> -----Original Message----- > From: openembedded-core@lists.openembedded.org > <openembedded-core@lists.openembedded.org> On Behalf Of Khem Raj > Sent: den 18 augusti 2022 19:32 > To: Jan Luebbe <j...@pengutronix.de> > Cc: openembedded-core@lists.openembedded.org > Subject: Re: [OE-core][PATCH 2/2] openssh: add support for config snippet > includes to ssh and sshd > > On Thu, Aug 18, 2022 at 4:21 AM Jan Luebbe <j...@pengutronix.de> wrote: > > > > This makes it simpler to set specific ssh/sshd config options by adding > > snippet files to /etc/ssh/ssh_config.d/ or /etc/ssh/sshd_config.d/ > > instead of modifying a copy of the full configuration file. As new > > snippets can be added from separate recipes, targeted changes can be > > done in multiple layers. > > > > These specific directories are also used in Debian's default > > configuration. > > > > Signed-off-by: Jan Luebbe <j...@pengutronix.de> > > --- > > meta/recipes-connectivity/openssh/openssh/ssh_config | 2 ++ > > meta/recipes-connectivity/openssh/openssh/sshd_config | 2 ++ > > 2 files changed, 4 insertions(+) > > > > diff --git a/meta/recipes-connectivity/openssh/openssh/ssh_config > > b/meta/recipes-connectivity/openssh/openssh/ssh_config > > index 05eecb465ff0..ca70f3737596 100644 > > --- a/meta/recipes-connectivity/openssh/openssh/ssh_config > > +++ b/meta/recipes-connectivity/openssh/openssh/ssh_config > > @@ -17,6 +17,8 @@ > > # list of available options, their meanings and defaults, please see the > > # ssh_config(5) man page. > > > > +Include /etc/ssh/ssh_config.d/*.conf > > + > Generally looks ok. > I wonder if this increases security concerns with such blanket includes.
If you have the permissions to add a file to /etc/ssh/ssh_config.d or /etc/ssh/sshd_config.d, you could just as well modify /etc/ssh/ssh_config or /etc/ssh/sshd_config directly. > > Host * > > ForwardAgent yes > > ForwardX11 yes > > diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config > > b/meta/recipes-connectivity/openssh/openssh/sshd_config > > index 9c5380589013..e9eaf9315775 100644 > > --- a/meta/recipes-connectivity/openssh/openssh/sshd_config > > +++ b/meta/recipes-connectivity/openssh/openssh/sshd_config > > @@ -10,6 +10,8 @@ > > # possible, but leave them commented. Uncommented options override the > > # default value. > > > > +Include /etc/ssh/sshd_config.d/*.conf > > + > > #Port 22 > > #AddressFamily any > > #ListenAddress 0.0.0.0 > > -- > > 2.20.1 //Peter
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#169621): https://lists.openembedded.org/g/openembedded-core/message/169621 Mute This Topic: https://lists.openembedded.org/mt/93100986/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
