Re: bookworm upgrade report: boring

To: debian-user@lists.debian.org
Subject: Re: bookworm upgrade report: boring
From: Celejar <celejar@gmail.com>
Date: Tue, 13 Jun 2023 12:50:38 -0400
Message-id: <[🔎] 20230613125038.e1c0bde90afd1f84e96c1f1c@gmail.com>
In-reply-to: <[🔎] 20230613144636.GB44728@cventin.lip.ens-lyon.fr>
References: <[🔎] 20230611163131.reivtfc7lslpaedu@randomstring.org> <[🔎] 20230612085054.a4f883794a43ee4e745fc1e9@gmail.com> <[🔎] 12062023175438.8d6b82c1ba4b@desktop.copernicus.org.uk> <[🔎] 20230612133302.91f83ab5e40e0b87ed3c68e6@gmail.com> <[🔎] 20230613144636.GB44728@cventin.lip.ens-lyon.fr>

On Tue, 13 Jun 2023 16:46:36 +0200
Vincent Lefevre <vincent@vinc17.net> wrote:

> On 2023-06-12 13:33:02 -0400, Celejar wrote:
> > Often, but apparently not always. For example, on one of my upgrades,
> > the old sshd_config had:
> > 
> > **********
> > # Change to yes to enable challenge-response passwords (beware issues with
> > # some PAM modules and threads)
> > ChallengeResponseAuthentication no
> > **********
> > 
> > whereas the new one had:
> > 
> > **********
> > # Change to yes to enable challenge-response passwords (beware issues with
> > # some PAM modules and threads)
> > KbdInteractiveAuthentication no
> > **********
> 
> In the /usr/share/doc/openssh-server/changelog.Debian.gz file:
> 
> openssh (1:8.7p1-1) unstable; urgency=medium
> [...]
>     - ssh(1)/sshd(8): remove references to ChallengeResponseAuthentication
>       in favour of KbdInteractiveAuthentication. The former is what was in
>       SSHv1, the latter is what is in SSHv2 (RFC4256) and they were treated
>       as somewhat but not entirely equivalent. We retain the old name as a
>       deprecated alias so configuration files continue to work as well as a
>       reference in the man page for people looking for it.

Thanks.

> > Is this important?
> 
> If the alias is still there, this is not important. Otherwise, either
> the option could be ignored (so you get the default), possibly with a
> warning, or there could be a fatal error (but you would have noticed
> it); I don't know how sshd behaves in case of an unknown option.
> 
> But in any case, I would recommend to update the config.

That's indeed what I did.

> > What would have happened had I left the old version,
> > as opposed to switching to the new version? Presumably nothing, since
> > I'm using the safer default setting in either case, and I suppose I
> > could have taken the time to track down the change and its
> > implications, but running into these types of situations while
> > upgrading can be disconcerting.
> > 
> > > and reject the package version offered. Less stressful and speeds up
> > > the installation. If necessary, I investigate afterwards.
> > 
> > This is probably the logical thing to do, but I'm always worried that
> > there may be new settings that should be set, and so on.
> 
> I always look at the diffs (I track all the config files I modify),
> and sometimes at the logs too. In general, I do some kind of merge.

This is of course the responsible thing to do - my point was that these
types of situations can make upgrading not quite as boring as the OP's
experience :)

-- 
Celejar

Reply to:

References:
- bookworm upgrade report: boring
  - From: Dan Ritter <dsr@randomstring.org>
- Re: bookworm upgrade report: boring
  - From: Celejar <celejar@gmail.com>
- Re: bookworm upgrade report: boring
  - From: Brian <ad44@cityscape.co.uk>
- Re: bookworm upgrade report: boring
  - From: Celejar <celejar@gmail.com>
- Re: bookworm upgrade report: boring
  - From: Vincent Lefevre <vincent@vinc17.net>

Prev by Date: Re: bookworm upgrade report: boring
Next by Date: bookworm display power management issue
Previous by thread: Re: bookworm upgrade report: boring
Next by thread: Re: bookworm upgrade report: boring
Index(es):
- Date
- Thread