From nobody Fri Oct 20 12:54:20 2023 X-Original-To: stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SBl0J0y3tz4xlW4 for ; Fri, 20 Oct 2023 12:54:24 +0000 (UTC) (envelope-from SRS0=FZaK=GC=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4SBl0H6lTpz4dfd for ; Fri, 20 Oct 2023 12:54:23 +0000 (UTC) (envelope-from SRS0=FZaK=GC=quip.cz=000.fbsd@elsa.codelab.cz) Authentication-Results: mx1.freebsd.org; none Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id ECED7D788B; Fri, 20 Oct 2023 14:54:21 +0200 (CEST) Received: from [192.168.145.49] (ip-89-177-27-225.bb.vodafone.cz [89.177.27.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 4ABE7D7887; Fri, 20 Oct 2023 14:54:20 +0200 (CEST) Message-ID: Date: Fri, 20 Oct 2023 12:54:20 +0000 List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Local sshd_config modifications Content-Language: cs-Cestina, en-US To: Ben Stuyts Cc: stable@freebsd.org References: <20231003230335.0B92113333@freefall.freebsd.org> <765ea31d-8f07-4916-b6fd-ba220dec80dc@inoc.net> <20231020062618.9618dcfd42b083720d5dbd12@dec.sakura.ne.jp> <14ed5f0c-9dbc-48d6-959c-750f2db726d4@quip.cz> <29762b3d-5f46-46b0-ad51-bcca7bf0c855@quip.cz> <752B19A0-13E0-47D7-A009-CD07ACBFEB85@altesco.nl> From: Miroslav Lachman <000.fbsd@quip.cz> In-Reply-To: <752B19A0-13E0-47D7-A009-CD07ACBFEB85@altesco.nl> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ] X-Rspamd-Queue-Id: 4SBl0H6lTpz4dfd On 20/10/2023 10:41, Ben Stuyts wrote: >> Include /etc/ssh/sshd_config.d/*.conf >> Include /usr/local/etc/ssh/sshd_config.d/*.conf > > Noted, thanks. Personally I just use Include /etc/ssh/sshd_config.local, but I thought my initial solution would be more generic. > >> But search the internet first, there are reported bugs and headaches with Include and Match. > > I personally have not seen any problems when using Match with this. But it looks like this was fixed in 8.4, and FreeBSD (12.4) is running 9.1. > > Looking at it now, I see that I also had to disable the Subsection sftp part, as I sometimes redefine it in the local file. And sshd barfs on duplicate Subsections. Yes, this can be another problem. Cannot speak of sshd because I never used Include with it but there are problems with e.g. sudoers.d or syslog.d included files - sometimes there cannot be redefinitions or the order of directives matters. Kind regards Miroslav Lachman