[GRLUG] sshd_config

[Grand Rapids Linux Users Group]

On Tue, Jan 11, 2022 at 01:08:16PM -0600, Grand Rapids Linux Users Group wrote:
> 
> Installed a different distro recently, .. and /etc/ssh only had .d
> directories:
> 
> drwxr-xr-x 1 root root    0 Jan  7 10:46 ssh_config.d
> drwxr-xr-x 1 root root    0 Jan  9 14:50 sshd_config.d/
> 
> Which, of course, were empty; the only sshd_config on the system was:
> 
> 	/usr/etc/ssh/sshd_config
> 
> Which SHOULD be the "global configuration", BUT it gets clobbered if ssh
> is updated! Normally, one would expect the NEW version to be
> sshd_config.distnew and not overrite, but not the case.
> 
> Any experience with using ssh_config.d properly? Can't find anyting on
> point.
> 
> 	Thanks!

Those directories aren't used unless the `ssh_config` or `sshd_config`
that is in use contain a corresponding `Include` directive.

>From sshd_config(5):

     Include
             Include the specified configuration file(s).
             Multiple pathnames may be specified and each
             pathname may contain glob(7) wildcards that
             will be expanded and processed in lexical or‐
             der.  Files without absolute paths are as‐
             sumed to be in /etc/ssh.  An Include direc‐
             tive may appear inside a Match block to per‐
             form conditional inclusion.

Also from that man page on my system:

     Note that the Debian openssh-server package sets sev‐
     eral options as standard in /etc/ssh/sshd_config
     which are not the default in sshd(8):

           •   Include /etc/ssh/sshd_config.d/*.conf
           •   ChallengeResponseAuthentication no
           •   X11Forwarding yes
           •   PrintMotd no
           •   AcceptEnv LANG LC_*
           •   Subsystem sftp /usr/lib/openssh/sftp-server
           •   UsePAM yes