OpenSSH - Central repository for "Match" rules
Damien Miller
djm at mindrot.org
Fri Jun 14 09:58:27 AEST 2024
No, the command would run every ssh invocation
On Thu, 13 Jun 2024, SCOTT FIELDS wrote:
> Except you'd need to cycle SSHD to pickup any changes/updates.
>
> ____________________________________________________________________________
> From: Damien Miller <djm at mindrot.org>
> Sent: Wednesday, June 12, 2024 9:28 PM
> To: SCOTT FIELDS <Scott.Fields at kyndryl.com>
> Cc: openssh-unix-dev at mindrot.org <openssh-unix-dev at mindrot.org>
> Subject: [EXTERNAL] Re: OpenSSH - Central repository for "Match" rules
> On Tue, 11 Jun 2024, SCOTT FIELDS wrote:
>
> > I'm not seeing if this has been asked in the past.
> >
> > Has there been discussion about implementing facilities with OpenSSH
> > for having it pull "Match" rules from a central repository, namely
> > LDAP or a RESTAPI service?
>
> You could probably hack something together using the exising ssh_config
> "Match exec" and "Include" directives here. E.g.
>
> Match !final exec "~/bin/download-config-ephemeral"
> Match any
> Include ~/.ssh/config-ephemeral
>
>
>
More information about the openssh-unix-dev
mailing list