bugzilla-daemon at mindrot.org
2025-Feb-28 07:26 UTC
[Bug 3796] New: %tokens and environment variables are not expanded within `Include` statements
https://bugzilla.mindrot.org/show_bug.cgi?id=3796
Bug ID: 3796
Summary: %tokens and environment variables are not expanded
within `Include` statements
Product: Portable OpenSSH
Version: 9.9p2
Hardware: Other
OS: Windows 11
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: skyler.soss at gmail.com
OpenSSH supports the use of include statements such as:
```
# /etc/ssh/ssh_config
Include ssh_config.d/%u/config
```
This allows administrators to set per-user settings. This feature is
not supported by this implementation.
If this is an intentional deviation from the standard, it should be
documented as currently the wiki links to the [OpenBSD manpage for
`ssh_config(5)`](https://man.openbsd.org/ssh_config) that specifies the
expansion behavior.>From that page:
> Include
> Include the specified configuration file(s). Multiple pathnames may be
specified and each pathname may contain glob(7) wildcards, tokens as described
in the TOKENS section, environment variables as described in the ENVIRONMENT
VARIABLES section and, for user configurations, shell-like ?~? references to
user home directories.
### Technical implementation details
[This function
call](https://github.com/openssh/openssh-portable/blob/dfd9880585db1570656022f9fe1519df673f7b8a/readconf.c#L2076)
in the `oInclude` case should be called. That function call is not
present in this project's `readconf.c`.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Feb-28 07:35 UTC
[Bug 3796] %tokens and environment variables are not expanded within `Include` statements
https://bugzilla.mindrot.org/show_bug.cgi?id=3796
skyler.soss at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |DUPLICATE
Status|NEW |RESOLVED
--- Comment #1 from skyler.soss at gmail.com ---
This is likely a duplicate of Bug 3477
*** This bug has been marked as a duplicate of bug 3477 ***
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Feb-28 08:51 UTC
[Bug 3796] %tokens and environment variables are not expanded within `Include` statements
https://bugzilla.mindrot.org/show_bug.cgi?id=3796
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
Resolution|DUPLICATE |---
Status|RESOLVED |REOPENED
--- Comment #2 from Darren Tucker <dtucker at dtucker.net> ---
I don't think that's a duplicate of bug#3477, but I also don't see
the
problem you are referring to:
$ ssh -V
OpenSSH_9.9p2, OpenSSL 3.2.4 11 Feb 2025
$ echo 'Include ~/tmp/%u.include' >~/tmp/ssh_config
$ echo 'hostname seemstowork' >~/tmp/dtucker.include
$ ssh -vvv -F ~/tmp/ssh_config -G localhost | egrep '^hostname '
OpenSSH_9.9p2, OpenSSL 3.2.4 11 Feb 2025
debug1: Reading configuration data ssh_config
debug3: ssh_config line 1: Including file
/home/dtucker/tmp/dtucker.include depth 0
debug1: Reading configuration data /home/dtucker/tmp/dtucker.include
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' ->
'/home/dtucker/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' ->
'/home/dtucker/.ssh/known_hosts2'
hostname seemstowork
Can you show a minimal config that demonstrates your problem, ssh -vvv
yourserver and attach the output to this bug (using "create
attatchment")?
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Feb-28 10:25 UTC
[Bug 3796] %tokens and environment variables are not expanded within `Include` statements
https://bugzilla.mindrot.org/show_bug.cgi?id=3796 --- Comment #3 from Darren Tucker <dtucker at dtucker.net> --- Oh, and since you specified "Windows" as the platform: if you are using the Microsoft fork of OpenSSH, that is heavily modified, so if you cannot reproduce the problem with the stock code from openssh.com then we cannot help you, you need to seek assistance from Microsoft. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.