Feature #15199
closedUnable to add user defined options to /etc/ssh/sshd_config due to its dynamic nature and no UI to add additional configuration options
0%
Description
In order to run a user with scponly privileges
(see: https://forum.netgate.com/topic/185794/there-s-absolutely-no-useful-documentation-on-user-system-copy-files-to-home-directory-chrooted-scp )
I would need to add these lines to /etc/ssh/sshd_config
Match User username
ChrootDirectory /home/username
ForceCommand internal-sftp
But I can't. I'm sure there are other reasons why someone might want to add options there, but since the file is dynamically created when the system boots, there's not much one can meaningfully change there, much less in a way that's persistent with saving and restoring a system configuration.
Updated by Ronald Antony 9 months ago
So, looking at /etc/sshd I find this section:
/* Apply package SSHDCond settings if config file exists */
if (file_exists("/etc/sshd_extra")) {
$fdExtra = fopen("/etc/sshd_extra", 'r');
$szExtra = fread($fdExtra, 1048576); // Read up to 1MB from extra file
$sshconf .= $szExtra;
fclose($fdExtra);
}
which, if I interpret it correctly, means that the contents of a file /etc/sshd_extra
is appended to /etc/ssh/sshd_config
, if it exists, a thing easy enough to do, BUT...
1) without UI this means very likely that what ever one puts into that file will not be backed up with the system configuration
2) what's package " SSHDCond "? It doesn't improve matters, if I put things in /etc/sshd_extra
but then some (what?) package potentially stomps on it...
Updated by Jim Pingle 9 months ago
- Status changed from New to Rejected
- Priority changed from High to Normal
The sshd_extra
file method is there for customizing directives. It was added for the sshdcond package but that package was removed long ago and so there isn't anything else using it now except users doing so with custom content. If a package like that were added again in the future it would be more likely to add a separate plugin system style means of adding config and not the old method of including files so there is no real danger of anything else stepping on that file.
As for backups, there are already packages that backup files outside of the configuration for these sorts of cases.