[PATCH] introduce vendordir for easier config file update

Thorsten Kukuk kukuk at suse.com
Thu Feb 4 01:59:18 AEDT 2021


On Wed, Feb 03, Philipp Marek wrote:

> >> So if there is no admin provided configuration file, the vendor file 
> >> from
> >> /usr/share/ssh is used. If there is an admin provided configuration 
> >> file
> >> in /etc/ssh, this one will be used by default.
> > does nobody have an opinion about this?
> 
> Well, with your solution: if the vendor file gets some new security 
> settings,
> the admin file won't get them, and so the total security might go down.
> (Example: "Protocol 2")

If the admin creates an own copy, he has to maintain it like he has
today. If the admin makes changes today, he also don't get the new
security settings.

So in worst case, the situation is as of today, you are right. But not
in general.

  Thorsten

-- 
Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
Managing Director: Felix Imendoerffer (HRB 36809, AG Nürnberg)


More information about the openssh-unix-dev mailing list