On Thu, 4 Feb 2021 at 04:12, Jakub Jelen <jjelen@xxxxxxxxxx> wrote:
[...]
> Even though your change looks like fitting better Linux FHS, it
> introduces a new complexity and quite huge change after 20+ years of
> history where the ssh configuration works as it works.
I agree it makes reasoning about how the config file parsing works,
and it's already not easy.
> The discussion about SendEnv is was here recently in the following bug:
Going back to SendEnv specifically, another way to resolve the example
cited here would be to add another token similar to "none" that
prevents any additional items being added to the list (for want of a
better term, let's call it "no-more" for now). That would allow you
to do what you want within the existing Include directive, ie
/etc/ssh/sshd_config:
Include /etc/ssh/sshd_config.d/*
SendEnv foo
/etc/ssh/sshd_config.d/user_config:
SendEnv none
SendEnv no-more
("final" would be nice given we already use it in ssh_config, but we
probably would want the token to not be a possibly valid environment
variable name, or at least one unlikely to be settable from a shell.
Maybe "$final"? Better suggestions welcome.)
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
