On Thu, Jun 08, 2023 at 10:57:37PM +0200, Ludovic Courtès wrote: > Hello! > > Efraim Flashner skribis: > > >>From man 5 ssh_config: > > Unless noted otherwise, for each parameter, the first obtained value > > will be used. > > > > We want to allow falling through to the first actual user defined value. > > What do you mean by “first actual user-defined value”? This service is > what generates all the “user-defined values”, no? Right now my ~/.ssh/config has Host do1-tor Hostname IdentityFile ~/.ssh/id_ed25519 Host *.onion *-tor #ProxyCommand /gnu/store/dgvybjrj154f4cyfbkrbqyirv5gd8ic2-netcat-openbsd-1.218-2/bin/nc -X 5 -x localhost:9050 %h %p ProxyCommand /home/efraim/bin/openbsd-netcat -X 5 -x localhost:9050 %h %p ControlPath ${XDG_RUNTIME_DIR}/%r@%k-%p Compression yes The way the ssh config is read is that `ssh do1-tor` first matches do1-tor and then also matches *-tor, so I can factor our ProxyCommand, ControlPath and Compression for use with the other *-tor Hosts I have listed. This configuration could be (openssh-host (name "do1-tor") (host-name ) (identity-file "~/.ssh/id_ed25519")) (openssh-host (name "*-onion *-tor) (compression? #t) (proxy (proxy-command ...)) (extra-content " ControlPath ...\n")) If this is all I enter, then my .ssh/config is generated like this: Host do1-tor Hostname IdentityFile ~/.ssh/id_ed25519 ForwardX11 no ForwardX11Trusted no ForwardAgent no Compression no Host *.onion *-tor ForwardX11 no ForwardX11Trusted no ForwardAgent no Compression yes ProxyCommand /home/efraim/bin/openbsd-netcat -X 5 -x localhost:9050 %h %p ControlPath ${XDG_RUNTIME_DIR}/%r@%k-%p Compression might default to no, but in my hand crafted .ssh/config I've set it to yes for *-tor Hosts. Forward* might all default to no, and it's not set anywhere, but being explicit about the default here could cause problems if I want X11 forwarding across an entire range of hosts, not just individual ones. > Overall my take is that default values should be specified in our code > (as default values of configuration record fields) rather than left > unspecified. I think this is clearer and more predictable than relying > on upstream’s default values. In general this is a good plan, but here it actually interferes with the expected configuration output. 'Fall through' is the default, not the actual default for each of the individual configuration options. They only get set if that field isn't set by any of the possibly multiple configuration matches set it first. -- Efraim Flashner רנשלפ םירפא GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted