_kud's tech blog

How to include a file in your SSH config

Since the confinement (COVID-19 😷), we all had in my company to work remotely. Even if it was a real experience as human being, technically we were already prepared as we have some colleagues who work full-time remotely.

However, depending on your situation - if you're at work 🏒 or at home 🏑 - our configuration changes if you want to connect to some servers.

This is where I'll talk about the SSH config file. As you may know, you can find all your ssh config in this file ~/.ssh/config.

By default (I mean my own use), this is what I got:

1# use keychain for SSH β€” <https://ma.ttias.be/mac-osx-keeps-prompting-ssh-key-passphrase-not-use-keychain/>
2Host *
3  UseKeychain yes
4  AddKeysToAgent yes
5

6# jumper
7Host *+*
8  ProxyCommand ssh $(echo %h | sed 's/+[^+]*$//;s/\\([^+%%]*\\)%%\\([^+]*\\)$/\\2 -l \\1/;s/:/ -p /') nc -w1 $(echo %h | sed 's/^.*+//;/:/!s/$/ %p/;s/:/ /')

The first block is a way to prevent to be asked every time you want to connect to a server your passphrase, using the Keychain.

The second block is to ease the connection of a server via another server. A jumper so.

Anyway. As I said, I've got a different configuration depending on my situation, I'm inside or outside my company building.

For that, I found that since ssh 7.3p1 (type ssh -V to know yours) , it is possible to use the keyword Include which allows you to include any file.

From the doc:

Include
Include the specified configuration file(s). Multiple path‐
names may be specified and each pathname may contain glob(7)
wildcards and, for user configurations, shell-like β€˜~’ refer‐
ences to user home directories. Files without absolute paths
are assumed to be in ~/.ssh if included in a user configuration
file or /etc/ssh if included from the system configuration
file. Include directive may appear inside a Match or Host
block to perform conditional inclusion.

For security reason, I won't display what I've got in those files for sure, but this is what I've got now. I created two files in ~/.ssh/config.d/work/ called inside and outside and I (un)comment the include depending on where I am.

1# work
2# Include config.d/work/inside
3Include config.d/work/outside
4

5# use keychain for SSH β€” <https://ma.ttias.be/mac-osx-keeps-prompting-ssh-key-passphrase-not-use-keychain/>
6Host *
7  UseKeychain yes
8  AddKeysToAgent yes
9

10# jumper
11Host *+*
12  ProxyCommand ssh $(echo %h | sed 's/+[^+]*$//;s/\\([^+%%]*\\)%%\\([^+]*\\)$/\\2 -l \\1/;s/:/ -p /') nc -w1 $(echo %h | sed 's/^.*+//;/:/!s/$/ %p/;s/:/ /')

Taaaaaaadaaa πŸŽ‰.

⚠️ The Include keyword must be necessarily at the top of the file.

The next step could be to make a script which switches those lines automatically but for the moment I'm happy with it.

A little tips before leaving, you can include a whole folder by doing Include config.d/*.

Source: https://superuser.com/questions/247564/is-there-a-way-for-one-ssh-config-file-to-include-another-one