No, the command would run every ssh invocation On Thu, 13 Jun 2024, SCOTT FIELDS wrote: > Except you'd need to cycle SSHD to pickup any changes/updates. > > ____________________________________________________________________________ > From: Damien Miller <djm@xxxxxxxxxxx> > Sent: Wednesday, June 12, 2024 9:28 PM > To: SCOTT FIELDS <Scott.Fields@xxxxxxxxxxx> > Cc: openssh-unix-dev@xxxxxxxxxxx <openssh-unix-dev@xxxxxxxxxxx> > Subject: [EXTERNAL] Re: OpenSSH - Central repository for "Match" rules > On Tue, 11 Jun 2024, SCOTT FIELDS wrote: > > > I'm not seeing if this has been asked in the past. > > > > Has there been discussion about implementing facilities with OpenSSH > > for having it pull "Match" rules from a central repository, namely > > LDAP or a RESTAPI service? > > You could probably hack something together using the exising ssh_config > "Match exec" and "Include" directives here. E.g. > > Match !final exec "~/bin/download-config-ephemeral" > Match any > Include ~/.ssh/config-ephemeral > > > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
