[Bug 3388] New: ssh/sshd: add mandatory Include options

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Feb 17 11:11:08 AEDT 2022


https://bugzilla.mindrot.org/show_bug.cgi?id=3388

            Bug ID: 3388
           Summary: ssh/sshd: add mandatory Include options
           Product: Portable OpenSSH
           Version: 8.8p1
          Hardware: Other
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Miscellaneous
          Assignee: unassigned-bugs at mindrot.org
          Reporter: calestyo at scientia.org

Hey.


It would be nice if in addition to Include (which seems to ignore any
non-existant/wrongly-typed/unreadable files), one had a
IncludeMandatory (or so) option, that lets ssh respectively sshd fail,
if the file doesn't exist, cannot be read, has the wrong type, etc..

If a wildcard-pattern would be used in that directive, then at least
one file would need to match it in order not to fail.

This is e.g. similar to Apache httpd's Include and IncludeOptional
options.


The motivation for this would be that one can more easily make
configurations, in which one has a base-config (e.g. ssh[d]_config)
which is the same for all servers, and then something like:
users-groups-authz.conf, which contains AllowUsers and friends. Or
maybe an extra file, which just sets the authn methods allowed for that
particular host (typically on the sshd side then).

I that config snippet would be missing, one often wants things to
rather fail, than to fall back to defaults (like AllowUsers *).


Thanks,
Chris.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list