Change ssh ControlPath with host-specific declaration
I have a situation where I need to access the same SSH host (GitHub) with two different SSH keys. This is no problem and I can set it up easily by aliasing the hostname. The problem comes when this configuration is combined with my SSH multiplexing configuration. I cannot seem to override my default ControlPath with a host-specific declaration.
Maybe this is just the way it works? Maybe it is a bug? Am I doing something wrong?
I'm on Mac 10.7 by the way.
Here is my config:
Host *
ControlMaster auto
ControlPath ~/.ssh/connections/ssh-%r@%h:%p
Host github.com-X
TCPKeepAlive yes
ServerAliveInterval 60
ControlPersist 1h
Hostname github.com
User git
IdentityFile ~/.ssh/id_rsa_X
IdentitiesOnly yes
ControlPath ~/.ssh/connections/ssh-%r@%h-X:%p
Host github.com
TCPKeepAlive yes
ServerAliveInterval 60
ControlPersist 1h
I have tinkered around a little bit, but it seems that I always get the ControlPath as specified in the Host * declaration.
ssh -T [email protected]
Logs me in as the correct user using id_rsa_X, but it creates the domain socket here:
~/.ssh/connections/[email protected]:22
Rather than:
~/.ssh/connections/[email protected]:22
So later when I try to issue an SSH command using id_rsa, I get the id_rsa_X user because of connection multiplexing. In other words:
ssh -T [email protected]
Gives me a hello message for the user whose key is id_rsa_X.
Any ideas?
EDIT: Response to comment by vgoff--No, it appears to be reading all my config...
$ ssh -vT [email protected]
OpenSSH_5.6p1, OpenSSL 0.9.8y 5 Feb 2013
debug1: Reading configuration data /Users/<username>/.ssh/config
debug1: Applying options for *
debug1: Applying options for github.com-X
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: auto-mux: Trying existing master
debug1: Control socket "/Users/<username>/.ssh/connections/[email protected]:22" does not exist
<snip>
You can see that it read all the settings and tries to use the wrong ControlPath.
Solution 1:
You need to move the less specific options further down in ~/.ssh/config
. The Host *
options are applied first and they are not overwritten by later, clashing, options, even if they are more specific. New options that were not specified in Host *
will however be applied and I think that is what you saw in your log.
Source: http://linux.die.net/man/5/ssh_config
ssh(1) obtains configuration data from the following sources in the following order:
- command-line options
- user's configuration file (~/.ssh/config)
- system-wide configuration file (/etc/ssh/ssh_config)
For each parameter, the first obtained value will be used. The configuration files contain sections separated by ''Host'' specifications, and that section is only applied for hosts that match one of the patterns given in the specification. The matched host name is the one given on the command line.
Since the first obtained value for each parameter is used, more host-specific declarations should be given near the beginning of the file, and general defaults at the end.