On Mon, Jul 27, 2015 at 4:54 PM, Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote: > On Mon, Jul 27, 2015 at 03:49:55PM -0600, Chris Murphy wrote: >> > I like this too, but editing sshd_config is more than a bit scary. >> Not the user, the GUI asks a service to do the editing COW style - >> write out a .new and once that succeeds, then rename current to old >> and new to current. > > Yes, I assumed that. What if there is an existing configuration? It would always use /etc/ssh/sshd_config whether it's the default installed, or a user modified one. The GUI Remote Login toggle would toggle both sshd.service stop/start/enable/disable states, and AllowUsers list. So something has to be able to parse this file. Maybe PAM can be leveraged for this, since sshd_config defers to PAM already for authentication. So sshd could just ask PAM rather than modifying sshd_config directly. -- Chris Murphy -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
