Open Linux Forums
Like Ubuntu forums, except with beer.
Moderator
Joined: Oct 04 2017
Posts: 1244

A couple days ago was getting updates/upgrades. SSH was one of them. Terminal showed downloading etc and then came up with message about mine already being set and asked if wanted to leave it that recommended default was yes. So I said leave my settings. Then it went ahead with the installations. Now my question is that since it's leaving the settings as I had them did it put the new one under a different name in the SSH folder? I'm showing ssh_config and also a ssh_config.dpkg-dist. Would the latter be the upgrade and I would go in and uncomment to match what I have and leave the rest of it commented out? I've always thought that it was the sshd_config that we usually messed with on the settings although I did go into the ssh_config to make sure that it matched what I have in the sshd_config. Or when I said to leave at my settings it didn't put anything in the ssh folder?

Administrator
avatar
Joined: Oct 04 2017
Posts: 396

This behaviour can vary depending on the distro your using (this is also the reason why I moved this thread).

Not used Debian in a while, but I do believe that the ".dpkg-dist" files are the new default config files that have been skipped during installation or upgrade.

Moderator
Joined: Oct 04 2017
Posts: 1244

Will go back through it and see what's different in what's there and what I have setup in the ssh_config I have setup. Then will just rename mine and make some changes to what's there and make it active then. Same as I usually do with the sshd_config.
Thanks for the move. Don't know why put where I did. Maybe in a hurry or eyes traveled.

Administrator
avatar
Joined: Oct 04 2017
Posts: 396

Often there are no changes in the config files.
This mainly happens when they add/remove features from the application.

Member
Joined: Oct 04 2017
Posts: 361

When you get those messages there is usually some small change in the default settings so that the new package is changing the config file.

If the config file has been changed by the user Debian will leave that file alone if you want. You will usually get the new config file but it will be appended with an additional suffix.

We have had some ssh related package upgrades and there have been some security changes made. Mainly in what sort of encryption is now supported. If you have designated a particular type then you should probably check the change log file and see if that effects you.

If you have used ssh since that upgrade then it probably doesn't effect you at all.

Interesting stuff from most recent change log

  • ssh(1): Delete SSH protocol version 1 support, associated configuration
    options and documentation.
  • ssh(1)/sshd(8): Remove support for the hmac-ripemd160 MAC.
  • ssh(1)/sshd(8): Remove support for the arcfour, blowfish and CAST
    ciphers.
  • Refuse RSA keys <1024 bits in length and improve reporting for keys
    that do not meet this requirement.
  • ssh(1): Do not offer CBC ciphers by default.