From openssh-unix-dev  Mon Jan 05 12:59:28 2009
From: "Richard Hartmann" <richih.mailinglist () gmail ! com>
Date: Mon, 05 Jan 2009 12:59:28 +0000
To: openssh-unix-dev
Subject: Re: "Include" directive in ~/.ssh/config (reprise)
Message-Id: <2d460de70901050459g53fea109g20e9ee68d474da44 () mail ! gmail ! com>
X-MARC-Message: https://marc.info/?l=openssh-unix-dev&m=123117669023883

On Mon, Jan 5, 2009 at 11:12, Yaniv Aknin <yaniv@aknin.name> wrote:

> If I'll implement this feature, will it be integrated into the next
> release of OpenSSH? What's the process I should go through for that?

I subscribed to this list yesterday so don't take this email as anything
other than personal opinion, but I have been looking for just that
feature recently.
While I would not feel comfortable to apply third-party patches to
something as central and important as OpenSSH, I would definitely
use this feature if it made it into mainline.

Hank Leininger made one important mistake in his example, though:
OpenSSH resolves conflicts by looking at the last, not the first,
config option. I.e. his localoverrides would need to come last.


I might be a good idea to provide an authentication mechanism to
the Include directive. The possible attack scenarios against a
split-up Include files are a lot more and worse than if you had just
/etc/whereever/ and ~/.ssh/ to care about.


Richard
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev