Alexis Horgix Chotard
2017-Mar-20 13:03 UTC
[Doc] Extension of Included configuration files
Hello, 2017-02-15 9:50 GMT+01:00 Jakub Jelen <jjelen at redhat.com>:> This is very strict condition. For the tools, I would rather have a look at > the full path (if it is possible), because in most of the cases, the files > should come under /etc/ssh/ssh_config.d/*Well, if it's not strict enough it will make it hard to differenciate different kind of ssh configurations. And this would only covers configuration in /etc, not the ones in ~/.ssh, so it would be necessary to add ~/.ssh/ssh_config.d/ to the list.> Having this path automatically included by default in shipped configuration > files from OpenSSH upstream would be nice.That's actually a good idea imho. Does anyone have something for/against that ? It would simplify configurations inclusion, and it will set a base "standard" so ~/.ssh/ssh_config.d would make sense too and could be indicated in the man page. I'm willing to write the patch for it if it were to be accepted, and then submit it, but I'm not sure where I could submit this since there was so little answer to my current proposal. Regards, -- Alexis 'Horgix' Chotard
On Mon, Mar 20, 2017 at 9:03 AM, Alexis Horgix Chotard <alexis.horgix.chotard at gmail.com> wrote:> Hello, > > 2017-02-15 9:50 GMT+01:00 Jakub Jelen <jjelen at redhat.com>: >> This is very strict condition. For the tools, I would rather have a look at >> the full path (if it is possible), because in most of the cases, the files >> should come under /etc/ssh/ssh_config.d/* > > Well, if it's not strict enough it will make it hard to differenciate > different kind of ssh configurations. > And this would only covers configuration in /etc, not the ones in > ~/.ssh, so it would be necessary to add ~/.ssh/ssh_config.d/ to the > list. > >> Having this path automatically included by default in shipped configuration >> files from OpenSSH upstream would be nice. > > That's actually a good idea imho. Does anyone have something for/against that ? > It would simplify configurations inclusion, and it will set a base > "standard" so ~/.ssh/ssh_config.d would make sense too and could be > indicated in the man page. > > I'm willing to write the patch for it if it were to be accepted, and > then submit it, but I'm not sure where I could submit this since there > was so little answer to my current proposal. > > Regards,I'm against it being on by default. Not because "include" files are not an interesting idea, but because it could be prone to incompatible abuse by other add-on packages after OpenSSH is installed, and because the sequential activation of included files can lead to erratic behavior when an individual file is added alphabetically ahead of another included file which is no longer being successfully parsed due to the first file. (Been there, done that with /etc/sudoers.d and /etc/profile.d.)
Alexis Horgix Chotard
2017-Mar-20 13:39 UTC
[Doc] Extension of Included configuration files
Hello, 2017-03-20 14:26 GMT+01:00 Nico Kadel-Garcia <nkadel at gmail.com>:> I'm against it being on by default. Not because "include" files are > not an interesting idea, but because it could be prone to incompatible > abuse by other add-on packages after OpenSSH is installed, and because > the sequential activation of included files can lead to erratic > behavior when an individual file is added alphabetically ahead of > another included file which is no longer being successfully parsed due > to the first file. (Been there, done that with /etc/sudoers.d and > /etc/profile.d.)That's for this reason that my original proposal was only to include a SHOULD mention to the manpage, like "Included files should go to a ssh_config.d directory in order to be detected as such by external tools". Would that make more sense to you ? If not, do you have any suggestion regarding the original problem of detecting ssh configuration files now that any file can be included ? -- Alexis 'Horgix' Chotard