On Tue, Jan 24, 2017 at 09:40:10AM +0100, Santiago Vila wrote: > File /etc/ssh/sshd_config says: > > # The strategy used for options in the default sshd_config shipped with > # OpenSSH is to specify options with their default value where > # possible, but leave them commented. Uncommented options override the > # default value. > > but this is a little bit confusing for "HostKey". The default in stretch > (once the version in unstable propagates to testing) will be like this: > > #HostKey /etc/ssh/ssh_host_rsa_key > #HostKey /etc/ssh/ssh_host_ecdsa_key > #HostKey /etc/ssh/ssh_host_ed25519_key > > The reasonable behaviour, I think, is that if I uncomment one or more > of those lines, then only the uncommented lines will be used and not > the "default set", but based on the above comment it is not very clear > that this is what will happen.
That is exactly what will happen. > So: Would not be better to have those lines uncommented, for clarity? This commentary is unchanged from the upstream sshd_config, apart from deleting "#HostKey /etc/ssh/ssh_host_dsa_key". Would you mind forwarding it upstream yourself, to https://bugzilla.mindrot.org/ ? (I can do so if you can't, but my experience is that "discussion"-type bugs work better when filed by the original reporter, since I don't then have to try to channel your views or forward comments back and forward.) > (This may also simplify the logic that handles upgrades, which in theory, > should preserve user configuration from jessie). I now just use ucf and leave that up to the sysadmin if there's anything complicated, rather than trying to have custom logic to do it. Thanks, -- Colin Watson [[email protected]]
