I'm running several machines with the standard sshd config file and never touched it manually since they're in a trusted internal LAN so root login was always possible. Now after updating to openssh-4.6_p1 and running etc-update afterwards it automerged the config files: Scanning Configuration files... Automerging trivial changes in: /etc/ssh/sshd_config And commented out #PermitRootLogin yes and set PasswordAuthentication no so after restarting sshd I was not able to login anymore. On another machine with a heavily edited sshd_config the problem didn't occur since etc-update asked to manually review the config file(s). Reproducible: Sometimes Steps to Reproduce:
/etc/etc-update.conf <snip> # Whether trivial/comment changes should be automerged eu_automerge="yes" </snip> ^^^ Hint: change to "no"
Hm well shouldn't this be the default then? I mean I've never had any problem with it before but this is a really bad behaviour which can cause a lot of trouble (like in my case here).
(In reply to comment #1) > # Whether trivial/comment changes should be automerged While this might be a "comment change" if you take the words literally, it hardly is a trivial change. At the very least, this behaviour leaves much to be desired.
PermitRootLogin is always enabled by default so i dont see how commenting out it set to "yes" breaks anything as for PasswordAuthentication, that is dependent upon USE=pam, so if you have that enabled, that implies you want: UsePAM yes PasswordAuthentication no
Thanks for the clarification. I do have one remaining question, since when is this the default behaviour in gentoo?
which default behavior ? the sshd_config defaults have been this way forever (seriously, a quick check shows it hasnt changed in over two years)
