"Include" directive in ~/.ssh/config (reprise)

Richard Hartmann richih.mailinglist at gmail.com
Mon Jan 5 23:59:28 EST 2009


On Mon, Jan 5, 2009 at 11:12, Yaniv Aknin <yaniv at aknin.name> wrote:

> If I'll implement this feature, will it be integrated into the next
> release of OpenSSH? What's the process I should go through for that?

I subscribed to this list yesterday so don't take this email as anything
other than personal opinion, but I have been looking for just that
feature recently.
While I would not feel comfortable to apply third-party patches to
something as central and important as OpenSSH, I would definitely
use this feature if it made it into mainline.

Hank Leininger made one important mistake in his example, though:
OpenSSH resolves conflicts by looking at the last, not the first,
config option. I.e. his localoverrides would need to come last.


I might be a good idea to provide an authentication mechanism to
the Include directive. The possible attack scenarios against a
split-up Include files are a lot more and worse than if you had just
/etc/whereever/ and ~/.ssh/ to care about.


Richard


More information about the openssh-unix-dev mailing list