[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssh-unix-dev
Subject:    Re: "Include" directive in ~/.ssh/config (reprise)
From:       "Richard Hartmann" <richih.mailinglist () gmail ! com>
Date:       2009-01-05 12:59:28
Message-ID: 2d460de70901050459g53fea109g20e9ee68d474da44 () mail ! gmail ! com
[Download RAW message or body]

On Mon, Jan 5, 2009 at 11:12, Yaniv Aknin <yaniv@aknin.name> wrote:

> If I'll implement this feature, will it be integrated into the next
> release of OpenSSH? What's the process I should go through for that?

I subscribed to this list yesterday so don't take this email as anything
other than personal opinion, but I have been looking for just that
feature recently.
While I would not feel comfortable to apply third-party patches to
something as central and important as OpenSSH, I would definitely
use this feature if it made it into mainline.

Hank Leininger made one important mistake in his example, though:
OpenSSH resolves conflicts by looking at the last, not the first,
config option. I.e. his localoverrides would need to come last.


I might be a good idea to provide an authentication mechanism to
the Include directive. The possible attack scenarios against a
split-up Include files are a lot more and worse than if you had just
/etc/whereever/ and ~/.ssh/ to care about.


Richard
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[prev in list] [next in list] [prev in thread] [next in thread]