support .ssh/config Include directives

[sclem]

Describe the feature or problem you’d like to solve

This is sort of related to #326 - I use different ssh keys for organizations on github, so I have Host aliases set up in ~/.ssh/config.d/org_name files. One of these aliases may look like this:

Host github.com-org_name
    HostName github.com
    User sclem
    IdentityFile ~/.ssh/org_name_key
    IdentitiesOnly yes

git remote will look like: git@github.com-org_name:Org/Repo.git

My top level .ssh/config contains some global wildcards and Include ~/.ssh/config.d/*, which is documented in the ssh_config man page.

I perused through the codebase to find that gh cli does in fact read and parse ~/.ssh/config for these Host aliases to resolve the upstream host. This works correctly, however I couldn't find any documentation on this behavior and it doesn't support multiple files.

The error seen (after auth, if alias is not in .ssh/config directly):

none of the git remotes configured for this repository point to a known GitHub host. To tell gh about a new GitHub host, please use `gh auth login`

Proposed solution

Read all the ssh_config files the user has configured. Workaround for now is to put all hosts into my .ssh/config. This may get tricky, considering man ssh_config supports conditional includes inside a Match/Host block.

Another idea is to support host: github.com in hosts.yml and don't parse ssh config to try and resolve the remote hostname, instead have hosts.yml "keys" match the remote "domain" directly.

Additional context

Workaround for now is to put everything into .ssh/config directly

[mislav]

Thank you for reporting! TIL about the Include directive of ssh_config. We should definitely include the referenced files in our parsing.

Our current ssh config parser is here: https://github.com/cli/cli/blob/a2aa07d497de3ad53be0e3b68d1adb9923105306/git/ssh_config.go

[ls-jad-elkik]

Would it make sense to add an argument to gh auth login that allows us to specify aliases manually?

[mislav]

@ls-jad-elkik Could you elaborate about the use-case? I don't see how that could be useful over the current feature of parsing hostname aliases from ssh config files.

[ls-jad-elkik]

I just thought of an alternative along the lines of the OP's suggested alternative. I imagine it would be simpler than handling ssh_config parsing (and potentially slightly wrong or lacking implementations, and different versions of SSH clients perhaps) by giving the user more flexibility and since you kind of already do this for GitHub Enterprise authentication.

For example, you can override the ssh_config file being read by setting GIT_SSH_COMMAND to some ssh -F /custom/ssh/config in a .env file or using the gitconfig stuff - especially since there isn't "one true way" to allow multiple SSH keys to be used against the same host in Git.