Your message dated Sat, 5 Nov 2022 21:02:35 +0000 with message-id <[email protected]> and subject line Re: Bug#1023509: openssh-server: suggestion about (default) sshd_config and sshd_config.d has caused the Debian Bug report #1023509, regarding openssh-server: suggestion about (default) sshd_config and sshd_config.d to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 1023509: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023509 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: openssh-server Version: 1:9.0p1-1+b2 Severity: wishlist Dear Maintainer, I think the current state is a bit confusing because the Include directive is at the very beguining of the file before some commented (default) setting that could suggest administrator to edit there. And so, doing this, does this override any sshd_config.d contents? If it is just some sort of self-documented for the Debian default setting, it could be elsewhere, no? Why not then providing an almost empty sshd_config that just includes sshd_config.d and have a sample file in this folder with all the current commented content. Regards, Patrice -- System Information: Debian Release: bookworm/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-0-amd64 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages openssh-server depends on: ii adduser 3.129 ii debconf [debconf-2.0] 1.5.79 ii dpkg 1.21.9+b1 ii init-system-helpers 1.65.2 ii libaudit1 1:3.0.7-1.1+b1 ii libc6 2.36-4 ii libcom-err2 1.46.6~rc1-1+b1 ii libcrypt1 1:4.4.30-1 ii libgssapi-krb5-2 1.20-1+b1 ii libkrb5-3 1.20-1+b1 ii libpam-modules 1.5.2-5 ii libpam-runtime 1.5.2-5 ii libpam0g 1.5.2-5 ii libselinux1 3.4-1+b2 ii libssl3 3.0.7-1 ii libsystemd0 252-2 ii libwrap0 7.6.q-31 ii openssh-client 1:9.0p1-1+b2 ii openssh-sftp-server 1:9.0p1-1+b2 ii procps 2:3.3.17-7.1 ii runit-helper 2.15.0 ii sysvinit-utils [lsb-base] 3.05-6 ii ucf 3.0043 ii zlib1g 1:1.2.11.dfsg-4.1 Versions of packages openssh-server recommends: ii libpam-systemd [logind] 252-2 ii ncurses-term 6.3+20220423-2 ii xauth 1:1.1.1-1 Versions of packages openssh-server suggests: pn molly-guard <none> pn monkeysphere <none> pn ssh-askpass <none> pn ufw <none> -- debconf information excluded
--- End Message ---
--- Begin Message ---Control: tag -1 wontfix On Sat, Nov 05, 2022 at 06:32:25PM +0100, Patrice Duroux wrote: > I think the current state is a bit confusing because the Include directive is > at the very beguining of the file before some commented (default) setting that > could suggest administrator to edit there. > > And so, doing this, does this override any sshd_config.d contents? See "man sshd_config": For each keyword, the first obtained value will be used. [...] /etc/ssh/sshd_config.d/*.conf files are included at the start of the configuration file, so options set there will override those in /etc/ssh/sshd_config. The behaviour of Include does sometimes confuse people, but it's the way it's designed upstream and wouldn't be sensible to change now. Given its behaviour, the current layout is the only way it can sensibly work. > If it is just some sort of self-documented for the Debian default setting, it > could be elsewhere, no? > > Why not then providing an almost empty sshd_config that just includes > sshd_config.d and have a sample file in this folder with all the current > commented content. It's intentionally mainly the upstream file with just a few Debian-specific tweaks. I don't really see an advantage to the rearrangement you suggest, and it would cause annoying churn to people's configuration file maintenance; closing. And from your follow-up message: > My motivation here is related to the point 1. of the following issue: > https://github.com/EXALAB/AnLinux-App/issues/397 > The current is to overwrite the /etc/ssh/sshd_config by a file that contents > only: > PermitRootLogin yes > > So putting that file in /etc/ssh/sshd_config.d should do the job > but I don't know what could be the result if the /etc/ssh/sshd_config content > the opposite in the following of the Include directive. As explained in "man sshd_config", if you add any /etc/ssh/sshd_config.d/*.conf files then they will override /etc/ssh/sshd_config. Thanks, -- Colin Watson (he/him) [[email protected]]
--- End Message ---
