Date: Fri, 20 Oct 2023 12:41:21 +0200 From: Ben Stuyts <ben@altesco.nl> To: Miroslav Lachman <000.fbsd@quip.cz> Cc: Doug Hardie <bc979@lafn.org>, Tomoaki AOKI <junchoon@dec.sakura.ne.jp>, stable@freebsd.org Subject: Local sshd_config modifications (was: FreeBSD Errata Notice FreeBSD-EN-23:09.freebsd-update [REVISED]) Message-ID: <752B19A0-13E0-47D7-A009-CD07ACBFEB85@altesco.nl> In-Reply-To: <29762b3d-5f46-46b0-ad51-bcca7bf0c855@quip.cz> References: <20231003230335.0B92113333@freefall.freebsd.org> <aaabb189-b0df-4bd2-94d2-12d407b080b1@twcny.rr.com> <E5535DBD-9199-4151-A485-119E5CD02EA2@libassi.se> <765ea31d-8f07-4916-b6fd-ba220dec80dc@inoc.net> <c0a1d1b3-171b-443d-bedb-a5a8938219eb@quip.cz> <20231020062618.9618dcfd42b083720d5dbd12@dec.sakura.ne.jp> <14ed5f0c-9dbc-48d6-959c-750f2db726d4@quip.cz> <DAC7D065-F7C5-4DDC-AC45-71478D82EF63@sermon-archive.info> <B156352F-1D54-490A-9F48-2E278E3E8D6A@altesco.nl> <29762b3d-5f46-46b0-ad51-bcca7bf0c855@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 20 Oct 2023, at 12:07, Miroslav Lachman <000.fbsd@quip.cz> wrote: >=20 > On 20/10/2023 08:55, Ben Stuyts wrote: >>> On 20 Oct 2023, at 02:14, Doug Hardie <bc979@lafn.org> wrote: >>>=20 >>> I believe that adding a couple lines of sh code to the end of = sshd.conf would cause it to read /usr/local/etc/sshd.conf and avoid = those issues. That is done in other places in the rc process. >>>=20 >>> =E2=80=94 Doug >> Yes, it would be great if the stock /etc/sshd_config would include = something like >> Include /usr/local/etc/ssh/* >> as the final line. I would never have to touch it again. It=E2=80=99s = always a bother keeping it up to date, especially when running lots of = jails. >=20 > Except that /usr/local/etc/ is for configuration files used by = ports/packages and not the services from base. >=20 > If you want it, then it should be something like this: >=20 > Include /etc/ssh/sshd_config.d/*.conf >=20 > or this >=20 > Include /etc/ssh/sshd_config.d/*.conf > Include /usr/local/etc/ssh/sshd_config.d/*.conf Noted, thanks. Personally I just use Include /etc/ssh/sshd_config.local, = but I thought my initial solution would be more generic. > But search the internet first, there are reported bugs and headaches = with Include and Match. I personally have not seen any problems when using Match with this. But = it looks like this was fixed in 8.4, and FreeBSD (12.4) is running 9.1. Looking at it now, I see that I also had to disable the Subsection sftp = part, as I sometimes redefine it in the local file. And sshd barfs on = duplicate Subsections. Ben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?752B19A0-13E0-47D7-A009-CD07ACBFEB85>