On 20/10/2023 00:14, Doug Hardie wrote:
On Oct 19, 2023, at 16:16, Miroslav Lachman <[email protected]> wrote:
On 19/10/2023 21:26, Tomoaki AOKI wrote:
On Thu, 19 Oct 2023 19:53:08 +0000
Miroslav Lachman <[email protected]> wrote:
[..]
It is hackery workaround. freebsd-update must not overwrite user
modified files without safe merge of conflicts. yet it did it in the
past, for example pf.conf and some other vital files.
Kind regards
Miroslav Lachman
I don't think it hackery.
What should have been is that default sshf_config to be
in /etc/defaults and /etc/defaults/rc.conf points to it, and anyone
needs custom settings to create sshd_config in /etc/ssh (or in
somewhere else), like rc.conf case.
I don't think /etc/ssh/sshd_config is the default not intended to be edited. I
am on FreeBSD from 4.x times and it was always supposed to be modifed by users
and was handled by mergemaster or etcupdate. If freebsd-update cannot deal with
it then it is a bug in freebsd-update.
All in all pre-installed /etc/ssh/sshd_config has almost everything commented
out because defaults are built in.
While that has been the norm since 2.5, it does have a significant problem that
changes to sshd configuration variables do not get incorporated into updated
systems easily. Yes, mergemaster will somewhat show you the new configuration
items, they are not always obvious and are very easy to ignore. There was one
update to sshd that caused it not to function without the new variable. I
don't recall the version or variable anymore, but it caused me days of problems
trying to figure out why I couldn't connect to my servers.
And there was a problem with documented and shipped variable no longer
works causing sshd failed to start after reboot:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209441
There always will be cases when something break badly.
I believe that adding a couple lines of sh code to the end of sshd.conf would
cause it to read /usr/local/etc/sshd.conf and avoid those issues. That is done
in other places in the rc process.
I don't have sshd.conf on my system but I you mean sshd_config it is not
parsed / interpreted by sh. It is passed directly to sshd.
Kind regards
Miroslav Lachman
