[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#241496: openssh-server: Still seen 5 years later

On Wed, Mar 30, 2011 at 11:49:48AM +0300, Phil Carmody wrote:
> I performed the upgrade to 1:5.5p1-6 months ago, I don't know what
> version I was coming from. All I know is that my customised
> sshd_config was overwritten during the upgrade. As this 'upgrade'
> resulted in the opening of world-facing ports against my will, I 
> consider it to not just be a grave error as it's not just a loss 
> of data, but also a security issue.

The previous comments from Matthew and myself in this bug still stand.
Please provide:

  * /var/log/dpkg.log* (which may show what version you were coming
  * the output of 'debconf-show openssh-server'
  * /etc/ssh/sshd_config
  * any other /etc/ssh/sshd_config.* files, especially

> Chatting with a debian dev, the idea of this possibly being a 
> dpkg bug was mentioned. Has that possibility been looked into at
> all?

I don't know whom you were speaking to, but that seems highly unlikely
here; /etc/ssh/sshd_config is managed by the openssh-server maintainer
scripts, not by dpkg as some configuration files are.  In any event,
this wouldn't be a productive first line of investigation - if it were
true, we'd arrive at it by other means.


Colin Watson                                       [cjwatson@debian.org]

Reply to: