Re: [PATCH 0/3] Add support for per-remote and per-namespace SSH options

["brian m. carlson" <sandals@crustytoothpaste.net>]

[-- Attachment #1: Type: text/plain, Size: 2199 bytes --]

On 2026-03-27 at 16:49:35, Wesley wrote:
> On 3/27/26 12:10, Junio C Hamano wrote:
> 
> > I somehow thought that this practice is so widespread that it was
> > one of the few first things any new people learn to do, but perhaps
> > we do not have a good documentation coverage?
> 
> As said before it is weird thing to configure a global ssh configuration
> just for git transport. It doesn't make much sense.
> 
> The problem with ssh_config usage is that you need to change your ssh
> config, which is machine global, not just git. And not portable across teams
> with configurations committed to git. Myrepos is a good example of this. My
> former employer had this and I know the Perl metacpan project also uses
> mysrepos. Changing every URL dynamically in committed configs isn't really a
> nice ask.

You can also use the conditional inclusion functionality to rewrite URLs
for repositories in a certain directory with `url.<URL>.insteadOf`.  Or
you can use conditional inclusion to use `core.sshCommand` with the `-i`
option set appropriately.

> The alternative is using core.sshCommand to inject the correct keys, but you
> must apply logic there when you have multiple accounts or forges. Which is
> what I initially did with a zsh-scripts.
> Which is why I ported that logic to git itself, I thought it would be
> beneficial to have an easy way to maintain sshIdentityFile settings.
> 
> In addition, for core.sshCommand to work you must use the full openssh
> command rather than just adding some options to it. Which is an added
> benefit of the proposed changes.

Right, but the additional burden is typing "ssh -i" for that option.
That's not very substantial.  And the existing option is much more
flexible as well, since it allows you to use other options, such as `-o
ControlMaster`, which is useful when you're using a security key and
don't want to re-authenticate all the time.  It also allows you to use
arbitrary shell scripting, too, which means that you can customize
the configuration depending on what keys are available or what machine
you're on (or really anything else).
-- 
brian m. carlson (they/them)
Toronto, Ontario, CA

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 325 bytes --]