Subject: Re: ssh config path change (/etc -> /etc/ssh))
To: Patrick Welche <prlw1@newn.cam.ac.uk>
From: Jim Bernard <jbernard@mines.edu>
List: tech-security
Date: 03/15/2002 10:58:24
On Fri, Mar 15, 2002 at 04:32:04PM +0000, Patrick Welche wrote:
> And I got a bad surprise when I set sshd_conf_dir="/etc" in rc.conf and
> when the machine was accidently rebooted, sshd couldn't find /etc/sshd.conf
> as sshd_conf_dir isn't passed to sshd.. cf bin/15912

  Unfortunately, there doesn't seem to be any way to get a complete
change of the config directory in the startup script.  You can change
the config file on the command line, and you can change the host-key file(s)
on the command line (or in the config file), but you can't change the
location of the known_hosts file (at least according to the man page and
the example config file); I haven't checked the code recently).  So, you
really need to modify the program (pathnames.h) if you want to be able to
move the full collection of ssh-related files to a non-default location.
See PR 12473 (now closed).

  If you want to make the location of the ssh config/key/etc. files configurable
at build time via /etc/mk.conf, you can change crypto/dist/ssh/pathnames.h
via something like:

Change:
#define SSHDIR				ETCDIR "/ssh"

to:
#ifdef SSH_CONF_DIR
#define SSHDIR				SSH_CONF_DIR
#else
#define SSHDIR				ETCDIR "/ssh"
#endif

and define SSH_CONF_DIR in /etc/mk.conf.  But you _must_ make sure your
value of sshd_conf_dir in /etc/rc.conf matches what you used in /etc/mk.conf.
This is clearly not ideal, but until/unless ssh and friends are modified to
permit run-time specification of the locations of all the files they read,
this seems to be the only alternative to living with the default (which,
by the way, I'm now delighted with, since it means I can throw away the
local patches I've been maintaining to move the files into /etc/ssh).