[Bug 1613] New: Add the ability to store configuration in various configuration files like in a conf-sub-dir
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Jun 24 23:25:38 EST 2009
https://bugzilla.mindrot.org/show_bug.cgi?id=1613
Summary: Add the ability to store configuration in various
configuration files like in a conf-sub-dir
Product: Portable OpenSSH
Version: 5.2p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: roland.wolters at credativ.de
Currently configuration for the ssh client program is stored in
/etc/ssh/ssh_config or in ~/.ssh/config.
The latter one however can grow rather large if you have a lot of
servers to manage. For the sake of manageability and clarity it makes
sense to store configurations for example for different clusters in
different config files. This is in a way comparable with most system
services which have their own /etc/$SERVICENAME/conf.d/ directories
where you can drop various configuration files.
The ssh-client configuration is not capable of such a behaviour. You
can store the config in the single configuration file only. There is no
way of including further files or a directory with more configuration
files.
A workaround is to create files like
~/.ssh/config.d/cluster1.conf
~/.ssh/config.d/cluster2.conf
~/.ssh/config.d/cluster3.conf
and merge them at every change via
cat ~/.ssh/config.d/*.conf > ~/.ssh/config
This is however sub-optimal since you might forget changes you made in
config, or might forget to merge at all.
The best would be to add an "include" function to ssh to auto-search
for configuration in the file ~/.ssh/config as well as for files of the
type ~/.ssh/config.d/*.conf. That would make the management of
configurations much easier.
Security:
Adding additional config files means adding further points where the
client can be mis-configured.
However, if the merge is implemented correctly there should be no
difference for ssh-client between several conf files or one single
file. Also, several distributed files can be managed and reviewed much
easier, so the security might even be improved.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list