https://bugzilla.mindrot.org/show_bug.cgi?id=3388
Bug ID: 3388 Summary: ssh/sshd: add mandatory Include options Product: Portable OpenSSH Version: 8.8p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-b...@mindrot.org Reporter: cales...@scientia.org Hey. It would be nice if in addition to Include (which seems to ignore any non-existant/wrongly-typed/unreadable files), one had a IncludeMandatory (or so) option, that lets ssh respectively sshd fail, if the file doesn't exist, cannot be read, has the wrong type, etc.. If a wildcard-pattern would be used in that directive, then at least one file would need to match it in order not to fail. This is e.g. similar to Apache httpd's Include and IncludeOptional options. The motivation for this would be that one can more easily make configurations, in which one has a base-config (e.g. ssh[d]_config) which is the same for all servers, and then something like: users-groups-authz.conf, which contains AllowUsers and friends. Or maybe an extra file, which just sets the authn methods allowed for that particular host (typically on the sshd side then). I that config snippet would be missing, one often wants things to rather fail, than to fall back to defaults (like AllowUsers *). Thanks, Chris. -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs