Modify sshd configuration

LLiebermann · September 3, 2023, 6:16pm

Hello,

I modified the file /usr/etc/ssh/sshd_config before I read the line:

# Don't edit this configuration file itself if possible to avoid update
# problems.

I rolled back the changes using snapper with undochange and created the file /usr/etc/ssh/sshd_config.d/sshd_config.conf with the changes I wanted to make. However, the stat command still shows that I modified the /usr/etc/ssh/sshd_config file.

I’m new to linux, and I wanted to ask whether this could cause problems with future updates?

sfalken · September 3, 2023, 6:30pm

I don’t know about the stat issue with the changed file, but you should be putting your local changes in /etc/ssh/sshd_config.d/foo.conf

/etc is for local changes
/usr/etc is where the defaults go

It probably works fine, as there isn’t an RPM providing /usr/etc/ssh/sshd_config.d/sshd_config.conf so it won’t get overwritten on update, but if you modify anything in /usr/etc that is provided by a package, it will get overwritten.

awerlang · September 3, 2023, 7:50pm

That’s because undochange just copies a file over. You might force install openssh-server to replace this copy. Check for *.{rpmsave,rpmnew} on that directory. I like to use sudo rpmconf -a (from the same named package) to see a diff or pick the maintainer version of files.

LLiebermann · September 4, 2023, 5:36pm

Thank you for your help. If anyone should have the same question as I had, here is the documentation: https://en.opensuse.org/openSUSE:Packaging_UsrEtc#openssh

I’ll try that

LLiebermann · September 5, 2023, 10:56am

sudo zypper install --force openssh-server

It worked as far as I can tell.

hcvv · September 5, 2023, 11:02am

To avoid such embarrassments in the future, always first make a copy of an installed configuration file before you change it:

cp some.conf some.conf-save

or the like.