While the last blog entries were about cycling, I would like to start with Solaris centric blog entries as well. My plan is to write without a planned schedule about new features and changes in Solaris 11. As the last blog entries about Solaris 11 features are already a few years old, there are quite a number of changes in Solaris 11. I won’t write a daily article … more like once or twice a week at max probably. Whenever i have time. I don’t want have it fizzling out again after a month or so …
I would like to start with a simple one. I would call this a very helpful change in the default configuration of Solaris 11. In /etc/ssh/sshd_config and /etc/ssh/ssh_config the last line of the default configuration right out of the package is now an include fetching everything out of a directory. For sshd it includes /etc/ssh/sshd_config.d/*.conf and for ssh it will does the same for /etc/ssh/ssh_config.d/*.conf
This makes the delivery of additional ssh configurations with scripts, packages or your preferred automation framework a little bit easier, because you can just drop some files in those directories.
However keep in mind:
- The Files are included at the end.
- And the include statement of ssh includes the files in lexical order.
For global parametersm, openssh only takes the first definition it finds.So the configuration in those included files doesn’t override the configuration in the main configuration file. Perhaps a good idea to prevent for example an admin to drop a file that allows root logins via ssh via puppet and ruin your compliance checks. Furthermore, if a value is set in multiple files in that directory, the value in the lexically first takes precedence over all values.
