test for operating system in .ssh/config

Question

I have a remote server where authentifaction takes long time. Therefore I want to keep the connection open with ControlMaster. However, ControlMaster does not work on Windows. I want to use the same .ssh/config for Windows and Linux, I regularly copy them around.

Therefore I want to activate it only when I am on Linux. I can do this with sshs Match config:

Host jumphost-opn1
  HostName 10.129.120.68
  User kuga2
  Match exec "test `uname -o` = GNU/Linux"
    ControlMaster auto
    ControlPath ~/.ssh/.sockets_%r@%h-%p
    ControlPersist 600

This works as expected both on Linux (with ControlMaster active) and on Windows (with ControlMaster inactive). However on Windows it prints:

C:\WINDOWS\system32>ssh jumphost-opn2 uname
Der Befehl "test" ist entweder falsch geschrieben oder
konnte nicht gefunden werden.
Der Befehl "test" ist entweder falsch geschrieben oder
konnte nicht gefunden werden.
Linux

(Command "test" is wrong or not found)

What can I do to omit these messages? Is there an os-independent way to check the operating system? Are there other ssh-config options?

Answer 1

Solution (what I have been using)

WARNING: See the notes below, including requirements

# Matches Windows
Match exec "dir c: 1>/dev/null 2>&1"
  IdentityFile c:/Users/YOURUSERNAMEDIR/.ssh/id_rsa
# Matches linux and other similar unix-like systems
Match exec "dir /etc 1>/dev/null 2>&1"  
  ControlMaster auto
  ControlPath ~/.ssh/.sockets_%r@%h-%p
  ControlPersist 600

Host jumphost-opn1
  HostName 10.129.120.68
  User kuga2

A few notes:

• REQUIREMENT: to get the above "Match Exec" for Windows to work, you will have to create the folder "C:\dev", because "/dev/null" does not exist on Windows by default. The "null" file will be rewritten with the output of "dir c:" every time you use ssh on windows. I usually set this folder to "Hidden" in the properties via File Explorer so that it does not show up.
• this design is based on the limitations of "Match exec":
  • all "Match exec" commands will always execute regardless of Operating System platform and will use any indented configuration if it returns 0. So it only allows for two "execution paths" (return value 0 and return value non-0)
  • "Match exec" uses the cmd shell as the default shell on Windows 10. I am not sure if there is a way to change this as we could do something like "> $null" in both Linux (bash via env) and windows (powershell by default)
    • there is no common way to redirect to "/dev/null" or "/tmp" between cmd and bash
  • considering the previous two facts, we want to run two "Match exec" checks. In this case:
    • the former "Match exec" will return 0 on Windows and 1 on Linux
    • the latter "Match exec" will return 0 on Linux and 1 on Windows
• the "Match" directives can be in any order

---

Alternative Solutions

There are other possible solutions, if you sacrifice clarity for "smartness". These solutions provide superior performance, and have no filesystem byproducts. Theoretically, this would allows you to support more Operating Systems (by supporting more shells), but it is unlikely due to the lack of common syntax and unpredictable return codes between these shells.

For example, you can order your statements in such a way that a "default" condition exists and by leveraging a "bashism":

IdentityFile c:/Users/YOURUSERNAMEDIR/.ssh/id_rsa

Match exec "exit ${ONWINDOWS:=1}"
  IdentityFile /mnt/c/Users/YOURUSERNAMEDIR/.ssh/id_rsa

I have used something like this in a past, but I have traded it for the solution which is more clear to me while reading.

I had the following link as source in a comment in my config file: https://creechy.wordpress.com/2021/02/03/quest-for-a-multi-platform-ssh-config/

---

What can I do to omit these messages?

I do not have an answer for this. I have wanted this particular feature for a while.