openssh 1:7.4p1-5 just landed in zesty. Among the changes, from
1:7.4p1-1:
* Start handling /etc/ssh/sshd_config using ucf. The immediate motivation
for this is to deal with deprecations of options related to protocol 1,
but something like this has been needed for a long time (closes:
#419574, #848089):
- sshd_config is now a slightly-patched version of upstream's, and only
contains non-default settings (closes: #147201).
- I've included as many historical md5sums of default versions of
sshd_config as I could reconstruct from version control, but I'm sure
I've missed some.
- Explicitly synchronise the debconf database with the current
configuration file state in openssh-server.config, to ensure that the
PermitRootLogin setting is properly preserved.
- UsePrivilegeSeparation now defaults to the stronger "sandbox" rather
than "yes", per upstream.
Switching to the upstream configuration file has the effect (if
sshd_config was previously some stock version, or if the admin accepts
the ucf-prompted changes) of commenting out all the HostKey lines, at
which point sshd will default to a set including ed25519 and the
postinst will generate that host key. I think that addresses this bug
as thoroughly as is possible.
** Changed in: openssh (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: openssh (Ubuntu)
Assignee: (unassigned) => Colin Watson (cjwatson)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1300133
Title:
Generate ED25519 host keys on upgrade
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1300133/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
