Re: [OE-core][PATCH 2/2] openssh: add support for config snippet includes to ssh and sshd

Thu, 18 Aug 2022 10:32:31 -0700 

On Thu, Aug 18, 2022 at 4:21 AM Jan Luebbe <j...@pengutronix.de> wrote:
>
> This makes it simpler to set specific ssh/sshd config options by adding
> snippet files to /etc/ssh/ssh_config.d/ or /etc/ssh/sshd_config.d/
> instead of modifying a copy of the full configuration file. As new
> snippets can be added from separate recipes, targeted changes can be
> done in multiple layers.
>
> These specific directories are also used in Debian's default
> configuration.
>
> Signed-off-by: Jan Luebbe <j...@pengutronix.de>
> ---
>  meta/recipes-connectivity/openssh/openssh/ssh_config  | 2 ++
>  meta/recipes-connectivity/openssh/openssh/sshd_config | 2 ++
>  2 files changed, 4 insertions(+)
>
> diff --git a/meta/recipes-connectivity/openssh/openssh/ssh_config 
> b/meta/recipes-connectivity/openssh/openssh/ssh_config
> index 05eecb465ff0..ca70f3737596 100644
> --- a/meta/recipes-connectivity/openssh/openssh/ssh_config
> +++ b/meta/recipes-connectivity/openssh/openssh/ssh_config
> @@ -17,6 +17,8 @@
>  # list of available options, their meanings and defaults, please see the
>  # ssh_config(5) man page.
>
> +Include /etc/ssh/ssh_config.d/*.conf
> +
Generally looks ok.
I wonder if this increases security concerns with such blanket includes.

>  Host *
>    ForwardAgent yes
>    ForwardX11 yes
> diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config 
> b/meta/recipes-connectivity/openssh/openssh/sshd_config
> index 9c5380589013..e9eaf9315775 100644
> --- a/meta/recipes-connectivity/openssh/openssh/sshd_config
> +++ b/meta/recipes-connectivity/openssh/openssh/sshd_config
> @@ -10,6 +10,8 @@
>  # possible, but leave them commented.  Uncommented options override the
>  # default value.
>
> +Include /etc/ssh/sshd_config.d/*.conf
> +
>  #Port 22
>  #AddressFamily any
>  #ListenAddress 0.0.0.0
> --
> 2.20.1
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#169535): 
https://lists.openembedded.org/g/openembedded-core/message/169535
Mute This Topic: https://lists.openembedded.org/mt/93100986/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to