Re: Local sshd_config modifications
- In reply to: deleted: "deleted (X-No-Archive)"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 21 Oct 2023 20:41:45 UTC
> On 21 Oct 2023, at 19:27, Helge Oldach <freebsd@oldach.net> wrote:
>
> Miroslav Lachman wrote on Fri, 20 Oct 2023 14:54:20 +0200 (CEST):
>> On 20/10/2023 10:41, Ben Stuyts wrote:
>>>> Include /etc/ssh/sshd_config.d/*.conf
>>>> Include /usr/local/etc/ssh/sshd_config.d/*.conf
>>>
>>> Noted, thanks. Personally I just use Include /etc/ssh/sshd_config.local, but I thought my initial solution would be more generic.
>>>
>>>> But search the internet first, there are reported bugs and headaches with Include and Match.
>>>
>>> I personally have not seen any problems when using Match with this. But it looks like this was fixed in 8.4, and FreeBSD (12.4) is running 9.1.
>>>
>>> Looking at it now, I see that I also had to disable the Subsection sftp part, as I sometimes redefine it in the local file. And sshd barfs on duplicate Subsections.
>>
>> Yes, this can be another problem. Cannot speak of sshd because I never
>> used Include with it but there are problems with e.g. sudoers.d or
>> syslog.d included files - sometimes there cannot be redefinitions or the
>> order of directives matters.
>
> Simple modifications can be added through rc.conf (or rc.conf.d/sshd):
>
> sshd_flags="${sshd_flags} -o UseBlackList=yes -o ClientAliveInterval=15"
>
> Does this perhaps work for the Include directive as well?
No, unfortunately not. I just tried. It give the following error:
Include directive not supported as a command-line option
Ben