Dividing the Configuration into Several Files

It is possible to divide the Tectia Server configuration into several files. You can define external XML files containing sub-configurations for example with department-specific or user-group-specific settings. This can make the configuration easier to manage as it is in smaller parts, and the sub-configuration files can be used repeatedly in several places.


Configuration files consisting of several XML-files must be maintained manually, because split configuration files cannot be edited with the Tectia Server Configuration GUI.

The sub-configuration files must be declared as external SYSTEM entities within the DOCTYPE element of the ssh-server-config.xml file. For example the entity-name below:

<!DOCTYPE secsh-server SYSTEM
   "/opt/tectia/share/auxdata/ssh-server-ng/ssh-server-ng-config-1.dtd" [

   <!ENTITY entity-name SYSTEM "sub-config-file.xml">

The defined entity can then be used in the main configuration file instead of defining all the settings there. The server configuration will read the contents of the sub-configuration file in the place of the entity. So the sub-configuration file contents must be designed so that they produce a valid XML structure in the ssh-server-config.xml file.

In this example we have a sub-configuration file named group-example-rules.xml, located in sub-directory subconfigs/, and with the following contents:

<terminal action="deny" />
<subsystem type="sftp" application="sft-server-g3" chroot="%homedir%" />
<tunnel-agent action="deny" />
<tunnel-x11 action="deny" />
<tunnel-local action="deny" />
<tunnel-remote action="deny" />

In the example below, we first declare the sub-configuration file (and its location) as an external entity in the beginning of the ssh-server-config.xml file, and then use the group-A-rules entity in the actual configuration as follows:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE secsh-server SYSTEM
   "/opt/tectia/share/auxdata/ssh-server-ng/ssh-server-ng-config-1.dtd" [
  <!ENTITY group-A-rules SYSTEM "subconfigs/group-example-rules.xml">
    <group name="example">
         <user-group name="example"/> 
     <rule group="example">