Your message dated Thu, 08 Feb 2024 14:41:51 -0800 with message-id <87mssapoi8.fsf@contorta> and subject line Re: Bug#1063488: openssh-server: unable to override sshd_config defined options with sshd_config.d snippets has caused the Debian Bug report #1063488, regarding openssh-server: unable to override sshd_config defined options with sshd_config.d snippets to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1063488: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063488 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: openssh-server: unable to override sshd_config defined options with sshd_config.d snippets
- From: Vagrant Cascadian <vagrant@reproducible-builds.org>
- Date: Thu, 08 Feb 2024 12:59:00 -0800
- Message-id: <[🔎] 87plx6pt9n.fsf@contorta>
Package: openssh-server Version: 1:9.2p1-2+deb12u2 Severity: normal X-Debbugs-Cc: Vagrant Cascadian <vagrant@reproducible-builds.org> The default sshd_config sources configuration snippets from /etc/ssh/sshd_config.d/*.conf in the earliest entry in the configuration, but then defines some Debian defaults after this, which makes the Debian defaults hard to override with sshd_config.d/*.conf snippets, such as X11Forwarding. I see two fairly simple general fixes: 1) Specify /etc/ssh/sshd_config.d/*.conf as the last line in the file. A possible minor downside is people might be more inclined to uncomment some of the default entries, rather than adding a snippet in the .d directory. 2) Define all debian-specific configuration options in /etc/ssh/sshd_config.d/debian.conf or similar, and leave all options in /etc/ssh/sshd_config commented out. Alternately, a separate file for each overridden option might be specifyable, e.g. /etc/ssh/sshd_config.d/x11forwarding.conf live well, vagrantAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 1063488-done@bugs.debian.org
- Subject: Re: Bug#1063488: openssh-server: unable to override sshd_config defined options with sshd_config.d snippets
- From: Vagrant Cascadian <vagrant@reproducible-builds.org>
- Date: Thu, 08 Feb 2024 14:41:51 -0800
- Message-id: <87mssapoi8.fsf@contorta>
- In-reply-to: <[🔎] 87plx6pt9n.fsf@contorta>
- References: <[🔎] 87plx6pt9n.fsf@contorta>
On 2024-02-08, Vagrant Cascadian wrote: > The default sshd_config sources configuration snippets from > /etc/ssh/sshd_config.d/*.conf in the earliest entry in the > configuration, but then defines some Debian defaults after this, which > makes the Debian defaults hard to override with sshd_config.d/*.conf > snippets, such as X11Forwarding. Welllll... my intuition was wrong about sshd_config; the first entry that is read takes precedence (unless it supports multiple entries, like Port), as noted in an older debian bug about the same issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014234#10 I also confirmed that this works as documented with "sshd -T". Marking as done, sorry for the noise. live well, vagrantAttachment: signature.asc
Description: PGP signature
--- End Message ---