From nobody Fri Oct 20 10:07:06 2023
X-Original-To: stable@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SBgHL52fxz4xb7f
	for <stable@mlmmj.nyi.freebsd.org>; Fri, 20 Oct 2023 10:07:10 +0000 (UTC)
	(envelope-from SRS0=FZaK=GC=quip.cz=000.fbsd@elsa.codelab.cz)
Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4SBgHL2Dpcz4Npq
	for <stable@freebsd.org>; Fri, 20 Oct 2023 10:07:10 +0000 (UTC)
	(envelope-from SRS0=FZaK=GC=quip.cz=000.fbsd@elsa.codelab.cz)
Authentication-Results: mx1.freebsd.org;
	none
Received: from elsa.codelab.cz (localhost [127.0.0.1])
	by elsa.codelab.cz (Postfix) with ESMTP id 6E839D788B;
	Fri, 20 Oct 2023 12:07:08 +0200 (CEST)
Received: from [192.168.145.49] (ip-89-177-27-225.bb.vodafone.cz [89.177.27.225])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by elsa.codelab.cz (Postfix) with ESMTPSA id 6F20CD7887;
	Fri, 20 Oct 2023 12:07:07 +0200 (CEST)
Message-ID: <29762b3d-5f46-46b0-ad51-bcca7bf0c855@quip.cz>
Date: Fri, 20 Oct 2023 10:07:06 +0000
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-stable
List-Help: <mailto:stable+help@freebsd.org>
List-Post: <mailto:stable@freebsd.org>
List-Subscribe: <mailto:stable+subscribe@freebsd.org>
List-Unsubscribe: <mailto:stable+unsubscribe@freebsd.org>
Sender: owner-freebsd-stable@freebsd.org
X-BeenThere: freebsd-stable@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: FreeBSD Errata Notice FreeBSD-EN-23:09.freebsd-update [REVISED]
Content-Language: cs-Cestina
To: Ben Stuyts <ben@altesco.nl>, Doug Hardie <bc979@lafn.org>
Cc: Tomoaki AOKI <junchoon@dec.sakura.ne.jp>, stable@freebsd.org
References: <20231003230335.0B92113333@freefall.freebsd.org>
 <aaabb189-b0df-4bd2-94d2-12d407b080b1@twcny.rr.com>
 <E5535DBD-9199-4151-A485-119E5CD02EA2@libassi.se>
 <765ea31d-8f07-4916-b6fd-ba220dec80dc@inoc.net>
 <c0a1d1b3-171b-443d-bedb-a5a8938219eb@quip.cz>
 <20231020062618.9618dcfd42b083720d5dbd12@dec.sakura.ne.jp>
 <14ed5f0c-9dbc-48d6-959c-750f2db726d4@quip.cz>
 <DAC7D065-F7C5-4DDC-AC45-71478D82EF63@sermon-archive.info>
 <B156352F-1D54-490A-9F48-2E278E3E8D6A@altesco.nl>
From: Miroslav Lachman <000.fbsd@quip.cz>
In-Reply-To: <B156352F-1D54-490A-9F48-2E278E3E8D6A@altesco.nl>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ]
X-Rspamd-Queue-Id: 4SBgHL2Dpcz4Npq

On 20/10/2023 08:55, Ben Stuyts wrote:
> 
>> On 20 Oct 2023, at 02:14, Doug Hardie <bc979@lafn.org> wrote:
>>
>> I believe that adding a couple lines of sh code to the end of 
>> sshd.conf would cause it to read /usr/local/etc/sshd.conf and avoid 
>> those issues.  That is done in other places in the rc process.
>>
>> — Doug
> 
> 
> Yes, it would be great if the stock /etc/sshd_config would include 
> something like
> 
> Include /usr/local/etc/ssh/*
> 
> as the final line. I would never have to touch it again. It’s always a 
> bother keeping it up to date, especially when running lots of jails.

Except that /usr/local/etc/ is for configuration files used by 
ports/packages and not the services from base.

If you want it, then it should be something like this:

Include /etc/ssh/sshd_config.d/*.conf

or this

Include /etc/ssh/sshd_config.d/*.conf
Include /usr/local/etc/ssh/sshd_config.d/*.conf

But search the internet first, there are reported bugs and headaches 
with Include and Match.

Kind regards
Miroslav Lachman