Package: openssh-server Version: 1:8.7p1-1 Severity: important Dear maintainers,
In /etc/ssh/sshd_config the option "Subsystem sftp /usr/lib/openssh/sftp-server" is active by default. "man 5 sshd_config" states: "/etc/ssh/sshd_config.d/*.conf files are included at the start of the configuration file, so options set there will override those in /etc/ssh/sshd_config." However, after adding "Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO" to /etc/ssh/sshd_config.d/10-marcus-sshd-config.conf, the ssh server fails to start. Hence, my attempt to leave the original sshd_config untouched and move all my manually modified settings to a file parsed via the include directive results in a broken ssh server. Running "sshd -T" tells: /etc/ssh/sshd_config line 116: Subsystem 'sftp' already defined. This undocumented behaviour contradicts the statement of the man page cited above. I could not find any Debian bug report in the openssh-* packages regarding this issue (please forgive me if I missed it). In the end I dropped my new approach of using /etc/ssh/sshd_config.d/*.conf and went back to a manually modified /etc/ssh/sshd_config, until this issue is solved. By the way, after a brief search on the error message I found the same problem reported there as well: https://bugzilla.mindrot.org/show_bug.cgi?id=3236 (Thus, I used the same subject line as in the cited bug report.) Best regards, Marcus -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.14.0-3-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages openssh-server depends on: ii adduser 3.118 ii debconf [debconf-2.0] 1.5.79 ii dpkg 1.20.9 ii libaudit1 1:3.0.6-1 ii libc6 2.32-4 ii libcom-err2 1.46.4-1 ii libcrypt1 1:4.4.25-2 ii libgssapi-krb5-2 1.18.3-7 ii libkrb5-3 1.18.3-7 ii libpam-modules 1.4.0-10 ii libpam-runtime 1.4.0-10 ii libpam0g 1.4.0-10 ii libselinux1 3.1-3+b1 ii libssl1.1 1.1.1l-1 ii libsystemd0 249.5-2 ii libwrap0 7.6.q-31 ii lsb-base 11.1.0 ii openssh-client 1:8.7p1-1 ii openssh-sftp-server 1:8.7p1-1 ii procps 2:3.3.17-5 ii runit-helper 2.10.3 ii ucf 3.0043 ii zlib1g 1:1.2.11.dfsg-2 Versions of packages openssh-server recommends: ii libpam-systemd [logind] 249.5-2 pn ncurses-term <none> ii xauth 1:1.1-1 Versions of packages openssh-server suggests: pn molly-guard <none> pn monkeysphere <none> pn ssh-askpass <none> pn ufw <none> -- debconf information excluded