Hello Jaap!
(I always am confused what is your first name !)
Well, since a long time, I have to manually remove in sshd_config from the following:
Subsystem sftp /usr/lib/sftp-server-server
—> Subsystem sftp /usr/lib/sftp
OR:
—> Subsystem sftp internal-sftp
The sh script simply adds without any detection, if the current one is correct. Consequently, it cannot allow ssh login.
While this has never troubled me and I have everything under control and am able to find my way out, I just thought it would be correct to post it here.
If the sed can check before application, that can help. This isn’t difficult, like if the last word of that line is “sftp-server” || “internal-sftp”, skip and dont patch, etc.