Bug#1039866: openssh-server: bookworm config enforces outdated extern sftp-server, unable to override
Package: openssh-server
Version: 1:9.2p1-2
Severity: normal
Dear Maintainer,
after upgrading to bookworm, sshd did not come up again. The reason is
that the config file now enforces the usage of the outdated sftp-server
subsystem, and this is not overridable.
Please consider NOT enforcing a specific sftp implementation (going with
the defaults and letting users override it in separate4 conf files), or,
if it has to be done, make it easier to override it, or possibly default
to the modern "internal-sftp" implementation which allows chroot (and thus
provides better defense-in-dpeth in most cases).
Thanks for your work!
-- System Information:
Debian Release: 12.0
APT prefers stable-security
APT policy: (990, 'stable-security'), (990, 'stable'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'oldstable-debug'), (500, 'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, x32
Kernel: Linux 6.1.35-schmorp (SMP w/24 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_USER, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages openssh-server depends on:
ii adduser 3.134
ii debconf [debconf-2.0] 1.5.82
ii init-system-helpers 1.65.2
ii libaudit1 1:3.0.9-1
ii libc6 2.36-9
ii libcom-err2 1.47.0-2
ii libcrypt1 1:4.4.33-2
ii libgssapi-krb5-2 1.20.1-2
ii libkrb5-3 1.20.1-2
ii libpam-modules 1.5.2-6
ii libpam-runtime 1.5.2-6
ii libpam0g 1.5.2-6
ii libselinux1 3.4-1+b6
ii libssl3 3.0.9-1
ii libsystemd0 252.6-1
ii libwrap0 7.6.q-32
ii lsb-base 11.6
ii openssh-client 1:9.2p1-2
ii openssh-sftp-server 1:9.2p1-2
ii procps 2:4.0.2-3
ii runit-helper 2.15.2
ii sysvinit-utils [lsb-base] 3.06-4
ii ucf 3.0043+nmu1
ii zlib1g 1:1.2.13.dfsg-1
Versions of packages openssh-server recommends:
ii libpam-systemd [logind] 252.6-1
ii ncurses-term 6.4-4
ii xauth 1:1.1.2-1
Versions of packages openssh-server suggests:
pn molly-guard <none>
pn monkeysphere <none>
ii ssh-askpass 1:1.2.4.1-16
pn ufw <none>
-- debconf information excluded
Reply to: