-
Notifications
You must be signed in to change notification settings - Fork 120
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generate a cleaner ssh config file #980
base: master
Are you sure you want to change the base?
Generate a cleaner ssh config file #980
Conversation
This way, if no lines are added, the config file doesn't end with a host block header.
Wait until we've added all the lines we're going to before we decide to remove the files. Previously, this would never happen because we unconditionally added a host block header to the lines - so in practice, this never caused any strange behaviour.
Theoretically none of the https://www.freebsd.org/cgi/man.cgi?ssh_config(5)
and the root I'm not sure if this conditional inclusion actually works. |
You're quite right, the entire file is only included for matching hosts - a quick look at the openssh source confirms that it does indeed work that way. Personally, I think it's wise to avoid assuming that root ssh config is set in a particular way - the user is asked if the config should be modified, after all. One thing I do with my ssh config files is to avoid inclusions at all. I do this because paramiko, the python ssh library, doesn't support inclusions in config files at all. Generally, when I manage config files, I use a script to join all config fragments together to form the final config file. This approach can play poorly with config fragments that have an empty host block at the end. If we do assume that the file is included conditionally, we could do away with generating host blocks altogether - just use the |
The match exec is only there if there is a cert. Sounds like you'd need the file to end in |
I guess my thinking is kinda backwards. If the file is included with openssh's If the file is concatenated the way I describe, then it sort of doesn't matter how the file ends - empty host block or not, the next file would have to start with a Host line to set the state to something known. So I guess, then, that the only thing this does is generate a more tidy file. |
The |
These changes make the config file generated a bit cleaner in some cases. It's also now possible to determine that no config need be generated at all.