Re: FreeBSD Errata Notice FreeBSD-EN-23:09.freebsd-update [REVISED]

Reply: Ben Stuyts : "Local sshd_config modifications (was: FreeBSD Errata Notice FreeBSD-EN-23:09.freebsd-update [REVISED])"
In reply to: Ben Stuyts : "Re: FreeBSD Errata Notice FreeBSD-EN-23:09.freebsd-update [REVISED]"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Miroslav Lachman <000.fbsd_at_quip.cz>
Date: Fri, 20 Oct 2023 10:07:06 UTC

On 20/10/2023 08:55, Ben Stuyts wrote:
> 
>> On 20 Oct 2023, at 02:14, Doug Hardie <bc979@lafn.org> wrote:
>>
>> I believe that adding a couple lines of sh code to the end of 
>> sshd.conf would cause it to read /usr/local/etc/sshd.conf and avoid 
>> those issues.  That is done in other places in the rc process.
>>
>> — Doug
> 
> 
> Yes, it would be great if the stock /etc/sshd_config would include 
> something like
> 
> Include /usr/local/etc/ssh/*
> 
> as the final line. I would never have to touch it again. It’s always a 
> bother keeping it up to date, especially when running lots of jails.

Except that /usr/local/etc/ is for configuration files used by 
ports/packages and not the services from base.

If you want it, then it should be something like this:

Include /etc/ssh/sshd_config.d/*.conf

or this

Include /etc/ssh/sshd_config.d/*.conf
Include /usr/local/etc/ssh/sshd_config.d/*.conf

But search the internet first, there are reported bugs and headaches 
with Include and Match.

Kind regards
Miroslav Lachman