Package: openssh-server Version: 1:9.2p1-2+deb12u2 Severity: normal X-Debbugs-Cc: Vagrant Cascadian <vagr...@reproducible-builds.org>
The default sshd_config sources configuration snippets from /etc/ssh/sshd_config.d/*.conf in the earliest entry in the configuration, but then defines some Debian defaults after this, which makes the Debian defaults hard to override with sshd_config.d/*.conf snippets, such as X11Forwarding. I see two fairly simple general fixes: 1) Specify /etc/ssh/sshd_config.d/*.conf as the last line in the file. A possible minor downside is people might be more inclined to uncomment some of the default entries, rather than adding a snippet in the .d directory. 2) Define all debian-specific configuration options in /etc/ssh/sshd_config.d/debian.conf or similar, and leave all options in /etc/ssh/sshd_config commented out. Alternately, a separate file for each overridden option might be specifyable, e.g. /etc/ssh/sshd_config.d/x11forwarding.conf live well, vagrant
signature.asc
Description: PGP signature