Bug#954965: /etc/ssh/ssh_config: ssh_config: Include custom config files at the end, so they can overwrite the default settings

[Jan <bug-reporter@tuta.io>]

Mar 25, 2020, 23:07 by cjwatson@debian.org:

> On Wed, Mar 25, 2020 at 10:33:20PM +0100, Jan wrote:
>
>> /etc/ssh/ssh_config now includes /etc/ssh/ssh_config.d/*.conf but does so
>> at the beginning. Thus custom config files cannot overwrite the default
>> options, all of which are set afterwards.
>>
> But, as ssh_config(5) says, "the first obtained value for each parameter
> is used".
>
I have to admit that I missed that. Even more embarrassing as it's also state in the beginning of  /etc/ssh/ssh_config. It does not apply in my case though, see below.


> I tested this and confirmed that it was possible to use files
> in /etc/ssh/ssh_config.d/*.conf to override default options in
> /etc/ssh/ssh_config.
>
> What tests did you perform?
>
I want to avoid sending any environment, but /etc/ssh/ssh_config has

| SendEnv LANG LC_*

So I originally put

| Host *
|     SendEnv -LANG -LC_*
into /etc/ssh/ssh_config.d/no_env.conf. It works when I included that file at the very end of /etc/ssh/ssh_config. Just setting SendEnv at the beginning (via included files) does not help because this option has append semantics and the prepended dash only remove entries that already exist.


Regards, Jan