Dear @dimstar , I would like to ask for clarification wrt certain openSSH package(s) on Tumbleweed which were introduced mistakenly in snapshot 20240515. Sorry if it is only me who doesn‘t get it 100% clear.
From the factory mailing list announcing snapshot 20240515:
==== openssh ====
Subpackages: openssh-clients openssh-common openssh-server
- Only for SLE15, restore the patch file removed in
Thu Feb 18 13:54:44 UTC 2021 to restore the previous behaviour
from SP5 of having root password login allowed by default
(fixes bsc#1223486, related to bsc#1173067):
- openssh-7.7p1-allow_root_password_login.patch
- Since the default value for this config option is now set to
permit root to use password logins in SLE15, the
openssh-server-config-rootlogin subpackage isn’t useful there so
we now create an openssh-server-config-disallow-rootlogin
subpackage that sets the configuration the other way around
than openssh-server-config-rootlogin.
And from the factory mailing list “Review of the weeks 2024/19 & 20”:
Snapshot 0515 containedt an openssh update, that mistakenly recommended
installation of the subpackage openssh-server-config-rootlogin; this
package has existed since the default configuration of openSSH was
changed to not permit root login anymore, so admins could easily switch
it back on. Due to an error, this had been triggered for automatic
installation. This has since been corrected and a version of openssh-
server was published to the update channel, which is NOT recommended.
Please check your installation and remove the package again, should it
be installed and you don’t need it (we can’t auto-remove it without
breaking users that explicitly wanted it)
Could you please state again 100% clear which package should be present and which one should be deleted?
Sorry for asking, and a big thank you in advance. I feel SSH is really sensitive nowadays to warrant such a clarification …