Solved freebsd-update : modified files issue

M

Mayhem30

How would I go about solving this issue?

I don't have the original sshd_config file.

Code: 
$ sudo freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 13.2-RELEASE from update1.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.
The following files are affected by updates. No changes have
been downloaded, however, because the files have been modified
locally:
/etc/ssh/sshd_config

No updates needed to update system to 13.2-RELEASE-p5.
 
I usually just rename /etc/ssh/sshd_config to /etc/ssh/sshd_config.saved, then do the freebsd-update fetch and install.
When the update is one, change the filename back to /etc/ssh/sshd_config

I have no idea whether this is the-right-way to do it, but this method does seem to work reliably.
YMMV
 
I suspect the-right-way might be as follows :
1. Don't make any change/s to /etc/ssh/sshd_config
2. Include any changes in /etc/rc.conf as sshd_flags= eg :
sshd_enable="YES"
sshd_flags=" -o SomeNeededParameter=Yes"

Any thoughts or better suggestions ?
 
I'm not running sshd, but I think moving /etc/ssh/sshd_config to /etc/defaults/sshd_config BY DEFAULT ON BASE and put /etc/ssh/sshd_config something like
Code: 
include /etc/defaults/sshd_config

# Describe domain/server specific configurations below.
woulc be better.
This way as default, freebsd-update(8) would be able to update untouched sshd_config and user configurations would not be broken by update.
Am I wrong?
 
How do you get the original, untouched files if you've already modified them, though? (Not asking specifically about sshd_config, it's a more general question.)

It feels like there should be an option in freebsd-update to overwrite particular files with the original version. Clearly it knows when files have been modified, so why not also help us get the original/default?
 
dbdemon said:
How do you get the original, untouched files if you've already modified them, though? (Not asking specifically about
sshd_config, it's a more general question.) It feels like there should be an option in
freebsd-update
to overwrite particular files with the original version. Clearly it knows when files have been modified, so why not also help us get the original/default?
Click to expand...
I'm not using freebsd-update(8) for quite a long time (used when it was initially introduced and then switched to src upgrade method) so I could be wrong, but if I understand correctly via problems reported in this Forums,
  • Anything users/admins possibly edit manually and freebsd-update(8) handles are basically in /etc/ (some exceptions, though).
  • freebsd-update(8) invokes etcupdate(8) (before 14, used obsoleted mergemaster(8) by default) to update contents in /etc/ and anything others which etcupdate(8) handles.
  • etcupdate(8) does 3 way merge for all updates for all files it handles.
  • etcupdate(8) preserves previous default files it handles in /var/db/etcupdate/old/ preserving directory hierarchy.
  • etcupdate(8) invokes editors which is specified in EDITOR environment variable, if none, uses vi(1) by default.
Assuming above, etcupdate(8) usually checks for diffs between new and old default files, if any difference occurs, attempts to apply it to actually installed (possibly modified) files. This goes sanely unless some conflict happenes.

When any conflict exists (for example, changes in new version and installed version modified the same place), etcupdate(8) gives up and mark the file as conflicted, recording diffs in the installed file.

This made anyone who are not familiar with vi(1) and/or git-like 3 way diff outputs.
 
I got my solution on these forums, though I can't find the thread so I don't remember to whom I should give credit. My own customizing is a different port--yeah, I know it's security by obscurity, but as the saying goes, you don't have to be the fastest gazelle in the herd, just faster than the one next to you.
So, I have a file
/etc/ssh/sshd_config.custom and it just reads
Include /etc/ssh/sshd_config <my custom port>
This avoids any issue with freebsd-update about modified files, and still gives me my custom port.
 
scottro said:
I got my solution on these forums, though I can't find the thread so I don't remember to whom I should give credit.
Click to expand...
Thank you, I finally found it.
I couldn't put my hand on it and used the keywords from your message "sshd_config.custom" and that did the trick.
This thread is useful indeed and that's exactly what I needed it today, bookmarked!
The bookmarks list becomes bigger and bigger :)
 
Thanks, I see I didn't mention (didn't look at my own config) the flags to go in /etc/rc.conf.

So, let me repeat my whole thing.
say you're using port 1234 instead of port 22
Create /etc/ssh/sshd_config.custom

Include /etc/ssh/sshd_config port 1234

Then in /etc/rc.conf
sshd_flag"-f /etc/ssh/sshd_config.custom
Though Franconian_Witchcraft in the original thread thinks it might be better to do
port 1234 Include /etc/ssh/sshdconfig
Because the man page says
Unless noted otherwise, for each keyword, the first obtained value will be used.
But, I've been doing it with having Include at the top and it works fine for me.
 
You must log in or register to reply here.
Back
Top