Your message dated Sun, 23 Feb 2020 19:00:20 +0000 with message-id <[email protected]> and subject line Bug#845315: fixed in openssh 1:8.2p1-1 has caused the Debian Bug report #845315, regarding support for /etc/ssh/ssh_config.d/*.conf ? to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 845315: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845315 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: openssh-client Version: 1:7.3p1-3+b1 Hi folks, would it be possible to support a line Include /etc/ssh/ssh_config.d/*.conf in /etc/ssh/ssh_config? This would allow to keep local settings separate from the defaults provided by ssh_config. Very important to avoid conflicts on package updates. Plus it would be possible for other packages to adjust the default ssh client configuration, eg. for freeipa-client. This scheme has proven to be very successful, for example in zabbix-agent, sudo, apt, mysql, ... BTW, config include files should be read in alphabetic sequence (LANG=C). Thanx in advance Harri
--- End Message ---
--- Begin Message ---Source: openssh Source-Version: 1:8.2p1-1 Done: Colin Watson <[email protected]> We believe that the bug you reported is fixed in the latest version of openssh, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Colin Watson <[email protected]> (supplier of updated openssh package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 21 Feb 2020 16:36:37 +0000 Source: openssh Binary: openssh-client openssh-server openssh-sftp-server openssh-sk-helper openssh-tests ssh ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: all amd64 source Version: 1:8.2p1-1 Distribution: unstable Urgency: medium Maintainer: Debian OpenSSH Maintainers <[email protected]> Changed-By: Colin Watson <[email protected]> Closes: 275458 631189 845315 951220 951582 951640 Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot openssh-sk-helper - OpenSSH helper for FIDO authenticator support openssh-tests - OpenSSH regression tests ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad Changes: openssh (1:8.2p1-1) unstable; urgency=medium . * New upstream release (https://www.openssh.com/txt/release-8.2, closes: #951582): - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures (i.e. the client and server CASignatureAlgorithms option) and will use the rsa-sha2-512 signature algorithm by default when the ssh-keygen(1) CA signs new certificates. - ssh(1), sshd(8): Remove diffie-hellman-group14-sha1 from the default key exchange proposal for both the client and server. - ssh-keygen(1): The command-line options related to the generation and screening of safe prime numbers used by the diffie-hellman-group-exchange-* key exchange algorithms have changed. Most options have been folded under the -O flag. - sshd(8): The sshd listener process title visible to ps(1) has changed to include information about the number of connections that are currently attempting authentication and the limits configured by MaxStartups. - Add support for FIDO/U2F hardware authenticators. - ssh-keygen(1): Add a "no-touch-required" option when generating FIDO-hosted keys, that disables their default behaviour of requiring a physical touch/tap on the token during authentication. Note: not all tokens support disabling the touch requirement. - sshd(8): Add a sshd_config PubkeyAuthOptions directive that collects miscellaneous public key authentication-related options for sshd(8). At present it supports only a single option "no-touch-required". This causes sshd to skip its default check for FIDO/U2F keys that the signature was authorised by a touch or press event on the token hardware. - ssh(1), sshd(8), ssh-keygen(1): Add a "no-touch-required" option for authorized_keys and a similar extension for certificates. This option disables the default requirement that FIDO key signatures attest that the user touched their key to authorize them, mirroring the similar PubkeyAuthOptions sshd_config option. - ssh-keygen(1): Add support for the writing the FIDO attestation information that is returned when new keys are generated via the "-O write-attestation=/path" option. FIDO attestation certificates may be used to verify that a FIDO key is hosted in trusted hardware. OpenSSH does not currently make use of this information, beyond optionally writing it to disk. - Add support for FIDO2 resident keys. - sshd(8): Add an Include sshd_config keyword that allows including additional configuration files via glob(3) patterns (closes: #631189). - ssh(1)/sshd(8): Make the LE (low effort) DSCP code point available via the IPQoS directive. - ssh(1): When AddKeysToAgent=yes is set and the key contains no comment, add the key to the agent with the key's path as the comment. - ssh-keygen(1), ssh-agent(1): Expose PKCS#11 key labels and X.509 subjects as key comments, rather than simply listing the PKCS#11 provider library path. - ssh-keygen(1): Allow PEM export of DSA and ECDSA keys. - sshd(8): When clients get denied by MaxStartups, send a notification prior to the SSH2 protocol banner according to RFC4253 section 4.2 (closes: #275458). - ssh(1), ssh-agent(1): When invoking the $SSH_ASKPASS prompt program, pass a hint to the program to describe the type of desired prompt. The possible values are "confirm" (indicating that a yes/no confirmation dialog with no text entry should be shown), "none" (to indicate an informational message only), or blank for the original ssh-askpass behaviour of requesting a password/phrase. - ssh(1): Allow forwarding a different agent socket to the path specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to accepting an explicit path or the name of an environment variable in addition to yes/no. - ssh-keygen(1): Add a new signature operations "find-principals" to look up the principal associated with a signature from an allowed-signers file. - sshd(8): Expose the number of currently-authenticating connections along with the MaxStartups limit in the process title visible to "ps". - sshd(8): Make ClientAliveCountMax=0 have sensible semantics: it will now disable connection killing entirely rather than the current behaviour of instantly killing the connection after the first liveness test regardless of success. - sshd(8): Clarify order of AllowUsers / DenyUsers vs AllowGroups / DenyGroups in the sshd(8) manual page. - sshd(8): Better describe HashKnownHosts in the manual page. - sshd(8): Clarify that that permitopen=/PermitOpen do no name or address translation in the manual page. - sshd(8): Allow the UpdateHostKeys feature to function when multiple known_hosts files are in use. When updating host keys, ssh will now search subsequent known_hosts files, but will add updated host keys to the first specified file only. - All: Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. - sftp(1): Fix a race condition in the SIGCHILD handler that could turn in to a kill(-1). - sshd(8): Fix a case where valid (but extremely large) SSH channel IDs were being incorrectly rejected. - ssh(1): When checking host key fingerprints as answers to new hostkey prompts, ignore whitespace surrounding the fingerprint itself. - All: Wait for file descriptors to be readable or writeable during non-blocking connect, not just readable. Prevents a timeout when the server doesn't immediately send a banner (e.g. multiplexers like sslh). - sshd_config(5): Document the [email protected] key exchange algorithm. * Add more historical md5sums of /etc/ssh/sshd_config between 1:7.4p1-1 and 1:7.8p1-1 inclusive (closes: #951220). * ssh(1): Explain that -Y is equivalent to -X in the default configuration (closes: #951640). * Include /etc/ssh/ssh_config.d/*.conf from /etc/ssh/ssh_config and /etc/ssh/sshd_config.d/*.conf from /etc/ssh/sshd_config (closes: #845315). Checksums-Sha1: 292b9744ed64aad746d45861d0960a0c88b0156d 3406 openssh_8.2p1-1.dsc d1ab35a93507321c5db885e02d41ce1414f0507c 1701197 openssh_8.2p1.orig.tar.gz d3814ab57572c13bdee2037ad1477e2f7c51e1b0 683 openssh_8.2p1.orig.tar.gz.asc 3783ae7208865ee1afdbfea4a0923ec338b3c07c 174008 openssh_8.2p1-1.debian.tar.xz 0bf85be8ef3542842d4bc793590d8a414540c5d8 3678100 openssh-client-dbgsym_8.2p1-1_amd64.deb 0e1ef83e4d236e921ce3a64fb56a4c82287555e2 293744 openssh-client-udeb_8.2p1-1_amd64.udeb dfc3143bf75a9e66ade5bf63a66a6d97fdc208cc 879648 openssh-client_8.2p1-1_amd64.deb d275741c0b3a313c24d697f74c42695b6e332942 1080492 openssh-server-dbgsym_8.2p1-1_amd64.deb efd8d7cb0304c60c667a3e8f7c265c2abb311e28 318236 openssh-server-udeb_8.2p1-1_amd64.udeb 344612e06ef8548f2d3212585b2af3edb7090756 377768 openssh-server_8.2p1-1_amd64.deb 7ac95e6befa7abcd06e0fcd8e1ab99a37aaf8faf 165652 openssh-sftp-server-dbgsym_8.2p1-1_amd64.deb 44a88d9b666f3498e0aa97c9ca860202a28fa3de 50888 openssh-sftp-server_8.2p1-1_amd64.deb d2558312e66d335e5ef99e7cecc72a29e860391d 297932 openssh-sk-helper-dbgsym_8.2p1-1_amd64.deb 17912295024a3cc1c848917968908f4a2c65070e 111892 openssh-sk-helper_8.2p1-1_amd64.deb 13deb2c7ca84fa7140a19b800b7ba00bc4932364 2381024 openssh-tests-dbgsym_8.2p1-1_amd64.deb 9c264e58b942d577e44b02aec147878c7044de25 909288 openssh-tests_8.2p1-1_amd64.deb 344ac63c864276d897756a5d483b143f6efa5240 18110 openssh_8.2p1-1_amd64.buildinfo 13a4b885936b2865702871610c410eb8f35619a8 12824 ssh-askpass-gnome-dbgsym_8.2p1-1_amd64.deb 960f9d97e3c9b9d51d2067e83490ea923ac9749a 260708 ssh-askpass-gnome_8.2p1-1_amd64.deb eec2f56def572d5572df04007ffc8f0e6276527c 248860 ssh_8.2p1-1_all.deb Checksums-Sha256: 54d2d9e607f7165d4f36f6ab23ef77e8dda074cec74a50b1f1bfeabd4ff5d9ad 3406 openssh_8.2p1-1.dsc 43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671 1701197 openssh_8.2p1.orig.tar.gz 4f358bb57cb5446a7a8bf986ff5cd835fd1e03f33561df883dfd3f893cd6fe86 683 openssh_8.2p1.orig.tar.gz.asc 1eaac2056fe12fa3f6419505812be13e2dc9cd02727d9cabd7ea2bfdd0934b41 174008 openssh_8.2p1-1.debian.tar.xz 0ff015a7a56190c46afbed4b2b6ebdf2c24c8ad63e2c7409063b3186ca5ddffc 3678100 openssh-client-dbgsym_8.2p1-1_amd64.deb 5c9f2d347813a76242b231d48f4bfaf39141da5caa1876bd4db929a608d4ea98 293744 openssh-client-udeb_8.2p1-1_amd64.udeb 2111ca74489dde96b7c0536ec2f33f71c926512d9a352c57bdf5af44606a088c 879648 openssh-client_8.2p1-1_amd64.deb 057cafa2221a32b00bc4c245dc6033b1ea88753e535634bbcdabf72bdb4f0b8c 1080492 openssh-server-dbgsym_8.2p1-1_amd64.deb 36d4b689ba7b6edfbeb959b2a4580bc1c7099a3a1b8e1080a04cb73e28aae0e5 318236 openssh-server-udeb_8.2p1-1_amd64.udeb 5356bdb5a8342df734ab0259bacbf2d7ebc49ae86af4996da55201c2aa263efe 377768 openssh-server_8.2p1-1_amd64.deb ad6fda847bb52eee200b264e3ee8c54d38f17cc3354e770cb8b79276486ff27f 165652 openssh-sftp-server-dbgsym_8.2p1-1_amd64.deb dded1951c710ec6827f0d4462892063305a1b5fe70e48aca7eb9b380a9161d5b 50888 openssh-sftp-server_8.2p1-1_amd64.deb fdab29f042876125d7c1faf5cc8156f035d4bc7af3805212237e5c6ce76cc1d5 297932 openssh-sk-helper-dbgsym_8.2p1-1_amd64.deb 20f6eba9b4793da43314631f61283e02b52ec1e8cc277cbdd81cc5615c73caae 111892 openssh-sk-helper_8.2p1-1_amd64.deb eb5019b478daf8527f8222a3cc3558373fd2f782e0e7da49833963a8edebde2d 2381024 openssh-tests-dbgsym_8.2p1-1_amd64.deb e2c406f30302f13609667dc1652533818e5b4bb5d4b0329fe43f9a2c98e5b415 909288 openssh-tests_8.2p1-1_amd64.deb cc9e7da3c547228973a9bf0b92d7b2163a804d3a5e277002d8367a49c88f88f5 18110 openssh_8.2p1-1_amd64.buildinfo 13531409fca19fa5192635ede75619576b16a6162a723b4c06d175a214e6d9b8 12824 ssh-askpass-gnome-dbgsym_8.2p1-1_amd64.deb 5972e3d0a16733507ca861bf4bb047e45ffbde397aa1f5cd18458f5b7fbd74b9 260708 ssh-askpass-gnome_8.2p1-1_amd64.deb 474b7a72466280743b3d65e3b33e1f2ba08b4b430024f85448f980f93ba26115 248860 ssh_8.2p1-1_all.deb Files: 9aec5f2b30e06a45d04486e9f6ee7930 3406 net standard openssh_8.2p1-1.dsc 3076e6413e8dbe56d33848c1054ac091 1701197 net standard openssh_8.2p1.orig.tar.gz 8501565a766e1a50a7e6179079f3c671 683 net standard openssh_8.2p1.orig.tar.gz.asc c1d3bedcda13837a88845f95e322ee0f 174008 net standard openssh_8.2p1-1.debian.tar.xz 572338e4b3fa8fcab009fe74385e03da 3678100 debug optional openssh-client-dbgsym_8.2p1-1_amd64.deb b35d9d44f3c90438cbdb56b72dbb91f1 293744 debian-installer optional openssh-client-udeb_8.2p1-1_amd64.udeb 4f1807d2bbff57ec776da4163ded4a45 879648 net standard openssh-client_8.2p1-1_amd64.deb 47583684aba12aac65b1fc7e5a8c1fb8 1080492 debug optional openssh-server-dbgsym_8.2p1-1_amd64.deb 93f555206d7fec19a3cfb55c88d43631 318236 debian-installer optional openssh-server-udeb_8.2p1-1_amd64.udeb fc40a8f79a5b4df2f49dd0516a387871 377768 net optional openssh-server_8.2p1-1_amd64.deb 9b1a12083d263985cc42041f5a61d322 165652 debug optional openssh-sftp-server-dbgsym_8.2p1-1_amd64.deb 6500a3f54fb51c8ea1b281fc1663df69 50888 net optional openssh-sftp-server_8.2p1-1_amd64.deb 0f3fc541dfcda26f59028d3c3533be0c 297932 debug optional openssh-sk-helper-dbgsym_8.2p1-1_amd64.deb b2dc85e631bbe58af0ad6783d7d045db 111892 net optional openssh-sk-helper_8.2p1-1_amd64.deb e879ef2489766af8223923ae634a6d56 2381024 debug optional openssh-tests-dbgsym_8.2p1-1_amd64.deb 97f3e570eb699fcdf6bdf77e78ce2b1a 909288 net optional openssh-tests_8.2p1-1_amd64.deb 0e43f99d13491c9adb5942e4b63be5e8 18110 net standard openssh_8.2p1-1_amd64.buildinfo 1059ea07a220bcc9e0cb333f89e25736 12824 debug optional ssh-askpass-gnome-dbgsym_8.2p1-1_amd64.deb 42df493e070d2d7bbd7364e63d787acb 260708 gnome optional ssh-askpass-gnome_8.2p1-1_amd64.deb de859d711d25edbb25a13af10e893289 248860 net optional ssh_8.2p1-1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAl5QHBgACgkQOTWH2X2G UAuVXxAAnCvWNqC4F7pY1UOfKIbYLhYSCniVNvopy6J5aWWO/P2aZ0tBocKIs4xf 63lsMP62tBO+Nf9wLl6FwhgVnkIdFVMH/9Qom6dVOin7+3Y3HuH61y5YYTbyGIq6 qFztghzFCwhmMILj6P4kYnJb+q+DL+ckyO3R+OIakNpWqR8yDO+czyQhU50ECEY+ nuohRdAl2av5JfRTaGhHiEqIcQqU6OC/9NJpes0NFIFm8U3/8kioO1Drnkf0JrGG 8bU+CM1hHYE0idZRXGhNAxmpLfA2O+JWQVrYbC45fvQOjfYmBBCdVZhTDI87qPNw ZSYbBGrtRh2+LKGVml7bZqTDWyIoorYiYCDKCjHvO6havKPoRdOp/A7csVPO+XmR PYCziV7JloakmxJKFWC7tWEgnvr0FlMfMasCChjMFJc9kS3HJgetuq5jSkyMpInB sjKiqpk5lLJa4O020tx/0mhLc1Lets6bqNCx9zhLfppDduwcG5dxwfqxAOk197j8 Kr+sfxpizUCNMey9sk1k+fWRvEMmL4t/jUf6tgVpvECKeiKh8qPFeuz8ztojGb/R +jktFgb2oJ1YIzQ9eEvfHB2uCsoec8T6gVuAm/NmnzP+b+2+p3JLf2w4Ph7oxPWJ 5VU7felUgelhy72e9dz/Y3AZgIgsatdb45nd5SvAmFVrJMMAohw= =D97J -----END PGP SIGNATURE-----
--- End Message ---
