Re: Include for sshd_config

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 04/24/2017 11:58 AM, Damien Miller wrote:
On Fri, 7 Apr 2017, Jakub Jelen wrote:

On 04/07/2017 11:54 AM, navern wrote:
Hello,

Afaik there was added Include feature for ssh_config. I want to add this
option to sshd_config as well. I think about local patch(i am not sure
this will be required for upstream).

Code for Include option in readconf.c doesn't look very specific. Is
there some reason why this wasn't introduced for sshd_config as well?

Maybe someone already have patch for this feature? It would be great
because i am pretty awful C programmer.

This is already implemented in the following bugzilla:

https://bugzilla.mindrot.org/show_bug.cgi?id=2468

The code gets little bit more complicated because of requirement to re-read
the configuration for every incoming connection. Giving a test and comments
would be very appreciated.

I'll update the bug, but IMO re-reading config at runtime is a significant
behaviour change and is probably unacceptable. We go through some hassle
wrt re-execution to ensure that the configuration sshd is started with is
the one that it.

To do otherwise is IMO inviting surprise and trouble for administrators.

That was just wrongly worded. The configuration file is not re-read from filesystem with every connection, but I meant the need to re-parse the file for every connection (which does not exists for client config).

Regards,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux