Cam*_*rzt 20 ssh openssh macos
最近 macOS Sierra 上的 OpenSSH 升级到 7.3p1 ,这意味着Includeconfig 指令可用,欢呼吧!
但是我在实际使用它时遇到了问题。
我有以下几点~/.ssh/config:
Host github.com
Hostname github.com
User git
IdentityFile ~/.ssh/keys/github_rsa
Host den
HostName narzt-desktop.local
User camden
GSSAPIAuthentication no
AddressFamily inet
Host walle
User CamdenNarzt
HostName WALLE.local
AddressFamily inet
GSSAPIAuthentication no
Include ~/.ssh/config.d/*
我在这里看到,如果我-v在 ssh 命令中添加了一堆标志,可能会有一些有用的调试输出,但是当我在其中一个包含的文件中测试主机的配置时,我得到了这个:
$ \ssh -vvvvG git-codecommit.us-east-1.amazonaws.com
OpenSSH_7.3p1, LibreSSL 2.4.1
debug1: Reading configuration data /Users/camdennarzt/.ssh/config
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/family.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/family.conf
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/icloud.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/icloud.conf
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/metabolistics.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/metabolistics.conf
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/scanimetrics.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/scanimetrics.conf
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
user camdennarzt
hostname git-codecommit.us-east-1.amazonaws.com
port 22
addressfamily any
batchmode no
canonicalizefallbacklocal yes
canonicalizehostname false
challengeresponseauthentication yes
checkhostip yes
compression no
controlmaster false
enablesshkeysign no
clearallforwardings no
exitonforwardfailure no
fingerprinthash SHA256
forwardagent no
forwardx11 no
forwardx11trusted no
gatewayports no
gssapiauthentication no
gssapidelegatecredentials no
hashknownhosts no
hostbasedauthentication no
identitiesonly no
kbdinteractiveauthentication yes
nohostauthenticationforlocalhost no
passwordauthentication yes
permitlocalcommand no
protocol 2
proxyusefdpass no
pubkeyauthentication yes
requesttty auto
rhostsrsaauthentication no
rsaauthentication yes
streamlocalbindunlink no
stricthostkeychecking ask
tcpkeepalive yes
tunnel false
useprivilegedport no
verifyhostkeydns false
visualhostkey no
updatehostkeys false
canonicalizemaxdots 1
compressionlevel 6
connectionattempts 1
forwardx11timeout 1200
numberofpasswordprompts 3
serveralivecountmax 3
serveraliveinterval 0
ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
hostkeyalgorithms ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
hostbasedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
kexalgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
loglevel DEBUG3
macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
pubkeyacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
xauthlocation /opt/X11/bin/xauth
identityfile ~/.ssh/id_rsa
identityfile ~/.ssh/id_dsa
identityfile ~/.ssh/id_ecdsa
identityfile ~/.ssh/id_ed25519
canonicaldomains
globalknownhostsfile /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2
userknownhostsfile ~/.ssh/known_hosts ~/.ssh/known_hosts2
sendenv LANG
sendenv LC_*
connecttimeout none
tunneldevice any:any
controlpersist no
escapechar ~
ipqos lowdelay throughput
rekeylimit 0 0
streamlocalbindmask 0177
(忽略第一位的行号,我删除了一些注释以节省问题的空间)用户应该是~/.ssh/config.d/metabolistics.conf文件中指定的用户,身份文件也应该是包含的配置文件中指定的用户。我无法发布~/.ssh/config.d/metabolistics.conf文件的内容,但它的格式与主~/.ssh/config文件完全相同,但没有进一步包含。
我检查了权限,它们对我来说很好:
$ ls -lhRa ~/.ssh/config*
-rw------- 1 camdennarzt staff 541B 1 Jan 14:22 /Users/camdennarzt/.ssh/config
/Users/camdennarzt/.ssh/config.d:
total 32
drwxr-xr-x 6 camdennarzt staff 204B 1 Jan 14:37 .
drwx------ 9 camdennarzt staff 306B 1 Jan 14:22 ..
-rw------- 1 camdennarzt staff 260B 1 Jan 14:16 family.conf
-rw------- 1 camdennarzt staff 303B 1 Jan 14:17 icloud.conf
-rw------- 1 camdennarzt staff 524B 1 Jan 14:15 metabolistics.conf
-rw------- 1 camdennarzt staff 1.6K 1 Jan 14:15 scanimetrics.conf
Cam*_*rzt 34
我自己想出来的。线索在ssh_config手册页中:
Include
Include the specified configuration file(s). Multiple pathnames may be specified and each pathname may contain glob(3) wildcards and, for user configurations, shell-like
``~'' references to user home directories. Files without absolute paths are assumed to be in ~/.ssh if included in a user configuration file or /etc/ssh if included from
the system configuration file. Include directive may appear inside a Match or Host block to perform conditional inclusion.
我的Include语句后面有一个Host指令,因此它被包含在该主机的配置中。
Include如果在文件前面加上 ,则可以将语句留在文件末尾Match all。这将终止之前的主机/匹配,然后有条件地始终包含文件。因此,该文件将以:
Match all
Include config.d/*
| 归档时间: |
|
| 查看次数: |
4460 次 |
| 最近记录: |