Univention Bugzilla – Bug 52577
allow more flexibility for ssh_config
Last modified: 2021-04-01 19:11:40 CEST
The template for /etc/ssh/ssh_config currently only allows to alter GSSAPIAuthentication based on UCRV. Every else is hardcoded. The specific customer request is to set "HashKnownHosts No" without modifying the template. While "HashKnownHosts" is a good idea from a security perspective we should try to avoid hard coded features and add flexibility also for features that might have been or will be added in upstream.
There is another customer, who asks to change configuration-parameters in ssh_config and doesn't want to make changes to the template files for beeing update-stable.
Debian has "Include /etc/ssh/ssh_config.d/*.conf" there, maybe we should do the same.