I am unclear about why you are asking for the contents of my sshd_config file, given that the problem I described here isn't the merge conflict, but rather what happens in terms of the migration from ssh service to socket when the user opts to install the vendor version of sshd_config as a result of the merge conflict. You're not going to be able to entirely avoid merge conflicts, so you need to come up with a better way to handle this conversion, e.g., by migrating the address and port settings from sshd_config to listen.conf in a preinst script that runs before dpkg tries to install the new sshd_config.
In any case, I can't tell you exactly what was in my sshd_config before the problem occurred because, as I indicated, I've upgraded my machine to Kinetic and in the process replaced sshd_config. However, I believe it looked approximately like this:
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Include /etc/ssh/sshd_config.d/*.conf
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
KbdInteractiveAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
PermitRootLogin without-password
PasswordAuthentication no
Port 22
Port 2223
Hello,
I am unclear about why you are asking for the contents of my sshd_config file, given that the problem I described here isn't the merge conflict, but rather what happens in terms of the migration from ssh service to socket when the user opts to install the vendor version of sshd_config as a result of the merge conflict. You're not going to be able to entirely avoid merge conflicts, so you need to come up with a better way to handle this conversion, e.g., by migrating the address and port settings from sshd_config to listen.conf in a preinst script that runs before dpkg tries to install the new sshd_config.
In any case, I can't tell you exactly what was in my sshd_config before the problem occurred because, as I indicated, I've upgraded my machine to Kinetic and in the process replaced sshd_config. However, I believe it looked approximately like this:
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/ local/sbin: /usr/local/ bin:/usr/ sbin:/usr/ bin:/sbin: /bin:/usr/ games
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Include /etc/ssh/ sshd_config. d/*.conf
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ ssh_host_ rsa_key ssh_host_ ecdsa_key ssh_host_ ed25519_ key
#HostKey /etc/ssh/
#HostKey /etc/ssh/
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthenti cation yes
# Expect .ssh/authorized _keys2 to be disregarded by default in future. _keys .ssh/authorized _keys2
#AuthorizedKeysFile .ssh/authorized
#AuthorizedPrin cipalsFile none
#AuthorizedKeys Command none CommandUser nobody
#AuthorizedKeys
# For this to work you will also need host keys in /etc/ssh/ ssh_known_ hosts ntication no tication nHosts no
#HostbasedAuthe
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthen
#IgnoreUserKnow
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here! tication yes swords no
#PasswordAuthen
#PermitEmptyPas
# Change to yes to enable challenge-response passwords (beware issues with uthentication no
# some PAM modules and threads)
KbdInteractiveA
# Kerberos options tication no lPasswd yes Cleanup yes Token no
#KerberosAuthen
#KerberosOrLoca
#KerberosTicket
#KerberosGetAFS
# GSSAPI options cation no redentials yes ceptorCheck yes
#GSSAPIAuthenti
#GSSAPICleanupC
#GSSAPIStrictAc
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing, uthentication and ication. Depending on your PAM configuration, uthentication may bypass ication uthentication to 'no'.
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveA
# PasswordAuthent
# PAM authentication via KbdInteractiveA
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthent
# and KbdInteractiveA
UsePAM yes
#AllowAgentForw arding yes ronment no erval 0 ntMax 3
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvi
#Compression delayed
#ClientAliveInt
#ClientAliveCou
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems openssh/ sftp-server
Subsystem sftp /usr/lib/
# Example of overriding settings on a per-user basis ication no
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
PermitRootLogin without-password
PasswordAuthent
Port 22
Port 2223