[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1074766: openssh-server: upgrading to openssh-server (1:9.2p1-2+deb12u3) resets /etc/ssh/sshd_config file without any prompt

Hello Colin,

Here is the output of apt/term.log:

Log started: 2024-07-02  00:04:13
(Reading database ... 64456 files and directories currently installed.)
Preparing to unpack .../openssh-sftp-server_1%3a9.2p1-2+deb12u3_amd64.deb ...
Unpacking openssh-sftp-server (1:9.2p1-2+deb12u3) over (1:9.2p1-2+deb12u2) ...
Preparing to unpack .../openssh-server_1%3a9.2p1-2+deb12u3_amd64.deb ...
Unpacking openssh-server (1:9.2p1-2+deb12u3) over (1:9.2p1-2+deb12u2) ...
Preparing to unpack .../openssh-client_1%3a9.2p1-2+deb12u3_amd64.deb ...
Unpacking openssh-client (1:9.2p1-2+deb12u3) over (1:9.2p1-2+deb12u2) ...
Setting up openssh-client (1:9.2p1-2+deb12u3) ...
Setting up openssh-sftp-server (1:9.2p1-2+deb12u3) ...
Setting up openssh-server (1:9.2p1-2+deb12u3) ...
Replacing config file /etc/ssh/sshd_config with new version
rescue-ssh.target is a disabled or a static unit not running, not starting it.
ssh.socket is a disabled or a static unit not running, not starting it.
Processing triggers for man-db (2.11.2-2) ...
Processing triggers for ufw (0.36.2-1) ...
Log ended: 2024-07-02  00:04:16

I've attached the sshd_config from my last week backup, I've just changed the port number I use to a random one.

I had the same problem on 4 different servers I upgraded last night. Maybe it's not related to openssh-server and I just noticed the problem on this package...

Also note that I've recently enabled apt-listchange prompting on all these servers:

cat /etc/apt/listchanges.conf
[apt]
frontend=pager
which=both
email_address=root
email_format=html
confirm=true
headers=false
reverse=false
save_seen=none
no_network=false

Here is the command I used to check and apply security updates:

sudo apt update && sudo apt dist-upgrade -V && sudo apt autoremove -y

Regards,

John Wellesz

On Tue, Jul 2, 2024 at 5:24 PM Colin Watson <cjwatson@debian.org> wrote:
On Tue, Jul 02, 2024 at 03:05:16PM +0000, John Wellesz wrote:
> I used apt upgrade to install the security update available for
>   openssh-server
>
>    * What was the outcome of this action?
>
> It overwrote /etc/ssh/sshd_config without promtping, erasing the custom settings
> and almost locking me out as a result (my custom port setting was gone
> as well as other changes I've made).
>
>    * What outcome did you expect instead?
>
> I expected to receive the usual prompt when a configuration file is
> modified asking me what I want to do but there was none.

We'll need to be able to reproduce this problem before being able to do
anything about it.  (I have a modified /etc/ssh/sshd_config on my own
stable system and it wasn't overwritten on upgrade.)

Can you please provide a copy of your modified /etc/ssh/sshd_config,
along with the output of the relevant apt run (which should be preserved
in /var/log/apt/term.log)?

--
Colin Watson (he/him)                              [cjwatson@debian.org]

Attachment: sshd_config
Description: Binary data

Reply to: