Include for sshd_config

navern livingdeadzerg at yandex.ru
Fri Apr 21 20:47:02 AEST 2017


On 21.04.2017 08:49, Nico Kadel-Garcia wrote:
> On Thu, Apr 20, 2017 at 11:00 AM, Scott Neugroschl <scott_n at xypro.com> wrote:
>> On Wed, Apr 19, 2017 at 1:02 PM, navern <livingdeadzerg at yandex.ru> wrote:
>>
>>> Is there any available tool with this for pre-evaluating the resulting sshd_config for fatal errors? I'm not demanding: I'm thinking "that could be really, really useful".
>> What's wrong with "sshd -t"?
> Good reminder, thank you.
>
> I'm still slightly concerned about deploying a new, broken
> configuration and being unable to get in to fix it. You'd have to
> *stage* the deployment, first into a test environment against which
> you can run "sshd -t", and then deploy them robustly and without
> dangling bits to be sure that the test environment correlated well to
> the production enviornment. But that's for fascist control in
> environments where you can't get hands and eyes at the keyboard on the
> local system, and especially if you're getting complex with your
> "include" files.
>
Hello,

Actually i can't see difference between "no include and typo brokes 
whole sshd server" and "include files and typo in include brokes whole 
sshd server". Other questions related more to configuration/system 
management.

With this include feature i manage as following:
1) main /etc/ssh/sshd_config is managed by ansible automatic configuration
2) include file is managed by python script on specific server(fills 
dynamic information)


More information about the openssh-unix-dev mailing list