Date: Tue, 7 Jan 2014 09:05:00 GMT From: David Cecchin <dcecchin@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/185546: freebsd-update can modify sshd and lock you out of your system Message-ID: <201401070905.s07950tT069008@oldred.freebsd.org> Resent-Message-ID: <201401070910.s079A0sP074498@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 185546 >Category: misc >Synopsis: freebsd-update can modify sshd and lock you out of your system >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jan 07 09:10:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: David Cecchin >Release: 9.1-RELEASE to 9.2-RELEASE >Organization: >Environment: FreeBSD sanction.local 9.2-RELEASE FreeBSD 9.2-RELEASE #0 r255898: Thu Sep 26 22:50:31 UTC 2013 root@bake.isc.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 >Description: I think this is a usability bug: When upgrading a system for example from FreeBSD 9.1 to 9.2 with these instructions: http://www.freebsd.org/releases/9.2R/installation.html I was locked out of my FreeBSD system. The freebsd-update process made some changes to my sshd configuration: 51 <<<<<<< current version 52 AuthorizedKeysFile› .ssh/authorized_keys 53 ======= 54 55 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 56 #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 57 58 #AuthorizedPrincipalsFile none 59 60 #AuthorizedKeysCommand none 61 #AuthorizedKeysCommandUser nobody 62 >>>>>>> 9.2-RELEASE Now of course the changes are on lines 51, 53 and 62 were read in by sshd as invalid parameters and stopped sshd from starting on reboot. This isn't an issue for things like ntp.conf which will just simply print a warning to syslog, but for critical services such as sshd, it will stop the service from starting. If adding these markers is necessary why don't you at very least put a # in front of them. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401070905.s07950tT069008>