Re: Local sshd_config modifications

In reply to: Ben Stuyts : "Local sshd_config modifications (was: FreeBSD Errata Notice FreeBSD-EN-23:09.freebsd-update [REVISED])"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Miroslav Lachman <000.fbsd_at_quip.cz>
Date: Fri, 20 Oct 2023 12:54:20 UTC

On 20/10/2023 10:41, Ben Stuyts wrote:

>> Include /etc/ssh/sshd_config.d/*.conf
>> Include /usr/local/etc/ssh/sshd_config.d/*.conf
> 
> Noted, thanks. Personally I just use Include /etc/ssh/sshd_config.local, but I thought my initial solution would be more generic.
> 
>> But search the internet first, there are reported bugs and headaches with Include and Match.
> 
> I personally have not seen any problems when using Match with this. But it looks like this was fixed in 8.4, and FreeBSD (12.4) is running 9.1.
> 
> Looking at it now, I see that I also had to disable the Subsection sftp part, as I sometimes redefine it in the local file. And sshd barfs on duplicate Subsections.

Yes, this can be another problem. Cannot speak of sshd because I never 
used Include with it but there are problems with e.g. sudoers.d or 
syslog.d included files - sometimes there cannot be redefinitions or the 
order of directives matters.

Kind regards
Miroslav Lachman