Include for sshd_config
Jakub Jelen
jjelen at redhat.com
Mon Apr 24 20:07:46 AEST 2017
On 04/24/2017 11:58 AM, Damien Miller wrote:
> On Fri, 7 Apr 2017, Jakub Jelen wrote:
>
>> On 04/07/2017 11:54 AM, navern wrote:
>>> Hello,
>>>
>>> Afaik there was added Include feature for ssh_config. I want to add this
>>> option to sshd_config as well. I think about local patch(i am not sure
>>> this will be required for upstream).
>>>
>>> Code for Include option in readconf.c doesn't look very specific. Is
>>> there some reason why this wasn't introduced for sshd_config as well?
>>>
>>> Maybe someone already have patch for this feature? It would be great
>>> because i am pretty awful C programmer.
>>
>> This is already implemented in the following bugzilla:
>>
>> https://bugzilla.mindrot.org/show_bug.cgi?id=2468
>>
>> The code gets little bit more complicated because of requirement to re-read
>> the configuration for every incoming connection. Giving a test and comments
>> would be very appreciated.
>
> I'll update the bug, but IMO re-reading config at runtime is a significant
> behaviour change and is probably unacceptable. We go through some hassle
> wrt re-execution to ensure that the configuration sshd is started with is
> the one that it.
>
> To do otherwise is IMO inviting surprise and trouble for administrators.
That was just wrongly worded. The configuration file is not re-read from
filesystem with every connection, but I meant the need to re-parse the
file for every connection (which does not exists for client config).
Regards,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat
More information about the openssh-unix-dev
mailing list