Win32-OpenSSH icon indicating copy to clipboard operation
Win32-OpenSSH copied to clipboard
verified publisher icon PowerShell

INCLUDE subconfigs doesn't work

Open MrMarvel opened this issue 3 months ago • 5 comments

Summary of the new feature / enhancement

Implementation of Include keyword

I would like to ask about this feature. I have my subconfig like C:\ProgramData\ssh\sshd_config.d\my_config.conf to override base config like on linux. But it doesn't seem to work on windows. sshd_config file:

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Include __PROGRAMDATA__/ssh/ssh_config.d/*.conf

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

C:\ProgramData\ssh\sshd_config.d\my_config.conf:

PasswordAuthentication no

I still can connect by password There is no overrided info about it in docs https://github.com/PowerShell/Win32-OpenSSH/wiki/sshd_config but base OpenBSD manual allows Include subconfigs.

Proposed technical implementation details (optional)

Implementation of Include keyword

MrMarvel avatar Sep 30 '25 02:09 MrMarvel

Does Include really substitute environment variables like PROGRAMDATA?

I don't think so.

The only Windows-specific change here seems a call to convertToForwardslash().

mgkuhn avatar Sep 30 '25 17:09 mgkuhn

Does Include really substitute environment variables like PROGRAMDATA?

I tried full absolute path without globing like Include C:/ProgramData/ssh/ssh_config.d/my_config.conf. It doesn't work either

MrMarvel avatar Sep 30 '25 21:09 MrMarvel

That string is passed on to a most curious function contrib/win32/win32compat/misc.c:is_absolute_path() to decide whether it is an absolute or relative path. (Why should that function concern itself with quotation marks?)

Try a relative path?

mgkuhn avatar Oct 01 '25 12:10 mgkuhn

I have used

Match ALL
  Include /ProgramData/ssh/my_config.conf

In the bottom of my config file to allow for a standardized sshd_config and then do extensions/add-ons in a local file

matsmcp avatar Oct 02 '25 08:10 matsmcp

Does Include really substitute environment variables like PROGRAMDATA?

I tried full absolute path without globing like Include C:/ProgramData/ssh/ssh_config.d/my_config.conf. It doesn't work either

The command SSHD -T will display the parsed sshd_config file (with any include directives). I suggest running SSHD -T -vvv to see if the debug logs indicate whether the include directive is being found as expected

Also - if the version is older than 9.8.2.0, please see https://github.com/PowerShell/Win32-OpenSSH/issues/2312

tgauth avatar Oct 06 '25 17:10 tgauth