All of the other configuration options are just ignored, if specified repetitively, but Subystem will prevent sshd from starting. This is unexpected and undocumented in manual page and something that might become more common issue with the Include support. I would like to suggest this option would behave same as all the others, maybe downgrading the log level of the message. The other option would be to document it in the manual page that the same subsystem can not repeat (yet another exception from configuration parsing rules). Reproducer: # echo "Subsystem sftp internal-sftp" >> /etc/ssh/sshd_config (repeat if it was not there before) # sshd -T /etc/ssh/sshd_config line 131: Subsystem 'sftp' already defined. # echo $? 255
I just ran into this issue yesterday. I prefer not to modify the main config so that future updates cannot overwrite my changes, and so that the main config is always up to date. So I used the include feature to overwrite "Subsystem sftp", however, sshd would not start. If I had not found this bug report I would probably not have found the issue.
I faced the same issue, hence would also like to be able to override an existing Subsystem setting in /etc/ssh/sshd_config with one in /etc/ssh/sshd_config.d/.
This has also been reported downstream at the Debian bug tracker: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998834
I ran into this issue has well and that was kinda frustrating because it seems this is the only setting that behave like this!
Created attachment 3591 [details] Make repeated Subsystem directives non-fatal