On Mon, Mar 20, 2017 at 9:39 AM, Alexis Horgix Chotard <alexis.horgix.chotard@xxxxxxxxx> wrote: > Hello, > > 2017-03-20 14:26 GMT+01:00 Nico Kadel-Garcia <nkadel@xxxxxxxxx>: >> I'm against it being on by default. Not because "include" files are >> not an interesting idea, but because it could be prone to incompatible >> abuse by other add-on packages after OpenSSH is installed, and because >> the sequential activation of included files can lead to erratic >> behavior when an individual file is added alphabetically ahead of >> another included file which is no longer being successfully parsed due >> to the first file. (Been there, done that with /etc/sudoers.d and >> /etc/profile.d.) > > That's for this reason that my original proposal was only to include a > SHOULD mention to the manpage, like "Included files should go to a > ssh_config.d directory in order to be detected as such by external > tools". "Should" is better. "Should" protected from casual user replacement, is even better, but that can be a religious issue. > Would that make more sense to you ? If not, do you have any suggestion > regarding the original problem of detecting ssh configuration files > now that any file can be included ? Not really. Pre-vetting them for parseability will slow down SSH connections, perhaps not by much, but potentially significantly for a system where disk access is having some difficulty. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev