[Doc] Extension of Included configuration files
Nico Kadel-Garcia
nkadel at gmail.com
Tue Mar 21 00:26:09 AEDT 2017
On Mon, Mar 20, 2017 at 9:03 AM, Alexis Horgix Chotard
<alexis.horgix.chotard at gmail.com> wrote:
> Hello,
>
> 2017-02-15 9:50 GMT+01:00 Jakub Jelen <jjelen at redhat.com>:
>> This is very strict condition. For the tools, I would rather have a look at
>> the full path (if it is possible), because in most of the cases, the files
>> should come under /etc/ssh/ssh_config.d/*
>
> Well, if it's not strict enough it will make it hard to differenciate
> different kind of ssh configurations.
> And this would only covers configuration in /etc, not the ones in
> ~/.ssh, so it would be necessary to add ~/.ssh/ssh_config.d/ to the
> list.
>
>> Having this path automatically included by default in shipped configuration
>> files from OpenSSH upstream would be nice.
>
> That's actually a good idea imho. Does anyone have something for/against that ?
> It would simplify configurations inclusion, and it will set a base
> "standard" so ~/.ssh/ssh_config.d would make sense too and could be
> indicated in the man page.
>
> I'm willing to write the patch for it if it were to be accepted, and
> then submit it, but I'm not sure where I could submit this since there
> was so little answer to my current proposal.
>
> Regards,
I'm against it being on by default. Not because "include" files are
not an interesting idea, but because it could be prone to incompatible
abuse by other add-on packages after OpenSSH is installed, and because
the sequential activation of included files can lead to erratic
behavior when an individual file is added alphabetically ahead of
another included file which is no longer being successfully parsed due
to the first file. (Been there, done that with /etc/sudoers.d and
/etc/profile.d.)
More information about the openssh-unix-dev
mailing list