Josh Sherman

Include files in your ~/.ssh/config

by

Josh Sherman
in

Recently as I was setting up my new rig (System 76 Galago Pro, review to come, I
promise) I came to realize that my SSH config, ~/.ssh/config had turned into
absolute bloatware.

There’s stuff in there from previous jobs and projects, stuff for servers that
don’t exist anymore and worthless attempts to “organize” by adding comment
headers.

It was a mess and I had to find a better way.

Fortunately a quick man ssh_config later and I had found a solution!

By the way, it’s worth noting that these days I have been doing my damnedest to
leverage my local knowledge base (a/k/a man pages) before attempting to Google
(ahem, DuckDuckGo) an answer.

So as it turns out, similar to your .gitconfig, your
~/.ssh/config can also support an “include” directive.

Said include directive can support file globs but I personally prefer to include
files individually. This allows me to disable files down the road by commenting
them out but also allows me to keep the files around for posterity.

Turns out I don’t version any of SSH files as it just seems like a security
problem considering there are private keys in there but also certain
configuration settings that I’d prefer that nobody openly knows about.

Okay, so this include directive doesn’t have much to it, simply use Include
followed by a filename (relative to ~/.ssh) and you’re off to the races!

If you wanted to include all of the files in ~/.ssh/config.d you would add
Include config.d/* to your configuration.

If you’re like me and want to group project stuff into individual files, you can
include them individually with the path and filename: Include
config.d/awesome-project

Not much to it but I couldn’t be happier as I now have a handful of smaller
configuration files instead of one gigantic monolithic config!

Please keep in mind that the include directive is only available in OpenSSH
version 7.3p1 and above.

Fortunately though, at least for the distros I personally run (Debian stable and
Arch), OpenSSH is at 7.4p1 and 7.8p1 respectively.

With that, I did run into some issues with zsh on Debian that prohibits tab
completion for hostnames that are contained in included files. Everything has
been fine on Arch so I suspect it’s just an issue that needs to be waited out or
I need to figure out how to installed a more modern zsh autocomplete
implementation.

Josh Sherman - The Man, The Myth, The Avatar

About Josh

Husband. Father. Pug dad. Musician. Founder of Holiday API, Head of Engineering and Emoji Specialist at Mailshake, and author of the best damn Lorem Ipsum Library for PHP.

If you found this article helpful, please consider buying me a coffee.