Thanks for this work Andreas - esp. on the test cases! Aside from a couple of nits inline, one concern I have is that the unpatched sshd will fail to start if KerberosUniqueCCache is set:
line 1: Bad configuration option: KerberosUniqueCCache
Would it make sense to have openssh-server-default-ccache install a config file, say:
/etc/ssh/sshd_config.d/openssh-server-default.ccache.conf.disabled
That contains a commented out #KerberosUniqueCCache config (would aide discoverability),and then a symlink that allows the "Include /etc/ssh/sshd_config.d/*.conf" to pick it up:
openssh-server-default.ccache.conf -> openssh-server-default-ccache.conf.disabled
The symlink would always be removed in uninstall, leaving any KerberosUniqueCCache setting impotent.
Also, do we need to restart sshd after an o-s-d-c install or removal?
Thanks for this work Andreas - esp. on the test cases! Aside from a couple of nits inline, one concern I have is that the unpatched sshd will fail to start if KerberosUniqueC Cache is set:
line 1: Bad configuration option: KerberosUniqueC Cache
Would it make sense to have openssh- server- default- ccache install a config file, say: ssh/sshd_ config. d/openssh- server- default. ccache. conf.disabled CCache config (would aide discoverability ),and then a symlink that allows the "Include /etc/ssh/ sshd_config. d/*.conf" to pick it up: server- default. ccache. conf -> openssh- server- default- ccache. conf.disabled
/etc/
That contains a commented out #KerberosUnique
openssh-
The symlink would always be removed in uninstall, leaving any KerberosUniqueC Cache setting impotent.
Also, do we need to restart sshd after an o-s-d-c install or removal?