Accepting request 965435 from home:lnussel:branches:network

- read ssh and sshd config file also from /usr/etc
- add openssh-server-config-rootlogin subpackage that enabled PermitRootLogin

OBS-URL: https://build.opensuse.org/request/show/965435
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=238
This commit is contained in:
Hans Petter Jansson 2022-04-29 00:45:48 +00:00 committed by Git OBS Bridge
parent 0957114f91
commit 859cab66f6
3 changed files with 42 additions and 15 deletions

View File

@ -1,32 +1,36 @@
diff -ur openssh-8.4p1.orig/ssh_config openssh-8.4p1/ssh_config Index: openssh-8.9p1/ssh_config
--- openssh-8.4p1.orig/ssh_config 2021-01-27 14:43:22.698144889 +0100 ===================================================================
+++ openssh-8.4p1/ssh_config 2021-01-27 14:40:46.170143382 +0100 --- openssh-8.9p1.orig/ssh_config
@@ -17,6 +17,12 @@ +++ openssh-8.9p1/ssh_config
@@ -16,6 +16,13 @@
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the # list of available options, their meanings and defaults, please see the
# ssh_config(5) man page. # ssh_config(5) man page.
+Include /usr/etc/ssh/ssh_config.d/*.conf
+
+# To modify the system-wide ssh configuration, create a "*.conf" file under +# To modify the system-wide ssh configuration, create a "*.conf" file under
+# "/etc/ssh/ssh_config.d/" which will be automatically included below. +# "/etc/ssh/ssh_config.d/" which will be automatically included below.
+# Don't edit this configuration file itself if possible to avoid update +# Don't edit this configuration file itself if possible to avoid update
+# problems. +# problems.
+Include /etc/ssh/ssh_config.d/*.conf +Include /etc/ssh/ssh_config.d/*.conf
+
Host * Host *
# ForwardAgent no # ForwardAgent no
# ForwardX11 no Index: openssh-8.9p1/sshd_config
diff -ur openssh-8.4p1.orig/sshd_config openssh-8.4p1/sshd_config ===================================================================
--- openssh-8.4p1.orig/sshd_config 2020-09-27 09:25:01.000000000 +0200 --- openssh-8.9p1.orig/sshd_config
+++ openssh-8.4p1/sshd_config 2021-01-27 14:21:23.070132184 +0100 +++ openssh-8.9p1/sshd_config
@@ -10,6 +10,12 @@ @@ -9,6 +9,13 @@
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the # possible, but leave them commented. Uncommented options override the
# default value. # default value.
+Include /usr/etc/ssh/sshd_config.d/*.conf
+
+# To modify the system-wide sshd configuration, create a "*.conf" file under +# To modify the system-wide sshd configuration, create a "*.conf" file under
+# "/etc/ssh/sshd_config.d/" which will be automatically included below. +# "/etc/ssh/sshd_config.d/" which will be automatically included below.
+# Don't edit this configuration file itself if possible to avoid update +# Don't edit this configuration file itself if possible to avoid update
+# problems. +# problems.
+Include /etc/ssh/sshd_config.d/*.conf +Include /etc/ssh/sshd_config.d/*.conf
+
#Port 22 #Port 22
#AddressFamily any #AddressFamily any
#ListenAddress 0.0.0.0

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Mar 28 15:00:52 UTC 2022 - Ludwig Nussel <lnussel@suse.de>
- read ssh and sshd config file also from /usr/etc
- add openssh-server-config-rootlogin subpackage that enabled PermitRootLogin
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Mar 7 18:00:09 UTC 2022 - Hans Petter Jansson <hpj@suse.com> Mon Mar 7 18:00:09 UTC 2022 - Hans Petter Jansson <hpj@suse.com>

View File

@ -191,6 +191,17 @@ also be forwarded over the secure channel.
This package contains the Secure Shell daemon, which allows clients to This package contains the Secure Shell daemon, which allows clients to
securely connect to your server. securely connect to your server.
%package server-config-rootlogin
Summary: Config to permit root logins to sshd
Group: Productivity/Networking/SSH
Requires: %{name}-server = %{version}-%{release}
%description server-config-rootlogin
The openssh-server package by default disallows password based
root logins. This package provides a config that does. It's useful
to temporarily have a password based login to be able to use
ssh-copy-id(1).
%package clients %package clients
Summary: SSH (Secure Shell) client applications Summary: SSH (Secure Shell) client applications
Group: Productivity/Networking/SSH Group: Productivity/Networking/SSH
@ -321,10 +332,11 @@ install -m 644 contrib/ssh-copy-id.1 %{buildroot}%{_mandir}/man1
sed -i -e s@%{_prefix}/libexec@%{_libexecdir}@g %{buildroot}%{_sysconfdir}/ssh/sshd_config sed -i -e s@%{_prefix}/libexec@%{_libexecdir}@g %{buildroot}%{_sysconfdir}/ssh/sshd_config
# Move /etc to /usr/etc/ssh # Move /etc to /usr/etc/ssh
mkdir -p %{buildroot}%{_distconfdir}/ssh mkdir -p %{buildroot}%{_distconfdir}/ssh/ssh{,d}_config.d
mv %{buildroot}%{_sysconfdir}/ssh/moduli %{buildroot}%{_distconfdir}/ssh/ mv %{buildroot}%{_sysconfdir}/ssh/moduli %{buildroot}%{_distconfdir}/ssh/
mv %{buildroot}%{_sysconfdir}/ssh/ssh_config %{buildroot}%{_distconfdir}/ssh/ mv %{buildroot}%{_sysconfdir}/ssh/ssh_config %{buildroot}%{_distconfdir}/ssh/
mv %{buildroot}%{_sysconfdir}/ssh/sshd_config %{buildroot}%{_distconfdir}/ssh/ mv %{buildroot}%{_sysconfdir}/ssh/sshd_config %{buildroot}%{_distconfdir}/ssh/
echo "PermitRootLogin yes" > %{buildroot}%{_distconfdir}/ssh/sshd_config.d/50-permit-root-login.conf
%if 0%{?suse_version} < 1550 %if 0%{?suse_version} < 1550
# install firewall definitions # install firewall definitions
@ -419,6 +431,7 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss
%doc README.SUSE README.kerberos README.FIPS ChangeLog OVERVIEW README TODO CREDITS %doc README.SUSE README.kerberos README.FIPS ChangeLog OVERVIEW README TODO CREDITS
%attr(0755,root,root) %dir %{_sysconfdir}/ssh %attr(0755,root,root) %dir %{_sysconfdir}/ssh
%attr(0755,root,root) %dir %{_distconfdir}/ssh %attr(0755,root,root) %dir %{_distconfdir}/ssh
%attr(0755,root,root) %dir /usr/etc/ssh/ssh_config.d
%attr(0600,root,root) %{_distconfdir}/ssh/moduli %attr(0600,root,root) %{_distconfdir}/ssh/moduli
%attr(0444,root,root) %{_mandir}/man1/ssh-keygen.1* %attr(0444,root,root) %{_mandir}/man1/ssh-keygen.1*
%attr(0444,root,root) %{_mandir}/man5/moduli.5* %attr(0444,root,root) %{_mandir}/man5/moduli.5*
@ -431,6 +444,7 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss
%dir %attr(0755,root,root) %{_localstatedir}/lib/sshd %dir %attr(0755,root,root) %{_localstatedir}/lib/sshd
%dir %attr(0755,root,root) %{_sysconfdir}/ssh/sshd_config.d %dir %attr(0755,root,root) %{_sysconfdir}/ssh/sshd_config.d
%attr(0755,root,root) %dir %{_distconfdir}/ssh %attr(0755,root,root) %dir %{_distconfdir}/ssh
%attr(0755,root,root) %dir /usr/etc/ssh/sshd_config.d
%attr(0640,root,root) %{_distconfdir}/ssh/sshd_config %attr(0640,root,root) %{_distconfdir}/ssh/sshd_config
%if %{defined _distconfdir} %if %{defined _distconfdir}
%attr(0644,root,root) %{_distconfdir}/pam.d/sshd %attr(0644,root,root) %{_distconfdir}/pam.d/sshd
@ -452,6 +466,9 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss
%config %{_fwdefdir}/sshd %config %{_fwdefdir}/sshd
%endif %endif
%files server-config-rootlogin
%{_distconfdir}/ssh/sshd_config.d/50-permit-root-login.conf
%files clients %files clients
%dir %attr(0755,root,root) %{_sysconfdir}/ssh/ssh_config.d %dir %attr(0755,root,root) %{_sysconfdir}/ssh/ssh_config.d
%attr(0644,root,root) %{_distconfdir}/ssh/ssh_config %attr(0644,root,root) %{_distconfdir}/ssh/ssh_config