On 14.06.24 01:58, Damien Miller wrote:
No, the command would run every ssh invocation On Thu, 13 Jun 2024, SCOTT FIELDS wrote:Except you'd need to cycle SSHD to pickup any changes/updates. ____________________________________________________________________________ From: Damien Miller <djm@xxxxxxxxxxx> Sent: Wednesday, June 12, 2024 9:28 PM >> On Tue, 11 Jun 2024, SCOTT FIELDS wrote:Has there been discussion about implementing facilities with OpenSSH for having it pull "Match" rules from a central repository, namely LDAP or a RESTAPI service?You could probably hack something together using the exising ssh_config "Match exec" and "Include" directives here. E.g. Match !final exec "~/bin/download-config-ephemeral" Match any Include ~/.ssh/config-ephemeral
Y'all might want to pinpoint whether you want to do that trickery in someone's ~/.ssh/config, or /etc/ssh/sshd_config ...
(Though I have to say that in the latter case, getting sshd to re-eval the repository after startup, even if it *is* something wholly designed for on-demand eval like LDAP, might well result in "you *have* to restart it frequently for that". Which is something ops should be less than thrilled about, to put it mildly ...)
Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
