On Fri, Jun 20, 2025 at 11:40:59 -0400, Jeffrey Walton wrote: > On Fri, Jun 20, 2025 at 11:30 AM <[email protected]> wrote: > > > > On Fri, Jun 20, 2025 at 11:06:51AM -0400, Jeffrey Walton wrote: > > > On Fri, Jun 20, 2025 at 10:37 AM Greg Wooledge <[email protected]> wrote: > > > > > > > > On Fri, Jun 20, 2025 at 10:15:47 -0400, Jeffrey Walton wrote: > > > > > SSH config files are located in /etc, too. But admins are expected to > > > > > make changes to /etc/ssh/sshd_config.d/, and not /etc/ssh/sshd_config. > > > > > > > > That's definitely false. > > > > > > You will absolutely lose your sshd_config when the package is upgraded > > > and you choose the maintainers version of the file. > > > > No. > > > > You will be asked, as for every conffile. > > Please don't do that selective quoting found in dumpster fires like > social media: "... and you choose the maintainers version of the > file."
You're missing the point. The point is you are ASKED whether you want to keep your modified conffile or replace it with the maintainer's version. The DEFAULT is to keep your modified file. If you select to replace it, then sure, you'll "lose" your modifications, except that they're actually saved for you (your modified file is simply renamed), so you can still review it and manually edit the new file. So, your argument is a straw man. You're saying that if you do a sequence of bad things that are not the default, but something you've explicitly chosen of your own free will, that your life will be slightly less convenient. Sure, that's true. But you could also just NOT do those things. Also, the OTHER point you got wrong is where you claim "admins are expected to make changes to *.d". That's simply incorrect. Admins are expected to make changes to sshd_config just like they've always done, ever since long before *.d was invented. That's why the packaging system ASKS you about your modified conffile and protects it with multiple layers of insurance. The entire system was designed and built around the idea that conffiles would be hand edited and must be preserved. That includes sshd_config.
