This patch adds the prosibility to place additional *.config files in /etc/ssh/sshd_config.d/ which will be included and loaded during the daemon startup process.
Because this files will not be overwritten by any update, they can be used to place custom or other persistent settings.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- config/rootfiles/common/openssh | 1 + config/ssh/sshd_config | 3 +++ lfs/openssh | 4 ++++ 3 files changed, 8 insertions(+)
diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh index f7b479f55..d25651348 100644 --- a/config/rootfiles/common/openssh +++ b/config/rootfiles/common/openssh @@ -8,6 +8,7 @@ etc/ssh/ssh_config #etc/ssh/ssh_host_rsa_key #etc/ssh/ssh_host_rsa_key.pub etc/ssh/sshd_config +etc/ssh/sshd_config.d usr/bin/scp usr/bin/sftp usr/bin/ssh diff --git a/config/ssh/sshd_config b/config/ssh/sshd_config index e338f8cef..ce74cb851 100644 --- a/config/ssh/sshd_config +++ b/config/ssh/sshd_config @@ -57,4 +57,7 @@ TCPKeepAlive no # Add support for SFTP Subsystem sftp /usr/lib/openssh/sftp-server
+# Include additional sshd config files. +Include /etc/ssh/sshd_config.d/*.conf + # EOF diff --git a/lfs/openssh b/lfs/openssh index c14c8267c..b1c9a1635 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -91,5 +91,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) install -v -m 644 $(DIR_SRC)/config/ssh/ssh_config \ /etc/ssh/ssh_config
+ # Create directory for additional config + # config files. + mkdir -pv /etc/ssh/sshd_config.d/ + @rm -rf $(DIR_APP) @$(POSTBUILD)
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- config/backup/include | 1 + 1 file changed, 1 insertion(+)
diff --git a/config/backup/include b/config/backup/include index f0708c87f..0bf9440d3 100644 --- a/config/backup/include +++ b/config/backup/include @@ -10,6 +10,7 @@ etc/logrotate.d etc/passwd etc/shadow etc/ssh/sshd_config +etc/ssh/sshd_config.d etc/ssh/ssh_host* etc/squid/squid.conf.local etc/squid/squid.conf.pre.local
Thank you Stefan.
I believe that we need to merge this patch set and use it to load the legacy RSA key on systems that still have one.
We currently hard-code this into the configuration file, but then we then don’t generate the key any more on new installations.
I will send a patch for this, and this change will need to go into Core Update 190.
Best, -Michael
On 7 Dec 2024, at 15:04, Stefan Schantl stefan.schantl@ipfire.org wrote:
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
config/backup/include | 1 + 1 file changed, 1 insertion(+)
diff --git a/config/backup/include b/config/backup/include index f0708c87f..0bf9440d3 100644 --- a/config/backup/include +++ b/config/backup/include @@ -10,6 +10,7 @@ etc/logrotate.d etc/passwd etc/shadow etc/ssh/sshd_config +etc/ssh/sshd_config.d etc/ssh/ssh_host* etc/squid/squid.conf.local etc/squid/squid.conf.pre.local -- 2.45.2