Solved Upgrade to 12.4 from 12.3 - sshd_config file trashed

[byrnejb]

I have a number of special settings in /etc/ssh/sshd_config. When I tried to upgrade from 12.3 to 12.4 the config merge process removes everyone of them including the ListenAddress which disables sshd altogether. I do not recall having this difficulty with previous upgrades. Is my memory going or is this a change in behaviour?

 

[Eric A. Borisch]

Removing all the ListenAddress settings means the default behavior takes over; from sshd_config(5), '**' mine.

     ListenAddress
             Specifies the local addresses sshd(8) should listen on.  The fol‐
             lowing forms may be used:

                   ListenAddress hostname|address [rdomain domain]
                   ListenAddress hostname:port [rdomain domain]
                   ListenAddress IPv4_address:port [rdomain domain]
                   ListenAddress [hostname|address]:port [rdomain domain]

             The optional rdomain qualifier requests sshd(8) listen in an
             explicit routing domain.  If port is not specified, sshd will
             listen on the address and all Port options specified.  **The
             default is to listen on all local addresses on the current
             default routing domain.**  Multiple ListenAddress options are per‐
             mitted.  For more information on routing domains, see rdomain(4).

You can always check this for your current configuration with (as root) sshd -T | grep -i listen.

I wouldn't expect freebsd-update(8) to by default remove your custom settings without prompting you for "what do you want to do?"

 

[VladiBG]

Any invalid variable in sshd_config will stop the sshd from starting. Most likely during the merge config you didn't edit the file and end up without ssh after reboot.

 

[byrnejb]

I did not proceed with the upgrade due to the merge approval request (diff) showing that the custom configuration entries were to be deleted (prefaced with a - sign). So, I copied the existing sshd_config and reran the update accepting the merge. On the second try the removal lines did not appear in the merge approval and when it completed they were still in the updated file. So, I do not know what happened but the problem resolved itself.