Include for sshd_config

Nico Kadel-Garcia nkadel at gmail.com
Fri Apr 21 15:49:12 AEST 2017


On Thu, Apr 20, 2017 at 11:00 AM, Scott Neugroschl <scott_n at xypro.com> wrote:
>
> On Wed, Apr 19, 2017 at 1:02 PM, navern <livingdeadzerg at yandex.ru> wrote:
>
>> Is there any available tool with this for pre-evaluating the resulting sshd_config for fatal errors? I'm not demanding: I'm thinking "that could be really, really useful".
>
> What's wrong with "sshd -t"?

Good reminder, thank you.

I'm still slightly concerned about deploying a new, broken
configuration and being unable to get in to fix it. You'd have to
*stage* the deployment, first into a test environment against which
you can run "sshd -t", and then deploy them robustly and without
dangling bits to be sure that the test environment correlated well to
the production enviornment. But that's for fascist control in
environments where you can't get hands and eyes at the keyboard on the
local system, and especially if you're getting complex with your
"include" files.


More information about the openssh-unix-dev mailing list