Accepting request 1174779 from home:alarrosa:branches:network:openssh-permit-root-login
- Remove the recommendation for openssh-server-config-rootlogin from openssh-server. Since the default for that config option was changed in SLE it's not needed anymore in SLE nor in TW (boo#1224392). - Add a warning in %post of openssh-clients, openssh-server and openssh-server-config-disallow-rootlogin to warn the user if the /etc/ssh/(ssh_config.d|sshd_config.d) directories are not being used (bsc#1223486). OBS-URL: https://build.opensuse.org/request/show/1174779 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=267
This commit is contained in:
parent
f2379e82ce
commit
e11bee9499
@ -1,3 +1,19 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri May 17 07:45:38 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
|
||||
|
||||
- Remove the recommendation for openssh-server-config-rootlogin
|
||||
from openssh-server. Since the default for that config option
|
||||
was changed in SLE it's not needed anymore in SLE nor in TW
|
||||
(boo#1224392).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 14 19:29:05 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
|
||||
|
||||
- Add a warning in %post of openssh-clients, openssh-server and
|
||||
openssh-server-config-disallow-rootlogin to warn the user if
|
||||
the /etc/ssh/(ssh_config.d|sshd_config.d) directories are not
|
||||
being used (bsc#1223486).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon May 13 15:27:37 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
|
||||
|
||||
|
32
openssh.spec
32
openssh.spec
@ -197,9 +197,6 @@ Group: Productivity/Networking/SSH
|
||||
Requires: %{name}-common = %{version}-%{release}
|
||||
Requires: crypto-policies >= 20220824
|
||||
Recommends: audit
|
||||
%if 0%{without allow_root_password_login_by_default}
|
||||
Recommends: openssh-server-config-rootlogin
|
||||
%endif
|
||||
Requires(pre): findutils
|
||||
Requires(pre): grep
|
||||
Requires(post): %fillup_prereq
|
||||
@ -466,6 +463,15 @@ test -f /etc/ssh/sshd_config.rpmsave && mv -v /etc/ssh/sshd_config.rpmsave /etc/
|
||||
%{fillup_only -n ssh}
|
||||
%service_add_post sshd.service
|
||||
|
||||
%if ! %{defined _distconfdir}
|
||||
test -f /etc/ssh/sshd_config && (grep -q "^Include /etc/ssh/sshd_config\.d/\*\.conf" /etc/ssh/sshd_config || ( \
|
||||
echo "WARNING: /etc/ssh/sshd_config doesn't include config files from"
|
||||
echo " /etc/ssh/sshd_config.d/ . The crypto-policies configuration won't"
|
||||
echo "be honored until the following line is added at the start of"
|
||||
echo "/etc/ssh/sshd_config :"
|
||||
echo "Include /etc/ssh/sshd_config.d/*.conf" ) ) ||:
|
||||
%endif
|
||||
|
||||
%preun server
|
||||
%service_del_preun sshd.service
|
||||
|
||||
@ -479,6 +485,16 @@ else
|
||||
%service_del_postun sshd.service
|
||||
fi
|
||||
|
||||
%if ! %{defined _distconfdir}
|
||||
%post server-config-disallow-rootlogin
|
||||
test -f /etc/ssh/sshd_config && (grep -q "^Include /etc/ssh/sshd_config\.d/\*\.conf" /etc/ssh/sshd_config || ( \
|
||||
echo "WARNING: /etc/ssh/sshd_config doesn't include config files from"
|
||||
echo " /etc/ssh/sshd_config.d/ . The config file installed by"
|
||||
echo "openssh-server-config-disallow-rootlogin won't be used until"
|
||||
echo "the following line is added at the start of /etc/ssh/sshd_config :"
|
||||
echo "Include /etc/ssh/sshd_config.d/*.conf" ) ) ||:
|
||||
%endif
|
||||
|
||||
%if %{defined _distconfdir}
|
||||
%posttrans server
|
||||
# Migration to /usr/etc.
|
||||
@ -492,6 +508,16 @@ test -f /etc/ssh/sshd_config.rpmsave && mv -v /etc/ssh/sshd_config.rpmsave /etc/
|
||||
test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ssh/ssh_config.rpmsave.old ||:
|
||||
%endif
|
||||
|
||||
%if ! %{defined _distconfdir}
|
||||
%post clients
|
||||
test -f /etc/ssh/ssh_config && (grep -q "^Include /etc/ssh/ssh_config\.d/\*\.conf" /etc/ssh/ssh_config || ( \
|
||||
echo "WARNING: /etc/ssh/ssh_config doesn't include config files from"
|
||||
echo " /etc/ssh/ssh_config.d/ . The crypto-policies configuration won't"
|
||||
echo "be honored until the following line is added at the start of"
|
||||
echo "/etc/ssh/ssh_config :"
|
||||
echo "Include /etc/ssh/ssh_config.d/*.conf" ) ) ||:
|
||||
%endif
|
||||
|
||||
%if %{defined _distconfdir}
|
||||
%posttrans clients
|
||||
# Migration to /usr/etc.
|
||||
|
Loading…
Reference in New Issue
Block a user