在哪里可以获取版本之间默认 sshd_config 更改的差异?

在哪里可以获取版本之间默认 sshd_config 更改的差异?

我正在做一个apt-get upgradeopenssh-server版本1:8.2p1-4ubuntu0.41:8.2p1-4ubuntu0.5.

更新期间显示

A new version (/tmp/filehQFzF3) of configuration file /etc/ssh/sshd_config is available, but the version installed currently has been locally modified. 

因为更改是作为cloud-init脚本的一部分进行的,所以我想检查该脚本中需要更新的内容。为此,我需要和sshd_config中原始文件的差异。1:8.2p1-4ubuntu0.41:8.2p1-4ubuntu0.5

来自以下位置的变更日志https://launchpad.net/ubuntu/+source/openssh/1:8.2p1-4ubuntu0.5但是配置文件似乎没有改变。现在我很困惑。

这是交互式升级的差异输出:

Line by line differences between versions                                      
│ --- /etc/ssh/sshd_config root.root 0644 2022-01-30 22:45:30                    
│ +++ /tmp/filehQFzF3 root.root 0644 2022-05-26 19:43:13                         
│ @@ -31,15 +31,15 @@                                                            
│  # Authentication:                                                             
│  #LoginGraceTime 2m                                                            
│ -PermitRootLogin no                                                            
│ +#PermitRootLogin prohibit-password                                            
│  #StrictModes yes                                                              
│ -MaxAuthTries 2                                                                
│ +#MaxAuthTries 6                                                               
│  #MaxSessions 10                                                               
│  #PubkeyAuthentication yes                                                     
│  # Expect .ssh/authorized_keys2 to be disregarded by default in future.        
│ -AuthorizedKeysFile .ssh/authorized_keys                                       
│ +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2                
│  #AuthorizedPrincipalsFile none                                                
│ @@ -55,7 +55,7 @@                                                              
│  #IgnoreRhosts yes                                                             
│  # To disable tunneled clear text passwords, change to no here!                
│ -#PasswordAuthentication yes                                                   
│ +PasswordAuthentication no                                                     
│  #PermitEmptyPasswords no                                                      
│  # Change to yes to enable challenge-response passwords (beware issues with    
│ @@ -85,10 +85,10 @@                                                            
│  # and ChallengeResponseAuthentication to 'no'.                                
│  UsePAM yes                                                                    
│ -AllowAgentForwarding no                                                       
│ -AllowTcpForwarding no                                                         
│ +#AllowAgentForwarding yes                                                     
│ +#AllowTcpForwarding yes                                                       
│  #GatewayPorts no                                                              
│ -X11Forwarding no                                                              
│ +X11Forwarding yes                                                             
│  #X11DisplayOffset 10                                                          
│  #X11UseLocalhost yes                                                          
│  #PermitTTY yes                                                                
│ @@ -121,5 +121,3 @@                                                            
│  # AllowTcpForwarding no                                                       
│  # PermitTTY no                                                                
│  # ForceCommand cvs server                                                     
│ -PasswordAuthentication no                  

cloud-init这是配置 sshd 的脚本的一部分:

  - sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
  - sed -i -e '/^PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
  - sed -i -e '/^X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config
  - sed -i -e '/^#MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config
  - sed -i -e '/^#AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config
  - sed -i -e '/^#AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
  - sed -i -e '/^#AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config

现在我的问题是,这些sed命令在新版本中是否仍然执行我们想要的操作。为了弄清楚这一点,我需要了解我们在使用此cloud-init脚本创建新实例时将使用的新默认配置是什么样的。

相关内容