Artem Russakovskii
2023-Aug-02 21:20 UTC
"Subsystem 'sftp' already defined" error in openssh-9 when using Include
Hi everyone, For the last several releases (perhaps with the release of openssh 9?), upgrading each version of openssh started wiping the current sshd_config and replacing it with the default config, at least on OpenSUSE 15.4 via zypper/yast. I was thinking of ways to mitigate this and thought I'd move the config to sshd_config.d/ in the hopes that it will be then called by the main config. However, two issues exist here, and I'm not sure how to resolve them. 1. "Subsystem 'sftp' already defined." since it's defined in sshd_config and redefined in sshd_config.d/custom_config.>From what I can tell, this is supposed to be fixed byhttps://groups.google.com/g/linux.debian.bugs.dist/c/jTXWWobiGpY with this code https://bugzilla.mindrot.org /attachment.cgi?id=3591&action=diff&collapsed=&headers=1&format=raw, but I don't currently understand if it's released (I'm on openssh-9.3p2 and it still throws the "Subsystem 'sftp' already defined" error) or when it will be released. Would appreciate any clarity here. 2. Even if the above is resolved, I think it still presents a problem since the default sshd_config doesn't include this line "Include sshd_config.d/*". If an upgrade removes it, then I'll still need to manually add it every time. The config was never force-replaced prior to a few months ago (prior to 9?). How is everyone else dealing with this problem? Thank you. Sincerely, Artem -- Founder, Android Police <http://www.androidpolice.com>, APK Mirror <http://www.apkmirror.com/>, Illogical Robot LLC beerpla.net | @ArtemR <http://twitter.com/ArtemR>
Martin Schröder
2023-Aug-02 22:08 UTC
"Subsystem 'sftp' already defined" error in openssh-9 when using Include
Am Mi., 2. Aug. 2023 um 23:27 Uhr schrieb Artem Russakovskii <archon810 at gmail.com>:> For the last several releases (perhaps with the release of openssh 9?), > upgrading each version of openssh started wiping the current sshd_config > and replacing it with the default config, at least on OpenSUSE 15.4 via > zypper/yast.Where do you get your sshd from? The default openssh-server for 15.5 is 8.4. And here configs are typically not overwritten; .rpmnew Best Martin
Peter Stuge
2023-Aug-03 01:40 UTC
"Subsystem 'sftp' already defined" error in openssh-9 when using Include
Artem Russakovskii wrote:> For the last several releases (perhaps with the release of openssh 9?), > upgrading each version of openssh started wiping the current sshd_config > and replacing it with the default config, at least on OpenSUSE 15.4 via > zypper/yast.Your distribution package or packaging system does that, not OpenSSH.> I was thinking of ways to mitigate this and thought I'd move the config to > sshd_config.d/ in the hopes that it will be then called by the main config. > > However, two issues exist here, and I'm not sure how to resolve them. > > 1. "Subsystem 'sftp' already defined." since it's defined in sshd_config > and redefined in sshd_config.d/custom_config. > From what I can tell, this is supposed to be fixed by > https://groups.google.com/g/linux.debian.bugs.dist/c/jTXWWobiGpYNote that the bug report quotes a different sshd_config.5 man page than the upstream one. Upstream sshd_config.5 does *not* contain "/etc/ssh/sshd_config.d/*.conf files are included at the start ..." which debian seems to patch in. I can only recommend avoiding distribution packages, especially when discussing any issues here with upstream.> with this code https://bugzilla.mindrot.org > /attachment.cgi?id=3591&action=diff&collapsed=&headers=1&format=raw, but I > don't currently understand if it's released (I'm on openssh-9.3p2 and it > still throws the "Subsystem 'sftp' already defined" error) or when it will > be released. Would appreciate any clarity here.The patch is not included in any release and also not in current master. It's a straightforward patch that looks fine to me, maybe it will be included into master following your mail bump. Don't know if it could make it into the pending 9.4 release then, that may have been frozen.> 2. Even if the above is resolved, I think it still presents a problem > since the default sshd_config doesn't include this line "Include > sshd_config.d/*". If an upgrade removes it, then I'll still need to > manually add it every time.It seems debian adds an Include at the start of the config file, I guess you have to do something similar or something else..> The config was never force-replaced prior to a few months ago (prior to > 9?). How is everyone else dealing with this problem?I don't use distribution patches and no packages/packaging that will mess with my configuration. I don't want to spend time on unnecessary problems created by distributions. //Peter
Seemingly Similar Threads
- performance.cache-size for high-RAM clients/servers, other tweaks for performance, and improvements to Gluster docs
- Getting glusterfs to expand volume size to brick size
- performance.cache-size for high-RAM clients/servers, other tweaks for performance, and improvements to Gluster docs
- Getting glusterfs to expand volume size to brick size
- performance.cache-size for high-RAM clients/servers, other tweaks for performance, and improvements to Gluster docs