misc/185546: freebsd-update can modify sshd and lock you out of your system
David Cecchin
dcecchin at gmail.com
Tue Jan 7 09:10:00 UTC 2014
>Number: 185546
>Category: misc
>Synopsis: freebsd-update can modify sshd and lock you out of your system
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jan 07 09:10:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator: David Cecchin
>Release: 9.1-RELEASE to 9.2-RELEASE
>Organization:
>Environment:
FreeBSD sanction.local 9.2-RELEASE FreeBSD 9.2-RELEASE #0 r255898: Thu Sep 26 22:50:31 UTC 2013 root at bake.isc.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
I think this is a usability bug:
When upgrading a system for example from FreeBSD 9.1 to 9.2 with these instructions: http://www.freebsd.org/releases/9.2R/installation.html I was locked out of my FreeBSD system.
The freebsd-update process made some changes to my sshd configuration:
51 <<<<<<< current version
52 AuthorizedKeysFile› .ssh/authorized_keys
53 =======
54
55 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
56 #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
57
58 #AuthorizedPrincipalsFile none
59
60 #AuthorizedKeysCommand none
61 #AuthorizedKeysCommandUser nobody
62 >>>>>>> 9.2-RELEASE
Now of course the changes are on lines 51, 53 and 62 were read in by sshd as invalid parameters and stopped sshd from starting on reboot.
This isn't an issue for things like ntp.conf which will just simply print a warning to syslog, but for critical services such as sshd, it will stop the service from starting.
If adding these markers is necessary why don't you at very least put a # in front of them.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list