Hello, Afaik there was added Include feature for ssh_config. I want to add this option to sshd_config as well. I think about local patch(i am not sure this will be required for upstream). Code for Include option in readconf.c doesn't look very specific. Is there some reason why this wasn't introduced for sshd_config as well? Maybe someone already have patch for this feature? It would be great because i am pretty awful C programmer.
On 04/07/2017 11:54 AM, navern wrote:> Hello, > > Afaik there was added Include feature for ssh_config. I want to add this > option to sshd_config as well. I think about local patch(i am not sure > this will be required for upstream). > > Code for Include option in readconf.c doesn't look very specific. Is > there some reason why this wasn't introduced for sshd_config as well? > > Maybe someone already have patch for this feature? It would be great > because i am pretty awful C programmer.This is already implemented in the following bugzilla: https://bugzilla.mindrot.org/show_bug.cgi?id=2468 The code gets little bit more complicated because of requirement to re-read the configuration for every incoming connection. Giving a test and comments would be very appreciated. Regards, -- Jakub Jelen Software Engineer Security Technologies Red Hat
On 07.04.2017 15:05, Jakub Jelen wrote:> On 04/07/2017 11:54 AM, navern wrote: >> Hello, >> >> Afaik there was added Include feature for ssh_config. I want to add this >> option to sshd_config as well. I think about local patch(i am not sure >> this will be required for upstream). >> >> Code for Include option in readconf.c doesn't look very specific. Is >> there some reason why this wasn't introduced for sshd_config as well? >> >> Maybe someone already have patch for this feature? It would be great >> because i am pretty awful C programmer. > > This is already implemented in the following bugzilla: > > https://bugzilla.mindrot.org/show_bug.cgi?id=2468 > > The code gets little bit more complicated because of requirement to > re-read the configuration for every incoming connection. Giving a test > and comments would be very appreciated. > > Regards,Hello, I've fixed this patch a little to apply it to version 7.4p1. I will test it in following week and let you know about results. Thanks for the patch.
On Fri, 7 Apr 2017, Jakub Jelen wrote:> On 04/07/2017 11:54 AM, navern wrote: > > Hello, > > > > Afaik there was added Include feature for ssh_config. I want to add this > > option to sshd_config as well. I think about local patch(i am not sure > > this will be required for upstream). > > > > Code for Include option in readconf.c doesn't look very specific. Is > > there some reason why this wasn't introduced for sshd_config as well? > > > > Maybe someone already have patch for this feature? It would be great > > because i am pretty awful C programmer. > > This is already implemented in the following bugzilla: > > https://bugzilla.mindrot.org/show_bug.cgi?id=2468 > > The code gets little bit more complicated because of requirement to re-read > the configuration for every incoming connection. Giving a test and comments > would be very appreciated.I'll update the bug, but IMO re-reading config at runtime is a significant behaviour change and is probably unacceptable. We go through some hassle wrt re-execution to ensure that the configuration sshd is started with is the one that it. To do otherwise is IMO inviting surprise and trouble for administrators. -d