Date: Thu, 19 Oct 2023 17:14:35 -0700 From: Doug Hardie <bc979@lafn.org> To: Miroslav Lachman <000.fbsd@quip.cz> Cc: Tomoaki AOKI <junchoon@dec.sakura.ne.jp>, stable@freebsd.org Subject: Re: FreeBSD Errata Notice FreeBSD-EN-23:09.freebsd-update [REVISED] Message-ID: <DAC7D065-F7C5-4DDC-AC45-71478D82EF63@sermon-archive.info> In-Reply-To: <14ed5f0c-9dbc-48d6-959c-750f2db726d4@quip.cz> References: <20231003230335.0B92113333@freefall.freebsd.org> <aaabb189-b0df-4bd2-94d2-12d407b080b1@twcny.rr.com> <E5535DBD-9199-4151-A485-119E5CD02EA2@libassi.se> <765ea31d-8f07-4916-b6fd-ba220dec80dc@inoc.net> <c0a1d1b3-171b-443d-bedb-a5a8938219eb@quip.cz> <20231020062618.9618dcfd42b083720d5dbd12@dec.sakura.ne.jp> <14ed5f0c-9dbc-48d6-959c-750f2db726d4@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Oct 19, 2023, at 16:16, Miroslav Lachman <000.fbsd@quip.cz> wrote: >=20 > On 19/10/2023 21:26, Tomoaki AOKI wrote: >> On Thu, 19 Oct 2023 19:53:08 +0000 >> Miroslav Lachman <000.fbsd@quip.cz> wrote: >=20 > [..] >=20 >>> It is hackery workaround. freebsd-update must not overwrite user >>> modified files without safe merge of conflicts. yet it did it in the >>> past, for example pf.conf and some other vital files. >>>=20 >>> Kind regards >>> Miroslav Lachman >> I don't think it hackery. >> What should have been is that default sshf_config to be >> in /etc/defaults and /etc/defaults/rc.conf points to it, and anyone >> needs custom settings to create sshd_config in /etc/ssh (or in >> somewhere else), like rc.conf case. >=20 > I don't think /etc/ssh/sshd_config is the default not intended to be = edited. I am on FreeBSD from 4.x times and it was always supposed to be = modifed by users and was handled by mergemaster or etcupdate. If = freebsd-update cannot deal with it then it is a bug in freebsd-update. > All in all pre-installed /etc/ssh/sshd_config has almost everything = commented out because defaults are built in. While that has been the norm since 2.5, it does have a significant = problem that changes to sshd configuration variables do not get = incorporated into updated systems easily. Yes, mergemaster will = somewhat show you the new configuration items, they are not always = obvious and are very easy to ignore. There was one update to sshd that = caused it not to function without the new variable. I don't recall the = version or variable anymore, but it caused me days of problems trying to = figure out why I couldn't connect to my servers. I believe that adding a couple lines of sh code to the end of sshd.conf = would cause it to read /usr/local/etc/sshd.conf and avoid those issues. = That is done in other places in the rc process. -- Doug=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DAC7D065-F7C5-4DDC-AC45-71478D82EF63>