openssh bugs - Feb 2025 - [Bug 3796] New: %tokens and environment variables are not expanded within `Include` statements

https://bugzilla.mindrot.org/show_bug.cgi?id=3796

            Bug ID: 3796
           Summary: %tokens and environment variables are not expanded
                    within `Include` statements
           Product: Portable OpenSSH
           Version: 9.9p2
          Hardware: Other
                OS: Windows 11
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: skyler.soss at gmail.com

OpenSSH supports the use of include statements such as:

```
# /etc/ssh/ssh_config
Include ssh_config.d/%u/config
```

This allows administrators to set per-user settings. This feature is
not supported by this implementation.

If this is an intentional deviation from the standard, it should be
documented as currently the wiki links to the [OpenBSD manpage for
`ssh_config(5)`](https://man.openbsd.org/ssh_config) that specifies the
expansion behavior.
>From that page:
> Include
> Include the specified configuration file(s). Multiple pathnames may be
specified and each pathname may contain glob(7) wildcards, tokens as described
in the TOKENS section, environment variables as described in the ENVIRONMENT
VARIABLES section and, for user configurations, shell-like ?~? references to
user home directories.
### Technical implementation details

[This function
call](https://github.com/openssh/openssh-portable/blob/dfd9880585db1570656022f9fe1519df673f7b8a/readconf.c#L2076)
in the `oInclude` case should be called. That function call is not
present in this project's `readconf.c`.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3796

skyler.soss at gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |DUPLICATE
             Status|NEW                         |RESOLVED

--- Comment #1 from skyler.soss at gmail.com ---
This is likely a duplicate of Bug 3477

*** This bug has been marked as a duplicate of bug 3477 ***

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3796

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net
         Resolution|DUPLICATE                   |---
             Status|RESOLVED                    |REOPENED

--- Comment #2 from Darren Tucker <dtucker at dtucker.net> ---
I don't think that's a duplicate of bug#3477, but I also don't see
the
problem you are referring to:

$ ssh -V
OpenSSH_9.9p2, OpenSSL 3.2.4 11 Feb 2025

$ echo 'Include ~/tmp/%u.include' >~/tmp/ssh_config
$ echo 'hostname seemstowork' >~/tmp/dtucker.include

$ ssh -vvv -F ~/tmp/ssh_config -G localhost | egrep '^hostname '
OpenSSH_9.9p2, OpenSSL 3.2.4 11 Feb 2025
debug1: Reading configuration data ssh_config
debug3: ssh_config line 1: Including file
/home/dtucker/tmp/dtucker.include depth 0
debug1: Reading configuration data /home/dtucker/tmp/dtucker.include
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' ->
'/home/dtucker/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' ->
'/home/dtucker/.ssh/known_hosts2'
hostname seemstowork

Can you show a minimal config that demonstrates your problem, ssh -vvv
yourserver and attach the output to this bug (using "create
attatchment")?

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3796

--- Comment #3 from Darren Tucker <dtucker at dtucker.net> ---
Oh, and since you specified "Windows" as the platform: if you are
using
the Microsoft fork of OpenSSH, that is heavily modified, so if you
cannot reproduce the problem with the stock code from openssh.com then
we cannot help you, you need to seek assistance from Microsoft.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.