On Mon, Jul 27, 2015 at 4:54 PM, Matthew Miller
<mattdm(a)fedoraproject.org> wrote:
On Mon, Jul 27, 2015 at 03:49:55PM -0600, Chris Murphy wrote:
> > I like this too, but editing sshd_config is more than a bit scary.
> Not the user, the GUI asks a service to do the editing COW style -
> write out a .new and once that succeeds, then rename current to old
> and new to current.
Yes, I assumed that. What if there is an existing configuration?
It would always use /etc/ssh/sshd_config whether it's the default
installed, or a user modified one. The GUI Remote Login toggle would
toggle both sshd.service stop/start/enable/disable states, and
AllowUsers list. So something has to be able to parse this file.
Maybe PAM can be leveraged for this, since sshd_config defers to PAM
already for authentication. So sshd could just ask PAM rather than
modifying sshd_config directly.
--
Chris Murphy