Accepting request 965435 from home:lnussel:branches:network
- read ssh and sshd config file also from /usr/etc - add openssh-server-config-rootlogin subpackage that enabled PermitRootLogin OBS-URL: https://build.opensuse.org/request/show/965435 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=238
This commit is contained in:
parent
0957114f91
commit
859cab66f6
@ -1,32 +1,36 @@
|
|||||||
diff -ur openssh-8.4p1.orig/ssh_config openssh-8.4p1/ssh_config
|
Index: openssh-8.9p1/ssh_config
|
||||||
--- openssh-8.4p1.orig/ssh_config 2021-01-27 14:43:22.698144889 +0100
|
===================================================================
|
||||||
+++ openssh-8.4p1/ssh_config 2021-01-27 14:40:46.170143382 +0100
|
--- openssh-8.9p1.orig/ssh_config
|
||||||
@@ -17,6 +17,12 @@
|
+++ openssh-8.9p1/ssh_config
|
||||||
|
@@ -16,6 +16,13 @@
|
||||||
|
# Site-wide defaults for some commonly used options. For a comprehensive
|
||||||
# list of available options, their meanings and defaults, please see the
|
# list of available options, their meanings and defaults, please see the
|
||||||
# ssh_config(5) man page.
|
# ssh_config(5) man page.
|
||||||
|
+Include /usr/etc/ssh/ssh_config.d/*.conf
|
||||||
|
+
|
||||||
+# To modify the system-wide ssh configuration, create a "*.conf" file under
|
+# To modify the system-wide ssh configuration, create a "*.conf" file under
|
||||||
+# "/etc/ssh/ssh_config.d/" which will be automatically included below.
|
+# "/etc/ssh/ssh_config.d/" which will be automatically included below.
|
||||||
+# Don't edit this configuration file itself if possible to avoid update
|
+# Don't edit this configuration file itself if possible to avoid update
|
||||||
+# problems.
|
+# problems.
|
||||||
+Include /etc/ssh/ssh_config.d/*.conf
|
+Include /etc/ssh/ssh_config.d/*.conf
|
||||||
+
|
|
||||||
Host *
|
Host *
|
||||||
# ForwardAgent no
|
# ForwardAgent no
|
||||||
# ForwardX11 no
|
Index: openssh-8.9p1/sshd_config
|
||||||
diff -ur openssh-8.4p1.orig/sshd_config openssh-8.4p1/sshd_config
|
===================================================================
|
||||||
--- openssh-8.4p1.orig/sshd_config 2020-09-27 09:25:01.000000000 +0200
|
--- openssh-8.9p1.orig/sshd_config
|
||||||
+++ openssh-8.4p1/sshd_config 2021-01-27 14:21:23.070132184 +0100
|
+++ openssh-8.9p1/sshd_config
|
||||||
@@ -10,6 +10,12 @@
|
@@ -9,6 +9,13 @@
|
||||||
|
# OpenSSH is to specify options with their default value where
|
||||||
# possible, but leave them commented. Uncommented options override the
|
# possible, but leave them commented. Uncommented options override the
|
||||||
# default value.
|
# default value.
|
||||||
|
+Include /usr/etc/ssh/sshd_config.d/*.conf
|
||||||
|
+
|
||||||
+# To modify the system-wide sshd configuration, create a "*.conf" file under
|
+# To modify the system-wide sshd configuration, create a "*.conf" file under
|
||||||
+# "/etc/ssh/sshd_config.d/" which will be automatically included below.
|
+# "/etc/ssh/sshd_config.d/" which will be automatically included below.
|
||||||
+# Don't edit this configuration file itself if possible to avoid update
|
+# Don't edit this configuration file itself if possible to avoid update
|
||||||
+# problems.
|
+# problems.
|
||||||
+Include /etc/ssh/sshd_config.d/*.conf
|
+Include /etc/ssh/sshd_config.d/*.conf
|
||||||
+
|
|
||||||
#Port 22
|
#Port 22
|
||||||
#AddressFamily any
|
#AddressFamily any
|
||||||
#ListenAddress 0.0.0.0
|
|
||||||
|
@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Mar 28 15:00:52 UTC 2022 - Ludwig Nussel <lnussel@suse.de>
|
||||||
|
|
||||||
|
- read ssh and sshd config file also from /usr/etc
|
||||||
|
- add openssh-server-config-rootlogin subpackage that enabled PermitRootLogin
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Mar 7 18:00:09 UTC 2022 - Hans Petter Jansson <hpj@suse.com>
|
Mon Mar 7 18:00:09 UTC 2022 - Hans Petter Jansson <hpj@suse.com>
|
||||||
|
|
||||||
|
19
openssh.spec
19
openssh.spec
@ -191,6 +191,17 @@ also be forwarded over the secure channel.
|
|||||||
This package contains the Secure Shell daemon, which allows clients to
|
This package contains the Secure Shell daemon, which allows clients to
|
||||||
securely connect to your server.
|
securely connect to your server.
|
||||||
|
|
||||||
|
%package server-config-rootlogin
|
||||||
|
Summary: Config to permit root logins to sshd
|
||||||
|
Group: Productivity/Networking/SSH
|
||||||
|
Requires: %{name}-server = %{version}-%{release}
|
||||||
|
|
||||||
|
%description server-config-rootlogin
|
||||||
|
The openssh-server package by default disallows password based
|
||||||
|
root logins. This package provides a config that does. It's useful
|
||||||
|
to temporarily have a password based login to be able to use
|
||||||
|
ssh-copy-id(1).
|
||||||
|
|
||||||
%package clients
|
%package clients
|
||||||
Summary: SSH (Secure Shell) client applications
|
Summary: SSH (Secure Shell) client applications
|
||||||
Group: Productivity/Networking/SSH
|
Group: Productivity/Networking/SSH
|
||||||
@ -321,10 +332,11 @@ install -m 644 contrib/ssh-copy-id.1 %{buildroot}%{_mandir}/man1
|
|||||||
sed -i -e s@%{_prefix}/libexec@%{_libexecdir}@g %{buildroot}%{_sysconfdir}/ssh/sshd_config
|
sed -i -e s@%{_prefix}/libexec@%{_libexecdir}@g %{buildroot}%{_sysconfdir}/ssh/sshd_config
|
||||||
|
|
||||||
# Move /etc to /usr/etc/ssh
|
# Move /etc to /usr/etc/ssh
|
||||||
mkdir -p %{buildroot}%{_distconfdir}/ssh
|
mkdir -p %{buildroot}%{_distconfdir}/ssh/ssh{,d}_config.d
|
||||||
mv %{buildroot}%{_sysconfdir}/ssh/moduli %{buildroot}%{_distconfdir}/ssh/
|
mv %{buildroot}%{_sysconfdir}/ssh/moduli %{buildroot}%{_distconfdir}/ssh/
|
||||||
mv %{buildroot}%{_sysconfdir}/ssh/ssh_config %{buildroot}%{_distconfdir}/ssh/
|
mv %{buildroot}%{_sysconfdir}/ssh/ssh_config %{buildroot}%{_distconfdir}/ssh/
|
||||||
mv %{buildroot}%{_sysconfdir}/ssh/sshd_config %{buildroot}%{_distconfdir}/ssh/
|
mv %{buildroot}%{_sysconfdir}/ssh/sshd_config %{buildroot}%{_distconfdir}/ssh/
|
||||||
|
echo "PermitRootLogin yes" > %{buildroot}%{_distconfdir}/ssh/sshd_config.d/50-permit-root-login.conf
|
||||||
|
|
||||||
%if 0%{?suse_version} < 1550
|
%if 0%{?suse_version} < 1550
|
||||||
# install firewall definitions
|
# install firewall definitions
|
||||||
@ -419,6 +431,7 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss
|
|||||||
%doc README.SUSE README.kerberos README.FIPS ChangeLog OVERVIEW README TODO CREDITS
|
%doc README.SUSE README.kerberos README.FIPS ChangeLog OVERVIEW README TODO CREDITS
|
||||||
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
|
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
|
||||||
%attr(0755,root,root) %dir %{_distconfdir}/ssh
|
%attr(0755,root,root) %dir %{_distconfdir}/ssh
|
||||||
|
%attr(0755,root,root) %dir /usr/etc/ssh/ssh_config.d
|
||||||
%attr(0600,root,root) %{_distconfdir}/ssh/moduli
|
%attr(0600,root,root) %{_distconfdir}/ssh/moduli
|
||||||
%attr(0444,root,root) %{_mandir}/man1/ssh-keygen.1*
|
%attr(0444,root,root) %{_mandir}/man1/ssh-keygen.1*
|
||||||
%attr(0444,root,root) %{_mandir}/man5/moduli.5*
|
%attr(0444,root,root) %{_mandir}/man5/moduli.5*
|
||||||
@ -431,6 +444,7 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss
|
|||||||
%dir %attr(0755,root,root) %{_localstatedir}/lib/sshd
|
%dir %attr(0755,root,root) %{_localstatedir}/lib/sshd
|
||||||
%dir %attr(0755,root,root) %{_sysconfdir}/ssh/sshd_config.d
|
%dir %attr(0755,root,root) %{_sysconfdir}/ssh/sshd_config.d
|
||||||
%attr(0755,root,root) %dir %{_distconfdir}/ssh
|
%attr(0755,root,root) %dir %{_distconfdir}/ssh
|
||||||
|
%attr(0755,root,root) %dir /usr/etc/ssh/sshd_config.d
|
||||||
%attr(0640,root,root) %{_distconfdir}/ssh/sshd_config
|
%attr(0640,root,root) %{_distconfdir}/ssh/sshd_config
|
||||||
%if %{defined _distconfdir}
|
%if %{defined _distconfdir}
|
||||||
%attr(0644,root,root) %{_distconfdir}/pam.d/sshd
|
%attr(0644,root,root) %{_distconfdir}/pam.d/sshd
|
||||||
@ -452,6 +466,9 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss
|
|||||||
%config %{_fwdefdir}/sshd
|
%config %{_fwdefdir}/sshd
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
%files server-config-rootlogin
|
||||||
|
%{_distconfdir}/ssh/sshd_config.d/50-permit-root-login.conf
|
||||||
|
|
||||||
%files clients
|
%files clients
|
||||||
%dir %attr(0755,root,root) %{_sysconfdir}/ssh/ssh_config.d
|
%dir %attr(0755,root,root) %{_sysconfdir}/ssh/ssh_config.d
|
||||||
%attr(0644,root,root) %{_distconfdir}/ssh/ssh_config
|
%attr(0644,root,root) %{_distconfdir}/ssh/ssh_config
|
||||||
|
Loading…
Reference in New Issue
Block a user