Bug#1080174: systemd: 20-systemd-ssh-proxy.conf cannot be customised or removed
Luca Boccassi
bluca at debian.org
Tue Oct 8 22:00:34 BST 2024
Control: tags -1 wontfix
Control: close -1
On Sat, 31 Aug 2024 04:32:30 +0200 Christoph Anton Mitterer
<calestyo at scientia.org> wrote:
> Package: systemd
> Version: 256.5-1
> Severity: important
>
>
> Hey.
>
> I think since version 256 there's systemd-ssh-generator and friends
including
> /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf which is a non-
conffile that
> is a symlink to:
> /usr/lib/systemd/ssh_config.d/20-systemd-ssh-proxy.conf
>
> as such, it cannot be modified by the user or removed, as it will be
re-installed
> on upgrade (and there even overwriting any manually created
> 20-systemd-ssh-proxy.conf that is not a symlinks).
>
> I don't think this should happen, and wouldn't be too surprised if it
was a policy
> violation (though too lazy to check ^^).
It is most certainly not. This is necessary to ensure ssh via
vsock/afunix works out of the box. You can set up a local dpkg
diversion if you want to.
> btw: It also seems a really bad thing to set:
> StrictHostKeyChecking no
> UserKnownHostsFile /dev/null
> which AFAICS are not suggested by systemd-ssh-proxy(1) either.
>
> `StrictHostKeyChecking no` unconditionally adds keys to known_hosts,
which just
> invites for subtle means to exploit it (social engineering, etc.).
This is restricted to vsock/afunix, so there's no such risk:
Host unix/* vsock/*
<...>
More information about the Pkg-systemd-maintainers
mailing list