On Fri, Apr 24, 2020 at 01:16:31PM -0000, Dimitri John Ledkov wrote:
> Include /run/ssh/sshd_config.d/*conf
> Include /etc/ssh/sshd_config.d/*conf
> Include /lib/ssh/sshd_config.d/*conf
> It would be nice if /etc/ssh only had the host keys, and no other
> default options.
This feels like it'd also need systemd-style config options to allow
admins to say they don't want specific packaged configs, too.
This mechanism could be ideal for eg ec2-instance-connect, except the
current implementation, via:
/lib/systemd/system/ssh.service.d/ec2-instance-connect.conf
can be ignored via a symlink to /dev/null in
/etc/systemd/system/ssh.service.d/ec2-instance-connect.conf
Changing to sshd config snippets in /lib/ssh/sshd_config.d/ would now
require uninstalling the package entirely, which might also require
uninstalling meta-packages.
A simple 'include' mechanism without allowances for nulling out unwanted
configs is useful but probably not alone sufficient.
On Fri, Apr 24, 2020 at 01:16:31PM -0000, Dimitri John Ledkov wrote: sshd_config. d/*conf sshd_config. d/*conf sshd_config. d/*conf
> Include /run/ssh/
> Include /etc/ssh/
> Include /lib/ssh/
> It would be nice if /etc/ssh only had the host keys, and no other
> default options.
This feels like it'd also need systemd-style config options to allow
admins to say they don't want specific packaged configs, too.
This mechanism could be ideal for eg ec2-instance- connect, except the system/ ssh.service. d/ec2-instance- connect. conf system/ ssh.service. d/ec2-instance- connect. conf
current implementation, via:
/lib/systemd/
can be ignored via a symlink to /dev/null in
/etc/systemd/
Changing to sshd config snippets in /lib/ssh/ sshd_config. d/ would now
require uninstalling the package entirely, which might also require
uninstalling meta-packages.
A simple 'include' mechanism without allowances for nulling out unwanted
configs is useful but probably not alone sufficient.
Thanks