[Doc] Extension of Included configuration files

Nico Kadel-Garcia nkadel at gmail.com
Tue Mar 21 15:08:09 AEDT 2017


On Mon, Mar 20, 2017 at 9:39 AM, Alexis Horgix Chotard
<alexis.horgix.chotard at gmail.com> wrote:
> Hello,
>
> 2017-03-20 14:26 GMT+01:00 Nico Kadel-Garcia <nkadel at gmail.com>:
>> I'm against it being on by default. Not because "include" files are
>> not an interesting idea, but because it could be prone to incompatible
>> abuse by other add-on packages after OpenSSH is installed, and because
>> the sequential activation of included files can lead to erratic
>> behavior when an individual file is added alphabetically ahead of
>> another included file which is no longer being successfully parsed due
>> to the first file. (Been there, done that with /etc/sudoers.d and
>> /etc/profile.d.)
>
> That's for this reason that my original proposal was only to include a
> SHOULD mention to the manpage, like "Included files should go to a
> ssh_config.d directory in order to be detected as such by external
> tools".

"Should" is better. "Should" protected from casual user replacement,
is even better, but that can be a religious issue.

> Would that make more sense to you ? If not, do you have any suggestion
> regarding the original problem of detecting ssh configuration files
> now that any file can be included ?

Not really. Pre-vetting them for parseability will slow down SSH
connections, perhaps not by much, but potentially significantly for a
system where disk access is having some difficulty.


More information about the openssh-unix-dev mailing list