On 6/11/21 4:55 PM, Thorsten Kukuk wrote:
On Fri, Jun 11, Michael Ströder wrote:
On 6/11/21 2:31 PM, Olaf Hering wrote:
Am Fri, 11 Jun 2021 12:00:40 +0000 schrieb Dominique Leuenberger <dimstar@suse.de>:
openssh
Be aware, this may lock you out of a remote system, depending on the configuration.
Zusätzliche rpm-Ausgabe: Updating /etc/sysconfig/ssh ... warning: /etc/ssh/sshd_config saved as /etc/ssh/sshd_config.rpmsave
@Olaf: Many thanks for the warning!
IMO this is the wrong approach.
That's the problem with %config files and RPM: depending on who made a change, it could be that our services get's broken or insecure. That's why you should always look for *.rpmsave and *.rpmnew files after an update...
On all my systems (three dozens) I'm maintaining sshd_config with ansible which uses SSH. The update leaves a non-functional sshd on my test systems: 1. /etc/ssh/sshd_config does not exist 2. /etc/ssh/ssh_config.d/ is empty 3. /usr/etc/ssh/sshd_config contains no authentication information usable on my systems (e.g. specific AuthorizedKeysFile, TrustedUserCAKeys). So the result of this update is a real hen-and-egg issue involving much manual action. :-( Ciao, Michael.