To make your ssh
client ignore your configuration file, use ssh -F /dev/null username@example.com
. Because your subnet's IdentityFile is in ~/.ssh/foo
rather than ~/.ssh/
, you don't need to whip up a whole new file to eschew your extant private key.
From the ssh
man page:
-F configfile
Specifies an alternative per-user configuration file. If a
configuration file is given on the command line, the system-wide
configuration file (/etc/ssh/ssh_config) will be ignored. The default
for the per-user configuration file is ~/.ssh/config.
Unfortunately, it is not possible. Some applications, where newer versions have introduced new optional syntaxes, have resorted to having "conditional compilation" comments, a notable example is MySQL.
But thankfully OpenSSH is not at that stage yet.
Possible solution: If your entire home directory is mounted in different operating systems, you can add a script to your .profile that checks the version of SSH and if it is not sufficient to load your configuration file, aliases ssh
to ssh -F /dev/null
. For example:
if [ "$(bc -l <<<"$(ssh -V 2> >(sed 's,^[^0-9]*,,;s,[^\.0-9].*,,')) < 6.5")" == 1 ]
then
alias ssh="/usr/bin/ssh -F/dev/null"
fi
Alternatively, as per @derobert comment, an alias may not be enough for some use cases, such as using rsync
or other applications that use OpenSSH as a transport and call the ssh
program directly (without letting the shell resolve the alias). If this is indeed also an issue, you might want to create a script called ssh
in your local bin directory (usually ~/bin
or ~/.local/bin
). When an application resolves the path to the ssh
binary, it should see your local bin directory early in the path and run your script, which will then perform the required logic.
Maybe something like this:
#!/bin/bash
if [ "$(bc -l <<<"$(ssh -V 2> >(sed 's,^[^0-9]*,,;s,[^\.0-9].*,,')) < 6.5")" == 1 ]
then
/usr/bin/ssh -F/dev/null "$@"
else
/usr/bin/ssh "$@"
fi
Best Answer
You can use the
Match
keyword in the ssh config file to restrict a portion of the configuration to only apply under certain conditions. For the excerpt in the question, something like the following should work:On a linux system, the
grep
will return failure (1), and so the following line(s) will be ignored; on the Mac host, the grep will return success (0) and theUseKeychain yes
line will be applied.The
Match
block is terminated by the nextMatch
,Host
, or end of file.Note that
AddKeysToAgent
is not platform-specific, but is available in OpenSSH since version 7.2, so presumably you are using an older version of OpenSSH in the Ubuntu container but not on the Mac host.