From nobody Mon Dec 11 00:58:18 2023 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SpNf955Frz53bGw for ; Mon, 11 Dec 2023 00:58:25 +0000 (UTC) (envelope-from wfc@mintsol.com) Received: from scully.mintsol.com (scully.mintsol.com [199.182.77.206]) by mx1.freebsd.org (Postfix) with ESMTP id 4SpNf871T1z4f0f for ; Mon, 11 Dec 2023 00:58:24 +0000 (UTC) (envelope-from wfc@mintsol.com) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of wfc@mintsol.com designates 199.182.77.206 as permitted sender) smtp.mailfrom=wfc@mintsol.com; dmarc=none Received: from mintsol.com (officecc.mintsol.com [96.85.114.33]) by scully.mintsol.com with esmtp; Sun, 10 Dec 2023 19:58:18 -0500 id 00222417.0000000065765EAA.00011DA3 Received: from localhost (localhost [127.0.0.1]) (IDENT: uid 1002) by mintsol.com with esmtp; Sun, 10 Dec 2023 19:58:18 -0500 id 00008187.65765EAA.0000F967 Date: Sun, 10 Dec 2023 19:58:18 -0500 (EST) From: Walter Cramer To: freebsd-stable@freebsd.org Subject: Anomoly from `freebsd-update IDS` in 12.4-RELEASE-p9 - dual entries for /etc/ssh/sshd_config In-Reply-To: Message-ID: <20231210193001.S62060@mulder.mintsol.com> References: <20231201031737.DF0231B942@freefall.freebsd.org> List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [1.38 / 15.00]; NEURAL_SPAM_LONG(1.00)[1.000]; NEURAL_SPAM_MEDIUM(0.89)[0.888]; NEURAL_HAM_SHORT(-0.81)[-0.808]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+a:scully.mintsol.com]; RCVD_NO_TLS_LAST(0.10)[]; MIME_GOOD(-0.10)[text/plain]; MLMMJ_DEST(0.00)[freebsd-stable@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; R_DKIM_NA(0.00)[]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROMTLD(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FROM_HAS_DN(0.00)[]; ASN(0.00)[asn:22768, ipnet:199.182.77.0/24, country:US]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_NA(0.00)[mintsol.com]; TO_DN_NONE(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-Rspamd-Queue-Id: 4SpNf871T1z4f0f X-Spamd-Bar: + When running `freebsd-update IDS` on a few 12.4-RELEASE-p9 systems which have local changes in /etc/ssh/sshd_config, I get TWO separate lines of output about /etc/ssh/sshd_config: ... /etc/ssh/sshd_config has SHA256 hash XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, but should have SHA256 hash 2e201f8c0ca677cc6b6dce2608579ed7d05262dec52b534037bf67fe0601fe68. /etc/ssh/sshd_config has SHA256 hash XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, but should have SHA256 hash eac5adbd9571a12135c3af1c536ace0e8fd58164eec273efa9df37ab7eb941ec. ... (The two X'ed hashes are the same, and match the sha256 hash of the system's customized /etc/ssh/sshd_config.) Poking around a bit in /usr/src, and my weekly snapshots of that, I found both versions of sshd_config - SHA256 (/usr/src/crypto/openssh/sshd_config) = 2e201f8c0ca677cc6b6dce2608579ed7d05262dec52b534037bf67fe0601fe68 SHA256 (/usr/.zfs/snapshot/year_week.23w31/src/crypto/openssh/sshd_config) = eac5adbd9571a12135c3af1c536ace0e8fd58164eec273efa9df37ab7eb941ec SHA256 (/usr/.zfs/snapshot/year_week.23w32/src/crypto/openssh/sshd_config) = 2e201f8c0ca677cc6b6dce2608579ed7d05262dec52b534037bf67fe0601fe68 `diff` on those two versions of sshd_config yields: 109c109 < #VersionAddendum FreeBSD-20221019 --- > #VersionAddendum FreeBSD-20230719 So both versions of sshd_config start with these same lines, which may be the root problem: # $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ # $FreeBSD: releng/12.4/crypto/openssh/sshd_config 372681 2022-10-31 17:19:41Z git2svn