Marc's comment #3 seems plausible:
stirling:~/ubuntu/Openssh$ lxc exec u18 -- bash
root@u18:~# md5sum /etc/ssh/sshd_config
203e9b92fe3623aeba277ee44297f7dd /etc/ssh/sshd_config
root@u18:~# grep -c 203e9b92fe3623aeba277ee44297f7dd
/usr/share/openssh/sshd_config.md5sum
0
root@u18:~#
Looking at sshd_config on a fresh installed 18.04 lxc and a fresh 20.04,
the sshd_config files do indeed differ by exactly the diff shown during
upgrade (and provided in comment #2).
The md5sum checking was introduced in Debian on Dec 2016 with openssh
(1:7.4p1-1)
* Start handling /etc/ssh/sshd_config using ucf. The immediate motivation
for this is to deal with deprecations of options related to protocol 1,
but something like this has been needed for a long time (closes:
#419574, #848089):
- sshd_config is now a slightly-patched version of upstream's, and only
contains non-default settings (closes: #147201).
- I've included as many historical md5sums of default versions of
sshd_config as I could reconstruct from version control, but I'm sure
I've missed some.
- Explicitly synchronise the debconf database with the current
configuration file state in openssh-server.config, to ensure that the
PermitRootLogin setting is properly preserved.
- UsePrivilegeSeparation now defaults to the stronger "sandbox" rather
than "yes", per upstream.
It's implemented in openssh-server.postinst:
...
... sed statements to customize $new_config from upstream for debian
...
mkdir -p /etc/ssh
ucf --three-way --debconf-ok \
--sum-file /usr/share/openssh/sshd_config.md5sum \
"$new_config" /etc/ssh/sshd_config
ucfr openssh-server /etc/ssh/sshd_config
AFAICT the /usr/share/openssh/sshd_config.md5sum is identical on freshly
lxc'd 18.04 and 20.04.
Running the ucf command on a focal lxc container with the 18.04 and
20.04 sshd_config files captured from fresh lxc installs reproduces the
same debconf prompt about the changed config, and then issues this
output:
stirling:~/ubuntu/Openssh/fix-apt-misprompt$ sudo ucf --no-action --three-way
--debconf-ok --sum-file /usr/share/openssh/sshd_config.md5sum
./sshd_config.20.04 ./sshd_config.18.04
[sudo] password for bryce:
Replacing config file
/home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.18.04 with new version
cp -pf /home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.18.04
/home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.18.04.ucf-old
cp -pf /home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.20.04
/home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.18.04
cp -pf /var/lib/ucf/hashfile.6 /var/lib/ucf/hashfile.7
cp -pf /var/lib/ucf/hashfile.5 /var/lib/ucf/hashfile.6
cp -pf /var/lib/ucf/hashfile.4 /var/lib/ucf/hashfile.5
cp -pf /var/lib/ucf/hashfile.3 /var/lib/ucf/hashfile.4
cp -pf /var/lib/ucf/hashfile.2 /var/lib/ucf/hashfile.3
cp -pf /var/lib/ucf/hashfile.1 /var/lib/ucf/hashfile.2
cp -pf /var/lib/ucf/hashfile.0 /var/lib/ucf/hashfile.1
cp -pf /var/lib/ucf/hashfile /var/lib/ucf/hashfile.0
(egrep -v
"[[:space:]]\/home\/bryce\/ubuntu\/Openssh\/fix\-apt\-misprompt\/sshd_config\.18\.04$"
"/var/lib/ucf/hashfile"
md5sum "/home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.20.04" | sed
"s|/home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.20.04|/home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.18.04|";
) | sort > "/var/lib/ucf/hashfile"
cp -pf /home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.20.04
/var/lib/ucf/cache/:home:bryce:ubuntu:Openssh:fix-apt-misprompt:sshd_config.18.04
If I append the bionic sshd_config md5sum to the list and then check against
that, no prompt is displayed, with the following output:
$ (cat /usr/share/openssh/sshd_config.md5sum; sudo md5sum sshd_config.18.04 |
cut -d' ' -f1) > /tmp/sshd_config.md5sum
$ sudo ucf --no-action --three-way --debconf-ok --sum-file
/tmp/sshd_config.md5sum ./sshd_config.20.04 ./sshd_config.18.04
cp -pf /home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.20.04
/home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.18.04
cp -pf /var/lib/ucf/hashfile.6 /var/lib/ucf/hashfile.7
cp -pf /var/lib/ucf/hashfile.5 /var/lib/ucf/hashfile.6
cp -pf /var/lib/ucf/hashfile.4 /var/lib/ucf/hashfile.5
cp -pf /var/lib/ucf/hashfile.3 /var/lib/ucf/hashfile.4
cp -pf /var/lib/ucf/hashfile.2 /var/lib/ucf/hashfile.3
cp -pf /var/lib/ucf/hashfile.1 /var/lib/ucf/hashfile.2
cp -pf /var/lib/ucf/hashfile.0 /var/lib/ucf/hashfile.1
cp -pf /var/lib/ucf/hashfile /var/lib/ucf/hashfile.0
(egrep -v
"[[:space:]]\/home\/bryce\/ubuntu\/Openssh\/fix\-apt\-misprompt\/sshd_config\.18\.04$"
"/var/lib/ucf/hashfile"
md5sum "/home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.20.04" | sed
"s|/home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.20.04|/home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.18.04|";
) | sort > "/var/lib/ucf/hashfile"
cp -pf /home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.20.04
/var/lib/ucf/cache/:home:bryce:ubuntu:Openssh:fix-apt-misprompt:sshd_config.18.04
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861472
Title:
upgrade from fresh bionic to focal needlessly prompts user
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1861472/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
