OpenSSH - Central repository for "Match" rules

[Damien Miller]

On Tue, 11 Jun 2024, SCOTT FIELDS wrote:

> I'm not seeing if this has been asked in the past.
>
> Has there been discussion about implementing facilities with OpenSSH
> for having it pull "Match" rules from a central repository, namely
> LDAP or a RESTAPI service?

You could probably hack something together using the exising ssh_config
"Match exec" and "Include" directives here. E.g.

Match !final exec "~/bin/download-config-ephemeral"
Match any
	Include ~/.ssh/config-ephemeral