On Fri, Jun 20, 2025 at 11:53 AM Greg Wooledge <[email protected]> wrote: > > On Fri, Jun 20, 2025 at 11:40:59 -0400, Jeffrey Walton wrote: > > On Fri, Jun 20, 2025 at 11:30 AM <[email protected]> wrote: > > > > > > On Fri, Jun 20, 2025 at 11:06:51AM -0400, Jeffrey Walton wrote: > > > > On Fri, Jun 20, 2025 at 10:37 AM Greg Wooledge <[email protected]> > > > > wrote: > > > > > > > > > > On Fri, Jun 20, 2025 at 10:15:47 -0400, Jeffrey Walton wrote: > > > > > > SSH config files are located in /etc, too. But admins are expected > > > > > > to > > > > > > make changes to /etc/ssh/sshd_config.d/, and not > > > > > > /etc/ssh/sshd_config. > > > > > > > > > > That's definitely false. > > > > > > > > You will absolutely lose your sshd_config when the package is upgraded > > > > and you choose the maintainers version of the file. > > > > > > No. > > > > > > You will be asked, as for every conffile. > > > > Please don't do that selective quoting found in dumpster fires like > > social media: "... and you choose the maintainers version of the > > file." > > You're missing the point. The point is you are ASKED whether you want > to keep your modified conffile or replace it with the maintainer's > version. The DEFAULT is to keep your modified file.
I'm not going to argue the problems with this. > If you select to replace it, then sure, you'll "lose" your modifications, > except that they're actually saved for you (your modified file is simply > renamed), so you can still review it and manually edit the new file. I'm not going to argue the problems with this. > So, your argument is a straw man. You're saying that if you do a > sequence of bad things that are not the default, but something you've > explicitly chosen of your own free will, that your life will be slightly > less convenient. Sure, that's true. But you could also just NOT do > those things. I'm not going to argue the problems with this. > Also, the OTHER point you got wrong is where you claim "admins are > expected to make changes to *.d". That's simply incorrect. Admins > are expected to make changes to sshd_config just like they've always > done, ever since long before *.d was invented. That's why the packaging > system ASKS you about your modified conffile and protects it with > multiple layers of insurance. Unfortunately, I cannot find a Debian specific article on configuration directories. However, Red Hat has "Linux configuration: Understanding *.d directories in /etc," <https://www.redhat.com/en/blog/etc-configuration-directories>. Now that we have configuration directories, admins are expected to make their changes in them so: Instead of editing this single file each time an application is added or updated on the system, we separate the configuration for each application to a specific file. The point is, you don't want to do gyrations on updates, like copying fragments of an old config into a new config. > The entire system was designed and built around the idea that conffiles > would be hand edited and must be preserved. > > That includes sshd_config. Jeff
