openssh/openssh-9.6p1-crypto-policies.patch
Marcus Meissner 5252cd62e2 Accepting request 1155471 from home:pmonrealgonzalez:branches:network
- Add crypto-policies support [bsc#1211301]
  * Add patches:
    - openssh-9.6p1-crypto-policies.patch
    - openssh-9.6p1-crypto-policies-man.patch

OBS-URL: https://build.opensuse.org/request/show/1155471
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=256
2024-04-04 09:11:25 +00:00

59 lines
2.4 KiB
Diff

Index: openssh-9.6p1/ssh_config
===================================================================
--- openssh-9.6p1.orig/ssh_config
+++ openssh-9.6p1/ssh_config
@@ -17,6 +17,12 @@
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
+# This system is following system-wide crypto policies.
+# To modify the crypto properties (Ciphers, MACs, ...), create a *.conf
+# file under /etc/ssh/ssh_config.d/ which will be automatically
+# included below. For more information, see the manual pages for
+# update-crypto-policies(8) and ssh_config(5).
+
# To modify the system-wide ssh configuration, create a "*.conf" file under
# "/etc/ssh/ssh_config.d/" which will be automatically included below.
# Don't edit this configuration file itself if possible to avoid update
Index: openssh-9.6p1/ssh_config_suse
===================================================================
--- /dev/null
+++ openssh-9.6p1/ssh_config_suse
@@ -0,0 +1,9 @@
+# The options here are in the "Match final block" to be applied as the last
+# options and could be potentially overwritten by the user configuration
+Match final all
+ # Follow system-wide Crypto Policy, if defined:
+ Include /etc/crypto-policies/back-ends/openssh.config
+
+# Uncomment this if you want to use .local domain
+# Host *.local
+
Index: openssh-9.6p1/sshd_config
===================================================================
--- openssh-9.6p1.orig/sshd_config
+++ openssh-9.6p1/sshd_config
@@ -17,6 +17,10 @@ Include /etc/ssh/sshd_config.d/*.conf
# default value.
Include /usr/etc/ssh/sshd_config.d/*.conf
+# To modify the system-wide sshd configuration, create a *.conf file under
+# /etc/ssh/sshd_config.d/ which will be automatically included below
+Include /etc/ssh/sshd_config.d/*.conf
+
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
Index: openssh-9.6p1/sshd_config_suse_cp
===================================================================
--- /dev/null
+++ openssh-9.6p1/sshd_config_suse_cp
@@ -0,0 +1,7 @@
+# This system is following system-wide crypto policy. The changes to
+# crypto properties (Ciphers, MACs, ...) will not have any effect in
+# this or following included files. To override some configuration option,
+# write it before this block or include it before this file.
+# Please, see manual pages for update-crypto-policies(8) and sshd_config(5).
+Include /etc/crypto-policies/back-ends/opensshserver.config
+