Bug#852400: openssh-server: Strategy used for HostKey options in sshd_config

To: Debian BTS <submit@bugs.debian.org>
Subject: Bug#852400: openssh-server: Strategy used for HostKey options in sshd_config
From: Santiago Vila <sanvila@unex.es>
Date: Tue, 24 Jan 2017 09:40:10 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.20.1701240910220.25753@cantor.unex.es>
Reply-to: Santiago Vila <sanvila@unex.es>, 852400@bugs.debian.org

Package: openssh-server
Version: 1:7.4p1-5

Hello Colin.

File /etc/ssh/sshd_config says:

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

but this is a little bit confusing for "HostKey". The default in stretch
(once the version in unstable propagates to testing) will be like this:

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

The reasonable behaviour, I think, is that if I uncomment one or more
of those lines, then only the uncommented lines will be used and not
the "default set", but based on the above comment it is not very clear
that this is what will happen.

So: Would not be better to have those lines uncommented, for clarity?

(This may also simplify the logic that handles upgrades, which in theory,
should preserve user configuration from jessie).

Thanks.

Reply to:

Follow-Ups:
- Bug#852400: openssh-server: Strategy used for HostKey options in sshd_config
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Processed: Bug is also in the version in stretch
Next by Date: Re: Bug#852172: dpkg: insecure use of temp file when upgrading conf file
Previous by thread: Processed: Bug is also in the version in stretch
Next by thread: Bug#852400: openssh-server: Strategy used for HostKey options in sshd_config
Index(es):
- Date
- Thread