[PATCH] introduce vendordir for easier config file update
Philipp Marek
philipp at marek.priv.at
Thu Feb 4 01:54:30 AEDT 2021
>> So if there is no admin provided configuration file, the vendor file
>> from
>> /usr/share/ssh is used. If there is an admin provided configuration
>> file
>> in /etc/ssh, this one will be used by default.
> does nobody have an opinion about this?
Well, with your solution: if the vendor file gets some new security
settings,
the admin file won't get them, and so the total security might go down.
(Example: "Protocol 2")
I'm left with the conclusion that a REAL solution to all the problems
here
means to have a turing-complete config language - or to have very few
shared settings and to split on the remote host or local user with
an "Include" statement using %u, %i, and similar.
More information about the openssh-unix-dev
mailing list