It looks like Apple did a very unpleasant modification in the 10.4.10 update. They outright replaced the /etc/sshd_config for a tiny bit of “tidying up” of the GSSAPI section.
Before 10.4.10:
# GSSAPI options
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange yes# GSSAPI options
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
After 10.4.10:
# GSSAPI options
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange yes
Now was it really necessary to replace the file? On our image, I modify that file to restrict who can use ssh and a couple other settings. Now I have to push that file back out to all my machines.
There was really no reason for this.
CORRECTION – After further inspection, it looks like the file is not actually replaced, but modified by a fixSSHcfg.pl script within the 10.4.10 package. It also looks like modifications to the sshd_config do not always go away. The first 2 machines I updated with 10.4.10 lost the mods that I made, but then I tried a couple more and they didn’t lose the customizations that I did.
Find more like this: Mac , Desktop Management, Mac, ssh
It doesn’t actually replace the file. It may modify it, though even in mine, I can’t see the difference (and I have modified mine for Kerberos and AllowUsers directives).
Yea, I’m noticing that now on other machines (see correction above).