Apparently, an update to “openssh” and “openssh-server” did:
moved ssh_config to ssh_config.rpmsave ### but it did not provide a new ssh_config
moved sshd_config to sshd_config.rpmsave ### but it did not provide a new sshd_config
Last night, after the update, I ran “rpmconfigcheck” and it failed to tell me about this change.
This is probably a bug – a bug in the update procedure and a bug in “rpmconfigcheck”. I may eventually report that. But I would first like to see if it was discussed on the factory mailing list. Unfortunately, when I check the mailing list archives, I get a server error.
In the meantime, if you are using Tumbleweed and depend on “ssh”, you might want to check for this possible problem.
This issue has been discussed on the factory mailing list. For example:
On Fri, 2021-06-11 at 15:59 +0200, Michael Ströder wrote:On 6/11/21 2:31 PM, Olaf Hering wrote:[INDENT]Am Fri, 11 Jun 2021 12:00:40 +0000
schrieb Dominique Leuenberger <dimstar@suse.de>:
[INDENT]openssh
Be aware, this may lock you out of a remote system, depending on the configuration.
Zusätzliche rpm-Ausgabe:
Updating /etc/sysconfig/ssh …
warning: /etc/ssh/sshd_config saved as /etc/ssh/sshd_config.rpmsave
[/INDENT] @Olaf: Many thanks for the warning!
IMO this is the wrong approach.
[/INDENT]
In pam we had pre/posttrans scriptlets covering the user from falling
into this trap. This should also be done in openssh, like the example
on
After reading this thread I came upon this: http://dominique.leuenberger.net/blog/2021/06/opensuse-tumbleweed-review-of-the-week-2021-23/
There it states: “OpenSSH: move of the distro default config to /usr/etc. Admin config is supposed to be in /etc. Make sure to check the .rpmsave files after the update. Best to put config snippets in /etc/ssh/sshd_config.d/*.conf files to inherit distro config changes”
I guess I should work out how to use “/etc/ssh/ssh_config.d”. The man pages don’t mention it.
The man page mentions Include and default sshd_config now Includes files from this directory. Of course if you replaced default sshd_config with your own you will miss it.
Wooops, I did that… I guess I should have known better. I would hate to not have physical access to my Tumbleweed box rn or I would have lost my machine FOREVER.
Sorry, but it is this not kind of like blaming the user? Kind of like in Hitchhiker’s Guide when the notice that your house is going to be demolished is located on another planet, and it’s your fault for not reading it. But then you see the paper and it actually makes no mention of it.