[Bug 3388] New: ssh/sshd: add mandatory Include options
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Feb 17 11:11:08 AEDT 2022
https://bugzilla.mindrot.org/show_bug.cgi?id=3388
Bug ID: 3388
Summary: ssh/sshd: add mandatory Include options
Product: Portable OpenSSH
Version: 8.8p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at mindrot.org
Reporter: calestyo at scientia.org
Hey.
It would be nice if in addition to Include (which seems to ignore any
non-existant/wrongly-typed/unreadable files), one had a
IncludeMandatory (or so) option, that lets ssh respectively sshd fail,
if the file doesn't exist, cannot be read, has the wrong type, etc..
If a wildcard-pattern would be used in that directive, then at least
one file would need to match it in order not to fail.
This is e.g. similar to Apache httpd's Include and IncludeOptional
options.
The motivation for this would be that one can more easily make
configurations, in which one has a base-config (e.g. ssh[d]_config)
which is the same for all servers, and then something like:
users-groups-authz.conf, which contains AllowUsers and friends. Or
maybe an extra file, which just sets the authn methods allowed for that
particular host (typically on the sshd side then).
I that config snippet would be missing, one often wants things to
rather fail, than to fall back to defaults (like AllowUsers *).
Thanks,
Chris.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list