Your message dated Mon, 24 Feb 2020 00:35:31 +0000 with message-id <[email protected]> and subject line Bug#845315: fixed in openssh 1:8.2p1-3 has caused the Debian Bug report #845315, regarding support for /etc/ssh/ssh_config.d/*.conf ? to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 845315: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845315 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: openssh-client Version: 1:7.3p1-3+b1 Hi folks, would it be possible to support a line Include /etc/ssh/ssh_config.d/*.conf in /etc/ssh/ssh_config? This would allow to keep local settings separate from the defaults provided by ssh_config. Very important to avoid conflicts on package updates. Plus it would be possible for other packages to adjust the default ssh client configuration, eg. for freeipa-client. This scheme has proven to be very successful, for example in zabbix-agent, sudo, apt, mysql, ... BTW, config include files should be read in alphabetic sequence (LANG=C). Thanx in advance Harri
--- End Message ---
--- Begin Message ---Source: openssh Source-Version: 1:8.2p1-3 Done: Colin Watson <[email protected]> We believe that the bug you reported is fixed in the latest version of openssh, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Colin Watson <[email protected]> (supplier of updated openssh package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 23 Feb 2020 13:30:01 +0000 Source: openssh Architecture: source Version: 1:8.2p1-3 Distribution: unstable Urgency: medium Maintainer: Debian OpenSSH Maintainers <[email protected]> Changed-By: Colin Watson <[email protected]> Closes: 275458 631189 845315 951220 951582 951640 Changes: openssh (1:8.2p1-3) unstable; urgency=medium . * Reupload with -sa to work around confusion with 1:8.2p1-1 being in NEW. . openssh (1:8.2p1-2) unstable; urgency=medium . * Move ssh-sk-helper into openssh-client rather than shipping it in a separate package. The extra library dependencies are pretty small, so it doesn't seem worth bloating the Packages file. Suggested by Bastian Blank. . openssh (1:8.2p1-1) unstable; urgency=medium . * New upstream release (https://www.openssh.com/txt/release-8.2, closes: #951582): - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures (i.e. the client and server CASignatureAlgorithms option) and will use the rsa-sha2-512 signature algorithm by default when the ssh-keygen(1) CA signs new certificates. - ssh(1), sshd(8): Remove diffie-hellman-group14-sha1 from the default key exchange proposal for both the client and server. - ssh-keygen(1): The command-line options related to the generation and screening of safe prime numbers used by the diffie-hellman-group-exchange-* key exchange algorithms have changed. Most options have been folded under the -O flag. - sshd(8): The sshd listener process title visible to ps(1) has changed to include information about the number of connections that are currently attempting authentication and the limits configured by MaxStartups. - Add support for FIDO/U2F hardware authenticators. - ssh-keygen(1): Add a "no-touch-required" option when generating FIDO-hosted keys, that disables their default behaviour of requiring a physical touch/tap on the token during authentication. Note: not all tokens support disabling the touch requirement. - sshd(8): Add a sshd_config PubkeyAuthOptions directive that collects miscellaneous public key authentication-related options for sshd(8). At present it supports only a single option "no-touch-required". This causes sshd to skip its default check for FIDO/U2F keys that the signature was authorised by a touch or press event on the token hardware. - ssh(1), sshd(8), ssh-keygen(1): Add a "no-touch-required" option for authorized_keys and a similar extension for certificates. This option disables the default requirement that FIDO key signatures attest that the user touched their key to authorize them, mirroring the similar PubkeyAuthOptions sshd_config option. - ssh-keygen(1): Add support for the writing the FIDO attestation information that is returned when new keys are generated via the "-O write-attestation=/path" option. FIDO attestation certificates may be used to verify that a FIDO key is hosted in trusted hardware. OpenSSH does not currently make use of this information, beyond optionally writing it to disk. - Add support for FIDO2 resident keys. - sshd(8): Add an Include sshd_config keyword that allows including additional configuration files via glob(3) patterns (closes: #631189). - ssh(1)/sshd(8): Make the LE (low effort) DSCP code point available via the IPQoS directive. - ssh(1): When AddKeysToAgent=yes is set and the key contains no comment, add the key to the agent with the key's path as the comment. - ssh-keygen(1), ssh-agent(1): Expose PKCS#11 key labels and X.509 subjects as key comments, rather than simply listing the PKCS#11 provider library path. - ssh-keygen(1): Allow PEM export of DSA and ECDSA keys. - sshd(8): When clients get denied by MaxStartups, send a notification prior to the SSH2 protocol banner according to RFC4253 section 4.2 (closes: #275458). - ssh(1), ssh-agent(1): When invoking the $SSH_ASKPASS prompt program, pass a hint to the program to describe the type of desired prompt. The possible values are "confirm" (indicating that a yes/no confirmation dialog with no text entry should be shown), "none" (to indicate an informational message only), or blank for the original ssh-askpass behaviour of requesting a password/phrase. - ssh(1): Allow forwarding a different agent socket to the path specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to accepting an explicit path or the name of an environment variable in addition to yes/no. - ssh-keygen(1): Add a new signature operations "find-principals" to look up the principal associated with a signature from an allowed-signers file. - sshd(8): Expose the number of currently-authenticating connections along with the MaxStartups limit in the process title visible to "ps". - sshd(8): Make ClientAliveCountMax=0 have sensible semantics: it will now disable connection killing entirely rather than the current behaviour of instantly killing the connection after the first liveness test regardless of success. - sshd(8): Clarify order of AllowUsers / DenyUsers vs AllowGroups / DenyGroups in the sshd(8) manual page. - sshd(8): Better describe HashKnownHosts in the manual page. - sshd(8): Clarify that that permitopen=/PermitOpen do no name or address translation in the manual page. - sshd(8): Allow the UpdateHostKeys feature to function when multiple known_hosts files are in use. When updating host keys, ssh will now search subsequent known_hosts files, but will add updated host keys to the first specified file only. - All: Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. - sftp(1): Fix a race condition in the SIGCHILD handler that could turn in to a kill(-1). - sshd(8): Fix a case where valid (but extremely large) SSH channel IDs were being incorrectly rejected. - ssh(1): When checking host key fingerprints as answers to new hostkey prompts, ignore whitespace surrounding the fingerprint itself. - All: Wait for file descriptors to be readable or writeable during non-blocking connect, not just readable. Prevents a timeout when the server doesn't immediately send a banner (e.g. multiplexers like sslh). - sshd_config(5): Document the [email protected] key exchange algorithm. * Add more historical md5sums of /etc/ssh/sshd_config between 1:7.4p1-1 and 1:7.8p1-1 inclusive (closes: #951220). * ssh(1): Explain that -Y is equivalent to -X in the default configuration (closes: #951640). * Include /etc/ssh/ssh_config.d/*.conf from /etc/ssh/ssh_config and /etc/ssh/sshd_config.d/*.conf from /etc/ssh/sshd_config (closes: #845315). Checksums-Sha1: 6b2d760e407d66abc925608ea02918aaecf60dd0 3342 openssh_8.2p1-3.dsc f4ff0b48bd4ea5b10a12bbd93a8e7abda761500f 173988 openssh_8.2p1-3.debian.tar.xz d1ab35a93507321c5db885e02d41ce1414f0507c 1701197 openssh_8.2p1.orig.tar.gz d3814ab57572c13bdee2037ad1477e2f7c51e1b0 683 openssh_8.2p1.orig.tar.gz.asc Checksums-Sha256: 78c26e23d7258237c69502a12d25f1e1598274ef789e5fc5faef9b801fddbf5c 3342 openssh_8.2p1-3.dsc 427f68ab8dbfa1b70c742490d7edf565cc1ced2969854a5777b9b8dc7e9fd8f0 173988 openssh_8.2p1-3.debian.tar.xz 43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671 1701197 openssh_8.2p1.orig.tar.gz 4f358bb57cb5446a7a8bf986ff5cd835fd1e03f33561df883dfd3f893cd6fe86 683 openssh_8.2p1.orig.tar.gz.asc Files: 0f9db36ab2aed3e898aa1a2f8dda3db6 3342 net standard openssh_8.2p1-3.dsc d7573df7de8d81abf1c47d692e795138 173988 net standard openssh_8.2p1-3.debian.tar.xz 3076e6413e8dbe56d33848c1054ac091 1701197 net standard openssh_8.2p1.orig.tar.gz 8501565a766e1a50a7e6179079f3c671 683 net standard openssh_8.2p1.orig.tar.gz.asc -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAl5TFKMACgkQOTWH2X2G UAv6TQ//bC29/uoHiZPAWpGhrl1UUv6P56fkIdKsApQlydkNWohwKlxYbutye0pc BVl3Q9jIclXt2kKgudTpTJNXlpJgoTnhQWwBotUKN9WPNPwsr7f1OM1hROth0Gw7 x7GnwD3BUycwtcjk6FY3m/L/k443nIAfTwNcIqHZ+Lvb+egIQdx8a1WXRhGxWeqK gF1UNdhrQJ56zzI5/Dvz9ut0YzCXqljvexuygZYUDbKsmvn2Zzr91xh5i0ahEYwU Kz/+4ma5QHu+U0ggh1ceHnpjkO5Aop2XaxEpkD7m7w7eAOlhEe2+5ng0MH66XzEz Rf9Avh/wVD9p3zdYVCYGMCoOkoHttjjFQKZYXGY9cQIMiwkhO9B3bKz5T1AXhBIk te81q2Wr4bx/+AULiD5+TmNSaYJzd3sOjQkmH0P3f+3CwtkeKMKWstScQbuA3fkj 7kxn/wb7ConVazBdeqpP0UI/260Jx6oeWXU3OoU2tngcPeoLtAQEk5UuE0Rw53yE T1bc23ODkAjn5eVPYNlWu4Q85D5RAzHFZ3ALTT0FT6m5tzpGkGtHWae9J50R2g0+ ndLXY0T1iLce1HgjHxXVhHzY4qjOa3bLFE5YiHjEZvQlBMPTabvPzqaXSeo76oOV NPdkDsMZsFtFflEEoE7LJzTDQJHuqJSYZAwhai3P0UnkmH5vkXg= =DKtX -----END PGP SIGNATURE-----
--- End Message ---
