individual config items from the results
of the previous

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3742

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WORKSFORME
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
The approach in example 3 works fine:
> [djm at desktop ~]$ cat > /tmp/cfg
> Host a
>     User user_a
> Host b
>     User user_b 
> Host A
>     User specificusername
> Host *
>     User defaultusername
> [djm at desktop ~]$ ssh -F /tmp/cfg -G A | grep '^user '
> user specificusername
> [djm at desktop ~]$ ssh -F /tmp/cfg -G a | grep '^user '
> user user_a
> [djm at desktop ~]$ ssh -F /tmp/cfg -G xxx | grep '^user '
> user defaultusername
You can also use Match final if you prefer the list the defaults first,
though this will cause the config to be evaluated twice.
> [djm at desktop ~]$ cat > /tmp/cfg
> Match final
>     User defaultusername
> Host a
>     User user_a
> Host b
>     User user_b 
> Host A
>     User specificusername
> [djm at desktop ~]$ ssh -F /tmp/cfg -G A | grep '^user '
> user specificusername
> [djm at desktop ~]$ ssh -F /tmp/cfg -G a | grep '^user '
> user user_a
> [djm at desktop ~]$ ssh -F /tmp/cfg -G xxx | grep '^user '
> user defaultusername
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3742

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net

--- Comment #2 from Darren Tucker <dtucker at dtucker.net> ---
You can think of it as "put overrides at the top and defaults at the
bottom".

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3742

Miles Raymond <reukiodo at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 OS|Linux                       |Windows 10
            Version|-current                    |9.5p1

--- Comment #3 from Miles Raymond <reukiodo at gmail.com> ---
That is so strange... I know I tried all 3 ways previously, and none of
them worked.

I tried example 3 again and was able to get the specificusername
instead of the defaultusername.

I'll update all our documentation to reflect defaults on bottom.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3742

--- Comment #4 from Miles Raymond <reukiodo at gmail.com> ---
I also tested the Match final way, putting defaults at the top, more
consistent with many other configurations, and that also works well.

While VSCode is smart enough to filter out 'Host *' it isn't quite
smart enough to filter out 'Match final' and shows it as a separate
host to connect to. Not an ssh issue, but perhaps still a bug to report
to VSCode.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.