tech-userlevel: Re: ssh config path change (/etc -> /etc/ssh)

Subject: Re: ssh config path change (/etc -> /etc/ssh)
To: None <itojun@iijlab.net>
From: Robert Elz <kre@munnari.OZ.AU>
List: tech-userlevel
Date: 03/12/2002 15:45:15

    Date:        Tue, 12 Mar 2002 11:54:22 +0900
    From:        itojun@iijlab.net
    Message-ID:  <19705.1015901662@itojun.org>

  | >Are you sure this was the right thing to do?
  | 	yes.

I agree, they should always have been in /etc/ssh/* ...

But I don't think

	warning: move your ssh config files

is an adequate response to the problems it causes (however detailed
the warning is made).   It would be OK if the files had moved in -current
and were now being moved back again, but that isn't what's happening.

What's needed is for rc.d/sshd to look see if /etc/ssh exists and is
populated.  If not, and the /etc/ssh* files exist, they should be moved
(along with whatever other renaming is agreed).   Obviously this happens
just once (but the "exists and is populated" test will succeed after that,
so leaving the code around costs almost nothing).

The code in rc.d/sshd that does this needs to remain there stable through
2 full releases (ie: it can go again in 1.8 or whatever else the thing
which would naturally be 1.8 gets called).   It should be there in both
1.6 (what is -current now) and in 1.7 (the next major release after the
coming one - however far away that might be).  "stable" means that if the
locations or names should change again then the period starts again (and
the code gets messier to deal with more possibilities - so settle upon
the naming that is going to be kept, now).

It isn't crucial that the rc.d/sshd script appear today (even though sshd
has been changed already) - -current users should be able to cope with the
warning.  What is important is that it exists (for long enough to have
been tested in many different environments) before 1.6 is released.

If no-one else wants to do it, I'm prepared to do the script mods, but only
after the question of the final names for the scripts is settled, forever,
one way or the other.   (I don't card what they're called, I'd be just as
happy with /etc/ssh/client and /etc/ssh/daemon for what are ssh[._]config and
sshd[._]config ...)   Of course, coping with ssh_conf_dir being set in the
rc.conf is part of this...

kre