Date: Sat, 21 Oct 2023 19:27:10 +0200 (CEST) From: freebsd@oldach.net (Helge Oldach) To: stable@freebsd.org Subject: Re: Local sshd_config modifications Message-ID: <202310211727.39LHRAIv053742@nuc.oldach.net> In-Reply-To: <c8c02953-5de5-4bc8-8cda-ac51b9a979d2@quip.cz> from Miroslav Lachman at "20 Oct 2023 12:54:20"
next in thread | previous in thread | raw e-mail | index | archive | help
Miroslav Lachman wrote on Fri, 20 Oct 2023 14:54:20 +0200 (CEST):
> On 20/10/2023 10:41, Ben Stuyts wrote:
> >> Include /etc/ssh/sshd_config.d/*.conf
> >> Include /usr/local/etc/ssh/sshd_config.d/*.conf
> >
> > Noted, thanks. Personally I just use Include /etc/ssh/sshd_config.local, but I thought my initial solution would be more generic.
> >
> >> But search the internet first, there are reported bugs and headaches with Include and Match.
> >
> > I personally have not seen any problems when using Match with this. But it looks like this was fixed in 8.4, and FreeBSD (12.4) is running 9.1.
> >
> > Looking at it now, I see that I also had to disable the Subsection sftp part, as I sometimes redefine it in the local file. And sshd barfs on duplicate Subsections.
>
> Yes, this can be another problem. Cannot speak of sshd because I never
> used Include with it but there are problems with e.g. sudoers.d or
> syslog.d included files - sometimes there cannot be redefinitions or the
> order of directives matters.
Simple modifications can be added through rc.conf (or rc.conf.d/sshd):
sshd_flags="${sshd_flags} -o UseBlackList=yes -o ClientAliveInterval=15"
Does this perhaps work for the Include directive as well?
Kind regards
Helge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202310211727.39LHRAIv053742>