OpenSSH - Central repository for "Match" rules
SCOTT FIELDS
Scott.Fields at kyndryl.com
Thu Jun 13 20:27:34 AEST 2024
Except you'd need to cycle SSHD to pickup any changes/updates.
________________________________
From: Damien Miller <djm at mindrot.org>
Sent: Wednesday, June 12, 2024 9:28 PM
To: SCOTT FIELDS <Scott.Fields at kyndryl.com>
Cc: openssh-unix-dev at mindrot.org <openssh-unix-dev at mindrot.org>
Subject: [EXTERNAL] Re: OpenSSH - Central repository for "Match" rules
On Tue, 11 Jun 2024, SCOTT FIELDS wrote:
> I'm not seeing if this has been asked in the past.
>
> Has there been discussion about implementing facilities with OpenSSH
> for having it pull "Match" rules from a central repository, namely
> LDAP or a RESTAPI service?
You could probably hack something together using the exising ssh_config
"Match exec" and "Include" directives here. E.g.
Match !final exec "~/bin/download-config-ephemeral"
Match any
Include ~/.ssh/config-ephemeral
More information about the openssh-unix-dev
mailing list