b***@bugzilla.mindrot.org
2015-09-15 12:16:22 UTC
https://bugzilla.mindrot.org/show_bug.cgi?id=2468
Bug ID: 2468
Summary: Option to include external files to sshd_config
Product: Portable OpenSSH
Version: 7.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-***@mindrot.org
Reporter: ***@redhat.com
Depends on: 2463
Created attachment 2706
--> https://bugzilla.mindrot.org/attachment.cgi?id=2706&action=edit
proposed patch
This topic was discussed in few bugs (namely 1613, 2146, 1585) for
client side and the last one also contains patch that can be applied to
the current openssh. Having the same feature for server side makes the
same sense for me so I created patch also for server side.
To understand the main reason behind this feature, it is our
"system-wide crypto policy", which should allow us to enforce specific
security policies in uniform way over the most crypto tools in whole
system.
This feature will also allow us to have default drop-in directory,
which will also improve the packaging possibilities for third party
tools and will make possible to update main config without conflict
with changes made by users.
All tests still passing. If you would like from me to implement also
test cases to cover this feature, let me know. I see there are tests
for most of the recent features.
Please note, that the prerequisite for this feature is solving the bug
#2463 (openbsd compat glob), which makes sshd segfault with this patch
in kerberos library.
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2463
[Bug 2463] Conflict with openbsd compat glob() function in shared
libraries
Bug ID: 2468
Summary: Option to include external files to sshd_config
Product: Portable OpenSSH
Version: 7.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-***@mindrot.org
Reporter: ***@redhat.com
Depends on: 2463
Created attachment 2706
--> https://bugzilla.mindrot.org/attachment.cgi?id=2706&action=edit
proposed patch
This topic was discussed in few bugs (namely 1613, 2146, 1585) for
client side and the last one also contains patch that can be applied to
the current openssh. Having the same feature for server side makes the
same sense for me so I created patch also for server side.
To understand the main reason behind this feature, it is our
"system-wide crypto policy", which should allow us to enforce specific
security policies in uniform way over the most crypto tools in whole
system.
This feature will also allow us to have default drop-in directory,
which will also improve the packaging possibilities for third party
tools and will make possible to update main config without conflict
with changes made by users.
All tests still passing. If you would like from me to implement also
test cases to cover this feature, let me know. I see there are tests
for most of the recent features.
Please note, that the prerequisite for this feature is solving the bug
#2463 (openbsd compat glob), which makes sshd segfault with this patch
in kerberos library.
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2463
[Bug 2463] Conflict with openbsd compat glob() function in shared
libraries
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are receiving this mail because:
You are watching the assignee of the bug.