我正在做一个apt-get upgrade
从openssh-server
版本1:8.2p1-4ubuntu0.4
到 1:8.2p1-4ubuntu0.5
.
更新期间显示
A new version (/tmp/filehQFzF3) of configuration file /etc/ssh/sshd_config is available, but the version installed currently has been locally modified.
因为更改是作为cloud-init
脚本的一部分进行的,所以我想检查该脚本中需要更新的内容。为此,我需要和sshd_config
中原始文件的差异。1:8.2p1-4ubuntu0.4
1:8.2p1-4ubuntu0.5
来自以下位置的变更日志https://launchpad.net/ubuntu/+source/openssh/1:8.2p1-4ubuntu0.5但是配置文件似乎没有改变。现在我很困惑。
这是交互式升级的差异输出:
Line by line differences between versions
│
│ --- /etc/ssh/sshd_config root.root 0644 2022-01-30 22:45:30
│ +++ /tmp/filehQFzF3 root.root 0644 2022-05-26 19:43:13
│ @@ -31,15 +31,15 @@
│ # Authentication:
│
│ #LoginGraceTime 2m
│ -PermitRootLogin no
│ +#PermitRootLogin prohibit-password
│ #StrictModes yes
│ -MaxAuthTries 2
│ +#MaxAuthTries 6
│ #MaxSessions 10
│
│ #PubkeyAuthentication yes
│
│ # Expect .ssh/authorized_keys2 to be disregarded by default in future.
│ -AuthorizedKeysFile .ssh/authorized_keys
│ +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
│
│ #AuthorizedPrincipalsFile none
│
│ @@ -55,7 +55,7 @@
│ #IgnoreRhosts yes
│
│ # To disable tunneled clear text passwords, change to no here!
│ -#PasswordAuthentication yes
│ +PasswordAuthentication no
│ #PermitEmptyPasswords no
│
│ # Change to yes to enable challenge-response passwords (beware issues with
│ @@ -85,10 +85,10 @@
│ # and ChallengeResponseAuthentication to 'no'.
│ UsePAM yes
│
│ -AllowAgentForwarding no
│ -AllowTcpForwarding no
│ +#AllowAgentForwarding yes
│ +#AllowTcpForwarding yes
│ #GatewayPorts no
│ -X11Forwarding no
│ +X11Forwarding yes
│ #X11DisplayOffset 10
│ #X11UseLocalhost yes
│ #PermitTTY yes
│ @@ -121,5 +121,3 @@
│ # AllowTcpForwarding no
│ # PermitTTY no
│ # ForceCommand cvs server
│ -PasswordAuthentication no
cloud-init
这是配置 sshd 的脚本的一部分:
- sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
- sed -i -e '/^PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
- sed -i -e '/^X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config
- sed -i -e '/^#MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config
- sed -i -e '/^#AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config
- sed -i -e '/^#AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
- sed -i -e '/^#AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config
现在我的问题是,这些sed
命令在新版本中是否仍然执行我们想要的操作。为了弄清楚这一点,我需要了解我们在使用此cloud-init
脚本创建新实例时将使用的新默认配置是什么样的。