[Bug 2468] New: Option to include external files to sshd_config

[bugzilla-daemon at bugzilla.mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=2468

            Bug ID: 2468
           Summary: Option to include external files to sshd_config
           Product: Portable OpenSSH
           Version: 7.1p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com
        Depends on: 2463

Created attachment 2706
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2706&action=edit
proposed patch

This topic was discussed in few bugs (namely 1613, 2146, 1585) for
client side and the last one also contains patch that can be applied to
the current openssh. Having the same feature for server side makes the
same sense for me so I created patch also for server side.

To understand the main reason behind this feature, it is our
"system-wide crypto policy", which should allow us to enforce specific
security policies in uniform way over the most crypto tools in whole
system.

This feature will also allow us to have default drop-in directory,
which will also improve the packaging possibilities for third party
tools and will make possible to update main config without conflict
with changes made by users.

All tests still passing. If you would like from me to implement also
test cases to cover this feature, let me know. I see there are tests
for most of the recent features.

Please note, that the prerequisite for this feature is solving the bug
#2463 (openbsd compat glob), which makes sshd segfault with this patch
in kerberos library.


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2463
[Bug 2463] Conflict with openbsd compat glob() function in shared
libraries
-- 
You are receiving this mail because:
You are watching the assignee of the bug.