SSH Config – How to Ignore Errors

opensshssh

I'm running an ubuntu image in a docker container, with my .ssh directory mounted from my native MacOs environment.

My .ssh/config file contains

Host *
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_ed25519_common

This works fine on a mac, but AddKeysToAgent and UseKeychain are not valid for linux, and anything (e.g. git) that uses the openssh-client package won't just ignore the unrecognised directives, but fail and exit.

Is there any way of having a .ssh/config file that will let me share it across mac and linux?

Best Answer

You can use the Match keyword in the ssh config file to restrict a portion of the configuration to only apply under certain conditions. For the excerpt in the question, something like the following should work:

Host *
    AddKeysToAgent yes
    IdentityFile ~/.ssh/id_ed25519_common

Match exec "uname -s | grep Darwin"
    UseKeychain yes

On a linux system, the grep will return failure (1), and so the following line(s) will be ignored; on the Mac host, the grep will return success (0) and the UseKeychain yes line will be applied.

The Match block is terminated by the next Match, Host, or end of file.

Note that AddKeysToAgent is not platform-specific, but is available in OpenSSH since version 7.2, so presumably you are using an older version of OpenSSH in the Ubuntu container but not on the Mac host.

Related Solutions

SSH – How to Make SSH Ignore .ssh/config

To make your ssh client ignore your configuration file, use ssh -F /dev/null username@example.com. Because your subnet's IdentityFile is in ~/.ssh/foo rather than ~/.ssh/, you don't need to whip up a whole new file to eschew your extant private key.

From the ssh man page:

 -F configfile
     Specifies an alternative per-user configuration file.  If a
     configuration file is given on the command line, the system-wide
     configuration file (/etc/ssh/ssh_config) will be ignored. The default 
     for the per-user configuration file is ~/.ssh/config.

Ssh config file with multiple ssh versions

Unfortunately, it is not possible. Some applications, where newer versions have introduced new optional syntaxes, have resorted to having "conditional compilation" comments, a notable example is MySQL.

But thankfully OpenSSH is not at that stage yet.

Possible solution: If your entire home directory is mounted in different operating systems, you can add a script to your .profile that checks the version of SSH and if it is not sufficient to load your configuration file, aliases ssh to ssh -F /dev/null. For example:

if [ "$(bc -l <<<"$(ssh -V 2> >(sed 's,^[^0-9]*,,;s,[^\.0-9].*,,')) < 6.5")" == 1 ]
then
    alias ssh="/usr/bin/ssh -F/dev/null"
fi

Alternatively, as per @derobert comment, an alias may not be enough for some use cases, such as using rsync or other applications that use OpenSSH as a transport and call the ssh program directly (without letting the shell resolve the alias). If this is indeed also an issue, you might want to create a script called ssh in your local bin directory (usually ~/bin or ~/.local/bin). When an application resolves the path to the ssh binary, it should see your local bin directory early in the path and run your script, which will then perform the required logic.

Maybe something like this:

#!/bin/bash
if [ "$(bc -l <<<"$(ssh -V 2> >(sed 's,^[^0-9]*,,;s,[^\.0-9].*,,')) < 6.5")" == 1 ]
then
    /usr/bin/ssh -F/dev/null "$@"
else
    /usr/bin/ssh "$@"
fi

Best Answer

Related Solutions

SSH – How to Make SSH Ignore .ssh/config

Ssh config file with multiple ssh versions

Related Question