Mac OS X 10.4.10 Unnessesarily replaces sshd_config

by on July 10, 2007 » Add more comments.

It looks like Apple did a very unpleasant modification in the 10.4.10 update. They outright replaced the /etc/sshd_config for a tiny bit of “tidying up” of the GSSAPI section.

Before 10.4.10:

# GSSAPI options
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange yes

# GSSAPI options
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes

After 10.4.10:

# GSSAPI options
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange yes

Now was it really necessary to replace the file? On our image, I modify that file to restrict who can use ssh and a couple other settings. Now I have to push that file back out to all my machines.

There was really no reason for this.

CORRECTION – After further inspection, it looks like the file is not actually replaced, but modified by a fixSSHcfg.pl script within the 10.4.10 package. It also looks like modifications to the sshd_config do not always go away. The first 2 machines I updated with 10.4.10 lost the mods that I made, but then I tried a couple more and they didn’t lose the customizations that I did.

digg story

Find more like this: Mac , , ,


2 Responses to Mac OS X 10.4.10 Unnessesarily replaces sshd_config

  • Noah Abrahamson says:

    It doesn’t actually replace the file. It may modify it, though even in mine, I can’t see the difference (and I have modified mine for Kerberos and AllowUsers directives).

  • PatGmac says:

    Yea, I’m noticing that now on other machines (see correction above).

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>