From 859cab66f645a9e6d053b4413cfa7568b0e8a6b627e3343fe1357ffb46d565e6 Mon Sep 17 00:00:00 2001 From: Hans Petter Jansson Date: Fri, 29 Apr 2022 00:45:48 +0000 Subject: [PATCH] Accepting request 965435 from home:lnussel:branches:network - read ssh and sshd config file also from /usr/etc - add openssh-server-config-rootlogin subpackage that enabled PermitRootLogin OBS-URL: https://build.opensuse.org/request/show/965435 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=238 --- openssh-8.4p1-ssh_config_d.patch | 32 ++++++++++++++++++-------------- openssh.changes | 6 ++++++ openssh.spec | 19 ++++++++++++++++++- 3 files changed, 42 insertions(+), 15 deletions(-) diff --git a/openssh-8.4p1-ssh_config_d.patch b/openssh-8.4p1-ssh_config_d.patch index 4ff4c61..cdfb2cc 100644 --- a/openssh-8.4p1-ssh_config_d.patch +++ b/openssh-8.4p1-ssh_config_d.patch @@ -1,32 +1,36 @@ -diff -ur openssh-8.4p1.orig/ssh_config openssh-8.4p1/ssh_config ---- openssh-8.4p1.orig/ssh_config 2021-01-27 14:43:22.698144889 +0100 -+++ openssh-8.4p1/ssh_config 2021-01-27 14:40:46.170143382 +0100 -@@ -17,6 +17,12 @@ +Index: openssh-8.9p1/ssh_config +=================================================================== +--- openssh-8.9p1.orig/ssh_config ++++ openssh-8.9p1/ssh_config +@@ -16,6 +16,13 @@ + # Site-wide defaults for some commonly used options. For a comprehensive # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. - ++Include /usr/etc/ssh/ssh_config.d/*.conf ++ +# To modify the system-wide ssh configuration, create a "*.conf" file under +# "/etc/ssh/ssh_config.d/" which will be automatically included below. +# Don't edit this configuration file itself if possible to avoid update +# problems. +Include /etc/ssh/ssh_config.d/*.conf -+ + Host * # ForwardAgent no - # ForwardX11 no -diff -ur openssh-8.4p1.orig/sshd_config openssh-8.4p1/sshd_config ---- openssh-8.4p1.orig/sshd_config 2020-09-27 09:25:01.000000000 +0200 -+++ openssh-8.4p1/sshd_config 2021-01-27 14:21:23.070132184 +0100 -@@ -10,6 +10,12 @@ +Index: openssh-8.9p1/sshd_config +=================================================================== +--- openssh-8.9p1.orig/sshd_config ++++ openssh-8.9p1/sshd_config +@@ -9,6 +9,13 @@ + # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. - ++Include /usr/etc/ssh/sshd_config.d/*.conf ++ +# To modify the system-wide sshd configuration, create a "*.conf" file under +# "/etc/ssh/sshd_config.d/" which will be automatically included below. +# Don't edit this configuration file itself if possible to avoid update +# problems. +Include /etc/ssh/sshd_config.d/*.conf -+ + #Port 22 #AddressFamily any - #ListenAddress 0.0.0.0 diff --git a/openssh.changes b/openssh.changes index f60e3c7..9b76318 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Mar 28 15:00:52 UTC 2022 - Ludwig Nussel + +- read ssh and sshd config file also from /usr/etc +- add openssh-server-config-rootlogin subpackage that enabled PermitRootLogin + ------------------------------------------------------------------- Mon Mar 7 18:00:09 UTC 2022 - Hans Petter Jansson diff --git a/openssh.spec b/openssh.spec index 8754d82..170619c 100644 --- a/openssh.spec +++ b/openssh.spec @@ -191,6 +191,17 @@ also be forwarded over the secure channel. This package contains the Secure Shell daemon, which allows clients to securely connect to your server. +%package server-config-rootlogin +Summary: Config to permit root logins to sshd +Group: Productivity/Networking/SSH +Requires: %{name}-server = %{version}-%{release} + +%description server-config-rootlogin +The openssh-server package by default disallows password based +root logins. This package provides a config that does. It's useful +to temporarily have a password based login to be able to use +ssh-copy-id(1). + %package clients Summary: SSH (Secure Shell) client applications Group: Productivity/Networking/SSH @@ -321,10 +332,11 @@ install -m 644 contrib/ssh-copy-id.1 %{buildroot}%{_mandir}/man1 sed -i -e s@%{_prefix}/libexec@%{_libexecdir}@g %{buildroot}%{_sysconfdir}/ssh/sshd_config # Move /etc to /usr/etc/ssh -mkdir -p %{buildroot}%{_distconfdir}/ssh +mkdir -p %{buildroot}%{_distconfdir}/ssh/ssh{,d}_config.d mv %{buildroot}%{_sysconfdir}/ssh/moduli %{buildroot}%{_distconfdir}/ssh/ mv %{buildroot}%{_sysconfdir}/ssh/ssh_config %{buildroot}%{_distconfdir}/ssh/ mv %{buildroot}%{_sysconfdir}/ssh/sshd_config %{buildroot}%{_distconfdir}/ssh/ +echo "PermitRootLogin yes" > %{buildroot}%{_distconfdir}/ssh/sshd_config.d/50-permit-root-login.conf %if 0%{?suse_version} < 1550 # install firewall definitions @@ -419,6 +431,7 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss %doc README.SUSE README.kerberos README.FIPS ChangeLog OVERVIEW README TODO CREDITS %attr(0755,root,root) %dir %{_sysconfdir}/ssh %attr(0755,root,root) %dir %{_distconfdir}/ssh +%attr(0755,root,root) %dir /usr/etc/ssh/ssh_config.d %attr(0600,root,root) %{_distconfdir}/ssh/moduli %attr(0444,root,root) %{_mandir}/man1/ssh-keygen.1* %attr(0444,root,root) %{_mandir}/man5/moduli.5* @@ -431,6 +444,7 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss %dir %attr(0755,root,root) %{_localstatedir}/lib/sshd %dir %attr(0755,root,root) %{_sysconfdir}/ssh/sshd_config.d %attr(0755,root,root) %dir %{_distconfdir}/ssh +%attr(0755,root,root) %dir /usr/etc/ssh/sshd_config.d %attr(0640,root,root) %{_distconfdir}/ssh/sshd_config %if %{defined _distconfdir} %attr(0644,root,root) %{_distconfdir}/pam.d/sshd @@ -452,6 +466,9 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss %config %{_fwdefdir}/sshd %endif +%files server-config-rootlogin +%{_distconfdir}/ssh/sshd_config.d/50-permit-root-login.conf + %files clients %dir %attr(0755,root,root) %{_sysconfdir}/ssh/ssh_config.d %attr(0644,root,root) %{_distconfdir}/ssh/ssh_config