Package: openssh-server Version: 1:7.4p1-6 Severity: grave Justification: renders package unusable
upgrade openssh-server from jessie (1:6.7p1-5+deb8u3 -> 1:7.3p1-5 -> 1:7.4p1-6) sliently overwrite unmodifyed config, that leads to unintented change commented ``AuthorizedKeysFile'' options. -- cut-- -#AuthorizedKeysFile %h/.ssh/authorized_keys +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys -- cut -- This disallow reading ~/.ssh/authorized_keys2 and break remote login without any notice. -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (400, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, armel Kernel: Linux 4.9.0-040904-generic (SMP w/8 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages openssh-server depends on: ii adduser 3.115 ii debconf [debconf-2.0] 1.5.59 ii dpkg 1.18.18 ii init-system-helpers 1.46 ii libaudit1 1:2.6.7-1 ii libc6 2.24-9 ii libcomerr2 1.43.3-1 ii libgssapi-krb5-2 1.15-1 ii libkrb5-3 1.15-1 ii libpam-modules 1.1.8-3.5 ii libpam-runtime 1.1.8-3.5 ii libpam0g 1.1.8-3.5 ii libselinux1 2.6-3 ii libssl1.0.2 1.0.2j-5 ii libsystemd0 232-10 ii libwrap0 7.6.q-26 ii lsb-base 9.20161125 ii openssh-client 1:7.4p1-6 ii openssh-sftp-server 1:7.4p1-6 ii procps 2:3.3.12-3 ii ucf 3.0036 ii zlib1g 1:1.2.8.dfsg-4 Versions of packages openssh-server recommends: ii libpam-systemd 232-10 ii ncurses-term 6.0+20161126-1 ii xauth 1:1.0.9-1 Versions of packages openssh-server suggests: pn molly-guard <none> pn monkeysphere <none> pn rssh <none> pn ssh-askpass <none> pn ufw <none> -- debconf information: * openssh-server/permit-root-login: false
