User impact: this messes up automation; it is a common use of cloud images for users to automate their server deployments which generally involves running a dist-upgrade and then bootstrapping some kind of configuration management system.
As well as during an upgrade between releases, this will happen if openssh-server needs to change its /etc/ssh/sshd_config in an SRU or security update. Even users who have not touched /etc/ssh/sshd_config will be told that they have and the default is to keep the user "modified" version, so the change will not be applied.
Workaround: users can use something like: apt-get update && UCF_FORCE_CONFOLD=1 apt-get -y dist-upgrade. Note that to avoid prompts in various other cases users should also set DEBIAN_FRONTEND=noninteractive, run apt-get with -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" and consider redirecting stdin from /dev/null.
This cloud image:
build_name: server
serial: 20220411.2
...ships with a "user-modified" /etc/ssh/ sshd_config. This results in a confusing ucf prompt when upgrading from Focal to Jammy.
It looks like this is being done here: https:/ /git.launchpad. net/ubuntu/ +source/ livecd- rootfs/ tree/live- build/ubuntu- cpc/hooks. d/chroot/ 052-ssh_ authentication. chroot
User impact: this messes up automation; it is a common use of cloud images for users to automate their server deployments which generally involves running a dist-upgrade and then bootstrapping some kind of configuration management system.
As well as during an upgrade between releases, this will happen if openssh-server needs to change its /etc/ssh/ sshd_config in an SRU or security update. Even users who have not touched /etc/ssh/ sshd_config will be told that they have and the default is to keep the user "modified" version, so the change will not be applied.
Workaround: users can use something like: apt-get update && UCF_FORCE_CONFOLD=1 apt-get -y dist-upgrade. Note that to avoid prompts in various other cases users should also set DEBIAN_ FRONTEND= noninteractive, run apt-get with -o Dpkg::Options: :="--force- confdef" -o Dpkg::Options: :="--force- confold" and consider redirecting stdin from /dev/null.
Background:
This has happened multiple times before. Please put CI in place to avoid this regressing again. See bug 1485685, bug 1581044, bug 1581046, bug 1323772, bug 1747464.