Bug#631189: openssh-server: sshd_config should support "include" directive
On Tue, 21 Jun 2011 13:55:06 +0400 Алексей Малов wrote: > I think, openssh-server should support "include" directive. I have a > lot of sshd_config files that are mostly the same, except for some > small differences. For example, ListenAddress could be different > because a host has a bunch of virtual interfaces that ssh should not > listen on. Also, it is very useful, when configure with systems like > puppet. This has now been merged upstream for OpenSSH 8.2: https://bugzilla.mindrot.org/show_bug.cgi?id=2468#c24 It looks like the upstream patch does not have Include in the default sshd_config, so it would be nice for Debian to have one like this, so that sysadmins don't have to modify the default sshd_config. Include /etc/ssh/sshd_config.d/* -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Bug#631189: openssh-server: sshd_config should support "include" directive
Control: merge 631189 778675 On Mon, May 30, 2016 at 05:20:40AM +, Simon Law wrote: > From: https://bugzilla.mindrot.org/show_bug.cgi?id=1585#c24 > > Damien Miller 2016-04-15 13:01:08 EST > > Slightly modified patch applied, this will be in openssh-7.3 > > commit dc7990be865450574c7940c9880567f5d2555b37 > Author: d...@openbsd.org> Date: Fri Apr 15 00:30:19 2016 + > > upstream commit > > Include directive for ssh_config(5); feedback & ok markus@ Note that this is only for the client side, not the server side, so that was more relevant to #536031. It unfortunately hasn't been implemented on the server side yet, even upstream. Merging with #778675, since that has a forwarded-to URL. Thanks, -- Colin Watson [cjwat...@debian.org]
Bug#631189: openssh-server: sshd_config should support "include" directive
From: https://bugzilla.mindrot.org/show_bug.cgi?id=1585#c24 Damien Miller 2016-04-15 13:01:08 EST Slightly modified patch applied, this will be in openssh-7.3 commit dc7990be865450574c7940c9880567f5d2555b37 Author: d...@openbsd.orgDate: Fri Apr 15 00:30:19 2016 + upstream commit Include directive for ssh_config(5); feedback & ok markus@ Upstream-ID: ae3b76e2e343322b9f74acde6f1e1c5f027d5fff commit 35f22dad263cce5c61d933ae439998cb965b8748 Author: d...@openbsd.org Date: Fri Apr 15 00:31:10 2016 + upstream commit regression test for ssh_config Include directive Upstream-Regress-ID: 46a38c8101f635461c506d1aac2d96af80f97f1e
Bug#631189: openssh-server: sshd_config should support include directive
Package: openssh-server Version: 1:5.5p1-6 Severity: wishlist *** Please type your report below this line *** I think, openssh-server should support include directive. I have a lot of sshd_config files that are mostly the same, except for some small differences. For example, ListenAddress could be different because a host has a bunch of virtual interfaces that ssh should not listen on. Also, it is very useful, when configure with systems like puppet. -- System Information: Debian Release: 6.0.1 APT prefers stable APT policy: (900, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core) Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssh-server depends on: ii adduser 3.112+nmu2 add and remove users and groups ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii dpkg1.15.8.10Debian package management system ii libc6 2.11.2-10Embedded GNU C Library: Shared lib ii libcomerr2 1.41.12-2common error description library ii libgssapi-krb5-21.8.3+dfsg-4 MIT Kerberos runtime libraries - k ii libkrb5-3 1.8.3+dfsg-4 MIT Kerberos runtime libraries ii libpam-modules 1.1.1-6.1Pluggable Authentication Modules f ii libpam-runtime 1.1.1-6.1Runtime support for the PAM librar ii libpam0g1.1.1-6.1Pluggable Authentication Modules l ii libselinux1 2.0.96-1 SELinux runtime shared libraries ii libssl0.9.8 0.9.8o-4squeeze1 SSL shared libraries ii libwrap07.6.q-19 Wietse Venema's TCP wrappers libra ii lsb-base3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii openssh-blacklist 0.4.1list of default blacklisted OpenSS ii openssh-client 1:5.5p1-6secure shell (SSH) client, for sec ii procps 1:3.2.8-9/proc file system utilities ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages openssh-server recommends: ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op ii xauth 1:1.0.4-1 X authentication utility Versions of packages openssh-server suggests: pn molly-guard none (no description available) pn rssh none (no description available) pn ssh-askpass none (no description available) pn ufw none (no description available) -- debconf information excluded -- Alexey Malov -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#631189: openssh-server: sshd_config should support include directive
Алексей Малов scukon...@gmail.com writes: I think, openssh-server should support include directive. I have a lot of sshd_config files that are mostly the same, except for some small differences. For example, ListenAddress could be different because a host has a bunch of virtual interfaces that ssh should not listen on. Also, it is very useful, when configure with systems like puppet. I wished for an include directive quite a lot of times in the past, but since then, ended up liking my workaround better: I use cpp to preprocess my sshd configs before deployment, thus I automatically get #include and a bunch of other stuff. While it's not as convenient as sshd supporting Include by itself, it works. And doesn't need any changes to openssh (implementing include properly is not all that trivial, imo). -- |8], a random user who just happened to stumble upon this wishlist report. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org