Date: Sat, 21 Oct 2023 22:41:45 +0200 From: Ben Stuyts <ben@altesco.nl> To: stable@freebsd.org Subject: Re: Local sshd_config modifications Message-ID: <137708B0-9B98-440B-BF1C-5C6FACA52E48@altesco.nl> In-Reply-To: <202310211727.39LHRAIv053742@nuc.oldach.net> References: <202310211727.39LHRAIv053742@nuc.oldach.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 21 Oct 2023, at 19:27, Helge Oldach <freebsd@oldach.net> wrote:
>=20
> Miroslav Lachman wrote on Fri, 20 Oct 2023 14:54:20 +0200 (CEST):
>> On 20/10/2023 10:41, Ben Stuyts wrote:
>>>> Include /etc/ssh/sshd_config.d/*.conf
>>>> Include /usr/local/etc/ssh/sshd_config.d/*.conf
>>>=20
>>> Noted, thanks. Personally I just use Include =
/etc/ssh/sshd_config.local, but I thought my initial solution would be =
more generic.
>>>=20
>>>> But search the internet first, there are reported bugs and =
headaches with Include and Match.
>>>=20
>>> I personally have not seen any problems when using Match with this. =
But it looks like this was fixed in 8.4, and FreeBSD (12.4) is running =
9.1.
>>>=20
>>> Looking at it now, I see that I also had to disable the Subsection =
sftp part, as I sometimes redefine it in the local file. And sshd barfs =
on duplicate Subsections.
>>=20
>> Yes, this can be another problem. Cannot speak of sshd because I =
never=20
>> used Include with it but there are problems with e.g. sudoers.d or=20
>> syslog.d included files - sometimes there cannot be redefinitions or =
the=20
>> order of directives matters.
>=20
> Simple modifications can be added through rc.conf (or rc.conf.d/sshd):
>=20
> sshd_flags=3D"${sshd_flags} -o UseBlackList=3Dyes -o =
ClientAliveInterval=3D15"
>=20
> Does this perhaps work for the Include directive as well?
No, unfortunately not. I just tried. It give the following error:
Include directive not supported as a command-line option
Ben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?137708B0-9B98-440B-BF1C-5C6FACA52E48>