Include for sshd_config
Damien Miller
djm at mindrot.org
Mon Apr 24 19:58:58 AEST 2017
On Fri, 7 Apr 2017, Jakub Jelen wrote:
> On 04/07/2017 11:54 AM, navern wrote:
> > Hello,
> >
> > Afaik there was added Include feature for ssh_config. I want to add this
> > option to sshd_config as well. I think about local patch(i am not sure
> > this will be required for upstream).
> >
> > Code for Include option in readconf.c doesn't look very specific. Is
> > there some reason why this wasn't introduced for sshd_config as well?
> >
> > Maybe someone already have patch for this feature? It would be great
> > because i am pretty awful C programmer.
>
> This is already implemented in the following bugzilla:
>
> https://bugzilla.mindrot.org/show_bug.cgi?id=2468
>
> The code gets little bit more complicated because of requirement to re-read
> the configuration for every incoming connection. Giving a test and comments
> would be very appreciated.
I'll update the bug, but IMO re-reading config at runtime is a significant
behaviour change and is probably unacceptable. We go through some hassle
wrt re-execution to ensure that the configuration sshd is started with is
the one that it.
To do otherwise is IMO inviting surprise and trouble for administrators.
-d
More information about the openssh-unix-dev
mailing list