Bug#942100: openssh-server: /etc/ssh/sshd_config unconditionally overwritten by update
> Port 22
That should have been
Port 2222
Additionally, when I reviewed the `permit-root-login` debconf settings against the postinst I got a bit confused.
In `create_sshdconfig` it says
if [ "$permit_root_login" != true ]; then
sed -i 's/^#*PermitRootLogin .*/PermitRootLogin yes/' \
"$new_config"
fi
My debconf setting for `$permit_root_login` is `true` so the `$new_config` is left untouched and has a
#PermitRootLogin prohibit-password
It took me a second think to realize that `prohibit-password` still permits root logins.
However, what left me dumb-founded was that if I were to change `permit-root-login` to any value other then `true`, even `false` or `no` (debconf says it's a boolean), that that would change `$new_config` to have
PermitRootLogin yes
FWIW, PermitRootLogin supports four values.
I find the debconf/postinst behavior *very* unintuitive, so I didn't change my debconf answers and put
PermitRootLogin no
in a `/etc/ssh/ssdh_config.d/*.conf` snippet so it takes precedence, per `man 5 sshd_config`, no matter how the postinst changes the `$new_config`.
Reply to: