FYI,
Beware that apt-get dist-upgrade on your rootfs could lock you out from root login through SSH (if you don't have a normal user account to log in through SSH, or if you don't have a serial connection).
http://lists.mindrot.org/pipermail/openssh-unix-announce/2015-August/000122.html
Beware that apt-get dist-upgrade on your rootfs could lock you out from root login through SSH (if you don't have a normal user account to log in through SSH, or if you don't have a serial connection).
Quote
Potentially-incompatible Changes
--------------------------------
* Support for the legacy SSH version 1 protocol is disabled by
default at compile time.
* Support for the 1024-bit diffie-hellman-group1-sha1 key exchange
is disabled by default at run-time. It may be re-enabled using
the instructions at http://www.openssh.com/legacy.html
* Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled
by default at run-time. These may be re-enabled using the
instructions at http://www.openssh.com/legacy.html
* Support for the legacy v00 cert format has been removed.
* The default for the sshd_config(5) PermitRootLogin option has
changed from "yes" to "prohibit-password".
* PermitRootLogin=without-password/prohibit-password now bans all
interactive authentication methods, allowing only public-key,
hostbased and GSSAPI authentication (previously it permitted
keyboard-interactive and password-less authentication if those
were enabled).
http://lists.mindrot.org/pipermail/openssh-unix-announce/2015-August/000122.html