Bug#1039866: openssh-server: bookworm config enforces outdated extern sftp-server, unable to override

Wed, 28 Jun 2023 17:30:15 -0700 

Package: openssh-server
Version: 1:9.2p1-2
Severity: normal

Dear Maintainer,

after upgrading to bookworm, sshd did not come up again. The reason is
that the config file now enforces the usage of the outdated sftp-server
subsystem, and this is not overridable.

Please consider NOT enforcing a specific sftp implementation (going with
the defaults and letting users override it in separate4 conf files), or,
if it has to be done, make it easier to override it, or possibly default
to the modern "internal-sftp" implementation which allows chroot (and thus
provides better defense-in-dpeth in most cases).

Thanks for your work!

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (990, 'stable-security'), (990, 'stable'), (500, 
'unstable-debug'), (500, 'testing-debug'), (500, 'oldstable-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, x32

Kernel: Linux 6.1.35-schmorp (SMP w/24 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_USER, TAINT_WARN, 
TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssh-server depends on:
ii  adduser                    3.134
ii  debconf [debconf-2.0]      1.5.82
ii  init-system-helpers        1.65.2
ii  libaudit1                  1:3.0.9-1
ii  libc6                      2.36-9
ii  libcom-err2                1.47.0-2
ii  libcrypt1                  1:4.4.33-2
ii  libgssapi-krb5-2           1.20.1-2
ii  libkrb5-3                  1.20.1-2
ii  libpam-modules             1.5.2-6
ii  libpam-runtime             1.5.2-6
ii  libpam0g                   1.5.2-6
ii  libselinux1                3.4-1+b6
ii  libssl3                    3.0.9-1
ii  libsystemd0                252.6-1
ii  libwrap0                   7.6.q-32
ii  lsb-base                   11.6
ii  openssh-client             1:9.2p1-2
ii  openssh-sftp-server        1:9.2p1-2
ii  procps                     2:4.0.2-3
ii  runit-helper               2.15.2
ii  sysvinit-utils [lsb-base]  3.06-4
ii  ucf                        3.0043+nmu1
ii  zlib1g                     1:1.2.13.dfsg-1

Versions of packages openssh-server recommends:
ii  libpam-systemd [logind]  252.6-1
ii  ncurses-term             6.4-4
ii  xauth                    1:1.1.2-1

Versions of packages openssh-server suggests:
pn  molly-guard   <none>
pn  monkeysphere  <none>
ii  ssh-askpass   1:1.2.4.1-16
pn  ufw           <none>

-- debconf information excluded

Reply via email to