--- Begin Message ---
Package: openssh-server
Version: 1:8.4p1-3
Severity: wishlist
sshd works very well without /etc/ssh/sshd_config, using just
the defaults, so I wonder if the openssh-server package should
provide /etc/ssh/sshd_config at all?
Providing and maintaining a (sparse) /etc/ssh/sshd_config could
be the responsibility of the local admin, if he likes to override
the default config. /usr/share/openssh/sshd_config would provide
a sample configuration.
This could help to avoid a lot of conflicts at upgrade time, esp.
for changed comment lines in /usr/share/openssh/sshd_config.
Just a suggestion, of course.
Regards
Harri
--- End Message ---
--- Begin Message ---
Control: tag -1 wontfix
On Fri, Feb 12, 2021 at 09:19:01AM +0100, Harald Dunkel wrote:
> sshd works very well without /etc/ssh/sshd_config, using just
> the defaults, so I wonder if the openssh-server package should
> provide /etc/ssh/sshd_config at all?
While it may appear to minimally work, the default sshd_config includes
some policy (particularly enabling PAM, but also a few other things)
that are part of how sshd is supposed to run in Debian. I don't intend
to ship sshd without that.
It's true that it would be technically possible to patch these into sshd
as modified server defaults, but (with the hopefully-temporary exception
of reverting some upstream IPQoS changes) this is not something we
generally prefer to do. I have three reasons for this:
* In my experience, our users tend to find compiled-in modifications
less clear than having a default sshd_config that indicates the
distribution's changes to sshd's defaults.
* I would find it more effort to maintain such patches on an ongoing
basis.
* Some of Debian's defaults couldn't be reversed by an admin in
sshd_config if they were compiled into sshd (in particular the
changes to Include, AcceptEnv, and Subsystem), so keeping them in the
configuration file is essential to make it possible for admins to
undo these if they need to.
Thanks,
--
Colin Watson (he/him) [cjwatson@debian.org]
--- End Message ---