Date: Fri, 20 Oct 2023 12:54:20 +0000 From: Miroslav Lachman <000.fbsd@quip.cz> To: Ben Stuyts <ben@altesco.nl> Cc: stable@freebsd.org Subject: Re: Local sshd_config modifications Message-ID: <c8c02953-5de5-4bc8-8cda-ac51b9a979d2@quip.cz> In-Reply-To: <752B19A0-13E0-47D7-A009-CD07ACBFEB85@altesco.nl> References: <20231003230335.0B92113333@freefall.freebsd.org> <aaabb189-b0df-4bd2-94d2-12d407b080b1@twcny.rr.com> <E5535DBD-9199-4151-A485-119E5CD02EA2@libassi.se> <765ea31d-8f07-4916-b6fd-ba220dec80dc@inoc.net> <c0a1d1b3-171b-443d-bedb-a5a8938219eb@quip.cz> <20231020062618.9618dcfd42b083720d5dbd12@dec.sakura.ne.jp> <14ed5f0c-9dbc-48d6-959c-750f2db726d4@quip.cz> <DAC7D065-F7C5-4DDC-AC45-71478D82EF63@sermon-archive.info> <B156352F-1D54-490A-9F48-2E278E3E8D6A@altesco.nl> <29762b3d-5f46-46b0-ad51-bcca7bf0c855@quip.cz> <752B19A0-13E0-47D7-A009-CD07ACBFEB85@altesco.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20/10/2023 10:41, Ben Stuyts wrote: >> Include /etc/ssh/sshd_config.d/*.conf >> Include /usr/local/etc/ssh/sshd_config.d/*.conf > > Noted, thanks. Personally I just use Include /etc/ssh/sshd_config.local, but I thought my initial solution would be more generic. > >> But search the internet first, there are reported bugs and headaches with Include and Match. > > I personally have not seen any problems when using Match with this. But it looks like this was fixed in 8.4, and FreeBSD (12.4) is running 9.1. > > Looking at it now, I see that I also had to disable the Subsection sftp part, as I sometimes redefine it in the local file. And sshd barfs on duplicate Subsections. Yes, this can be another problem. Cannot speak of sshd because I never used Include with it but there are problems with e.g. sudoers.d or syslog.d included files - sometimes there cannot be redefinitions or the order of directives matters. Kind regards Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c8c02953-5de5-4bc8-8cda-ac51b9a979d2>