What's wrong with my OpenSSH Include directive?

Solution 1:

Figured it out myself. The clue was in the ssh_config man page:

 Include
         Include the specified configuration file(s).  Multiple pathnames may be specified and each pathname may contain glob(3) wildcards and, for user configurations, shell-like
         ``~'' references to user home directories.  Files without absolute paths are assumed to be in ~/.ssh if included in a user configuration file or /etc/ssh if included from
         the system configuration file.  Include directive may appear inside a Match or Host block to perform conditional inclusion.

I had my Include statement trailing a Host directive so it was being included into that Host's config.

Solution 2:

You can leave the Include statement at the end of the file if you precede it with Match all. This terminates the previous Host/Match, and then conditionally always includes the file(s). So, the file would end with:

Match all
Include config.d/*

Solution 3:

actually no. It's a short-circuit bug in the SSHCONF_NEVERMATCH flag's use. I'm working on diffs to fix the mess. Includes should be able to go anywhere (and also be recursive) be it main body or inside a Host|Match block. The only tricky bit is knowing when you've unrolled the stack of read_config_file_depth() and can resume processing Host|Match again.

I'll be posting to my branch when I have something.