From 99a4563c1e9db8b7cc937a51ab22108dde551c29 Mon Sep 17 00:00:00 2001
From: Neil Greatorex <neil@greatorex.me.uk>
Date: Tue, 14 Jan 2025 15:34:43 +0000
Subject: [PATCH] system: allow custom additions to sshd_config (#8206)

---
 src/etc/inc/plugins.inc.d/openssh.inc | 1 +
 src/etc/ssh/sshd_config.d/README      | 5 +++++
 2 files changed, 6 insertions(+)
 create mode 100644 src/etc/ssh/sshd_config.d/README

diff --git a/src/etc/inc/plugins.inc.d/openssh.inc b/src/etc/inc/plugins.inc.d/openssh.inc
index 8d4c9c0d4..bf1230b54 100644
--- a/src/etc/inc/plugins.inc.d/openssh.inc
+++ b/src/etc/inc/plugins.inc.d/openssh.inc
@@ -158,6 +158,7 @@ function openssh_configure_do($verbose = false, $interface_map = null)
     $sshport = isset($sshcfg['port']) ? $sshcfg['port'] : 22;
 
     $sshconf = "# This file was automatically generated by /usr/local/etc/inc/plugins.inc.d/openssh.inc\n";
+    $sshconf .= 'Include /usr/local/etc/ssh/sshd_config.d/*.conf' . PHP_EOL;
     $sshconf .= "Port {$sshport}\n";
     $sshconf .= "Protocol 2\n";
     $sshconf .= "Compression yes\n";
diff --git a/src/etc/ssh/sshd_config.d/README b/src/etc/ssh/sshd_config.d/README
new file mode 100644
index 000000000..be1e2ff44
--- /dev/null
+++ b/src/etc/ssh/sshd_config.d/README
@@ -0,0 +1,5 @@
+# sshd_config overrides directory:
+# Add any overrides or additions to sshd_config in this directory
+#
+# These files will be included at the start of the configuration,
+# so options set in them will override those in the main sshd_config.