0

I noticed in in Ubuntu 20.04 in /etc/ssh/sshd_config what appears to be the introduction of a new line on the very 1st line of sshd_config. It reads:

Include /etc/ssh/sshd_config.d/*.conf

What is this line for?

I've also noticed that google authenticator TOTP does not work for me (in the sense that I get prompted for and enter correctly the codes, but still am not permitted to log in) UNLESS I delete this line. In which case the sshd_config looks exactly how it did in Ubuntu 18.04

Is any of this related to what the first line is doing?

user1709076
  • 125
  • 1
  • 6

1 Answers1

1

It can be used to include additional configuration files allowing you to override some settings without changing the stock sshd_config file. Which should make upgrading your system easier. You don't have to use it, and you are safe to remove it if you want. But you will need to pay attention to change logs and so on to know what you need to fix about your sshd_config when updating. Though that was more or less the status quo before the recent release.

No idea why that would break your Google TOTP auth. It seems pretty unlikely that it would be the direct cause. To figure out what the problem was I would probably run the sshd in debug mode and watch for errors to see what it is failing on.

One way to debug is to connect to the server on the physical console or some kind of out-of-band method. Stop the existing ssh daemon, then run /usr/sbin/sshd -ddd You will get a very verbose output of what is going on. You can add or remove the d to make sshd more or less verbose. It will also be useful to look at the verbose output with, and without that configuration option enabled so you can see what a working and broken output looks like so you can isolate what is 'normal' debug output, and what is actually your problem.

Zoredache
  • 128,755
  • 40
  • 271
  • 413