Accepting request 965435 from home:lnussel:branches:network

- read ssh and sshd config file also from /usr/etc - add openssh-server-config-rootlogin subpackage that enabled PermitRootLogin OBS-URL: https://build.opensuse.org/request/show/965435 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=238
2022-04-29 00:45:48 +00:00 · 2022-04-29 00:45:48 +00:00 · 859cab66f6
commit 859cab66f6
parent 0957114f91
3 changed files with 42 additions and 15 deletions
--- a/openssh-8.4p1-ssh_config_d.patch
+++ b/openssh-8.4p1-ssh_config_d.patch
@ -1,32 +1,36 @@
-diff -ur openssh-8.4p1.orig/ssh_config openssh-8.4p1/ssh_config
--- openssh-8.4p1.orig/ssh_config	2021-01-27 14:43:22.698144889 +0100
-+++ openssh-8.4p1/ssh_config	2021-01-27 14:40:46.170143382 +0100
-@@ -17,6 +17,12 @@
+Index: openssh-8.9p1/ssh_config
+===================================================================
+--- openssh-8.9p1.orig/ssh_config
+++ openssh-8.9p1/ssh_config
+@@ -16,6 +16,13 @@
+ # Site-wide defaults for some commonly used options.  For a comprehensive
 # list of available options, their meanings and defaults, please see the
 # ssh_config(5) man page.
- 
+Include /usr/etc/ssh/ssh_config.d/*.conf
+
 +# To modify the system-wide ssh configuration, create a "*.conf" file under
 +# "/etc/ssh/ssh_config.d/" which will be automatically included below.
 +# Don't edit this configuration file itself if possible to avoid update
 +# problems.
 +Include /etc/ssh/ssh_config.d/*.conf
-+
+ 
 Host *
 #   ForwardAgent no
- #   ForwardX11 no
-diff -ur openssh-8.4p1.orig/sshd_config openssh-8.4p1/sshd_config
--- openssh-8.4p1.orig/sshd_config	2020-09-27 09:25:01.000000000 +0200
-+++ openssh-8.4p1/sshd_config	2021-01-27 14:21:23.070132184 +0100
-@@ -10,6 +10,12 @@
+Index: openssh-8.9p1/sshd_config
+===================================================================
+--- openssh-8.9p1.orig/sshd_config
+++ openssh-8.9p1/sshd_config
+@@ -9,6 +9,13 @@
+ # OpenSSH is to specify options with their default value where
 # possible, but leave them commented.  Uncommented options override the
 # default value.
- 
+Include /usr/etc/ssh/sshd_config.d/*.conf
+
 +# To modify the system-wide sshd configuration, create a "*.conf" file under
 +# "/etc/ssh/sshd_config.d/" which will be automatically included below.
 +# Don't edit this configuration file itself if possible to avoid update
 +# problems.
 +Include /etc/ssh/sshd_config.d/*.conf
-+
+ 
 #Port 22
 #AddressFamily any
- #ListenAddress 0.0.0.0
--- a/openssh.changes
+++ b/openssh.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Mar 28 15:00:52 UTC 2022 - Ludwig Nussel <lnussel@suse.de>
+
+- read ssh and sshd config file also from /usr/etc
+- add openssh-server-config-rootlogin subpackage that enabled PermitRootLogin
+
 -------------------------------------------------------------------
 Mon Mar  7 18:00:09 UTC 2022 - Hans Petter Jansson <hpj@suse.com>

--- a/openssh.spec
+++ b/openssh.spec
@ -191,6 +191,17 @@ also be forwarded over the secure channel.
 This package contains the Secure Shell daemon, which allows clients to
 securely connect to your server.

+%package server-config-rootlogin
+Summary:        Config to permit root logins to sshd
+Group:          Productivity/Networking/SSH
+Requires:       %{name}-server = %{version}-%{release}
+
+%description server-config-rootlogin
+The openssh-server package by default disallows password based
+root logins. This package provides a config that does. It's useful
+to temporarily have a password based login to be able to use
+ssh-copy-id(1).
+
 %package clients
 Summary:        SSH (Secure Shell) client applications
 Group:          Productivity/Networking/SSH
@ -321,10 +332,11 @@ install -m 644 contrib/ssh-copy-id.1 %{buildroot}%{_mandir}/man1
 sed -i -e s@%{_prefix}/libexec@%{_libexecdir}@g %{buildroot}%{_sysconfdir}/ssh/sshd_config

 # Move /etc to /usr/etc/ssh
-mkdir -p %{buildroot}%{_distconfdir}/ssh
+mkdir -p %{buildroot}%{_distconfdir}/ssh/ssh{,d}_config.d
 mv %{buildroot}%{_sysconfdir}/ssh/moduli %{buildroot}%{_distconfdir}/ssh/
 mv %{buildroot}%{_sysconfdir}/ssh/ssh_config %{buildroot}%{_distconfdir}/ssh/
 mv %{buildroot}%{_sysconfdir}/ssh/sshd_config %{buildroot}%{_distconfdir}/ssh/
+echo "PermitRootLogin yes" > %{buildroot}%{_distconfdir}/ssh/sshd_config.d/50-permit-root-login.conf

 %if 0%{?suse_version} < 1550
 # install firewall definitions
@ -419,6 +431,7 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss
 %doc README.SUSE README.kerberos README.FIPS ChangeLog OVERVIEW README TODO CREDITS
 %attr(0755,root,root) %dir %{_sysconfdir}/ssh
 %attr(0755,root,root) %dir %{_distconfdir}/ssh
+%attr(0755,root,root) %dir /usr/etc/ssh/ssh_config.d
 %attr(0600,root,root) %{_distconfdir}/ssh/moduli
 %attr(0444,root,root) %{_mandir}/man1/ssh-keygen.1*
 %attr(0444,root,root) %{_mandir}/man5/moduli.5*
@ -431,6 +444,7 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss
 %dir %attr(0755,root,root) %{_localstatedir}/lib/sshd
 %dir %attr(0755,root,root) %{_sysconfdir}/ssh/sshd_config.d
 %attr(0755,root,root) %dir %{_distconfdir}/ssh
+%attr(0755,root,root) %dir /usr/etc/ssh/sshd_config.d
 %attr(0640,root,root) %{_distconfdir}/ssh/sshd_config
 %if %{defined _distconfdir}
 %attr(0644,root,root) %{_distconfdir}/pam.d/sshd
@ -452,6 +466,9 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss
 %config %{_fwdefdir}/sshd
 %endif

+%files server-config-rootlogin
+%{_distconfdir}/ssh/sshd_config.d/50-permit-root-login.conf
+
 %files clients
 %dir %attr(0755,root,root) %{_sysconfdir}/ssh/ssh_config.d
 %attr(0644,root,root) %{_distconfdir}/ssh/ssh_config