beawre the place where you put ssh include directive after
Roy
Posted on August 3, 2021
我之前的 ~/.ssh/config 中的配置是
Host *
<directives>
User root
Include hosts-enabled/*.config
hosts-enabled/gcp.config
Host gcp-1
HostName 35.194.164.130
User hi
当我试图 ssh gcp-1 时,发现总是以 root 用户而非 hi 用户登陆,除非被这段配置挪到主配置文件 Host *
上方
原因是 Include directive may appear inside a Match or Host block to perform conditional inclusion. I had my Include statement trailing a Host directive so it was being included into that Host's config. ssh does not honor indention level as I supposed
如果我将
Host *
<directives>
User root
作为 default.config 子配置文件放在 hosts-enabled 目录中,主配置文件只保留Include hosts-enabled/*.config
, gcp.config 中的 User hi
指令仍然不会生效,把 default.config 中的 User root
指令删除就正常了,根据 man page
For each parameter, the first obtained value will be used. The configuration files contain sections separated by Host specifications, and that section is only applied for hosts that match one of the patterns given in the specification. The matched host name is usually the one given on the command line (see the CanonicalizeHostname option for exceptions).
Since the first obtained value for each parameter is used, more host-specific declarations should be given near the beginning of the file, and general defaults at the end.
根据字母顺序,default.config 中的配置会比 gcp.config 中的配置先加载
当我把 Include 指令放在一个 带有 HostName 的 host block 之后时,试图登陆一台主机甚至会报错
ssh: Could not resolve hostname gcp-1: Temporary failure in name resolution
这是因为前面的 HostName 指令覆盖了后面所有的 HostName 指令
所以 Include 指令最好包含在所有 Host 指令之前,或者
You can leave the Include statement at the end of the file if you precede it with Match all. This terminates the previous Host/Match, and then conditionally always includes the file(s). So, the file would end with:
Match all
Include config.d/*
Posted on August 3, 2021
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.