diff options
author | Arkadiusz Miśkiewicz | 2023-11-28 08:33:29 (GMT) |
---|---|---|
committer | Arkadiusz Miśkiewicz | 2023-11-28 08:33:39 (GMT) |
commit | 89a1e09d7873caca43006c775ce6202bf7d1cd22 (patch) | |
tree | ea891b3c3c2bb6cee578a0fa19e7a88e69e31b3f | |
parent | 93d4b57b4d409482f6580b375cf01098ee3a0a2a (diff) | |
download | openssh-89a1e09d7873caca43006c775ce6202bf7d1cd22.zip openssh-89a1e09d7873caca43006c775ce6202bf7d1cd22.tar.gz |
Rel 7; migrate pld configs to /etc/ssh/ssh{,d}_config.d/50-pld.conf
-rw-r--r-- | openssh.spec | 11 | ||||
-rw-r--r-- | pld-ssh_config | 14 | ||||
-rw-r--r-- | pld-sshd_config | 12 |
3 files changed, 36 insertions, 1 deletions
diff --git a/openssh.spec b/openssh.spec index 679f814..9abd718 100644 --- a/openssh.spec +++ b/openssh.spec @@ -37,7 +37,7 @@ Summary(ru.UTF-8): OpenSSH - свободная реализация прото Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH) Name: openssh Version: 9.5p1 -Release: 6 +Release: 7 Epoch: 2 License: BSD Group: Applications/Networking @@ -55,6 +55,8 @@ Source9: sshd.service Source10: sshd-keygen Source11: sshd.socket Source12: sshd@.service +Source13: pld-ssh_config +Source14: pld-sshd_config Patch100: %{name}-git.patch # Patch100-md5: eb723cc4f21efc32752161d539c9c5e9 Patch0: %{name}-no-pty-tests.patch @@ -639,6 +641,7 @@ cd contrib rm -rf $RPM_BUILD_ROOT install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \ $RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir},%{systemdunitdir}} +install -d $RPM_BUILD_ROOT%{_sysconfdir}/ssh{,d}_config.d install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d} %{__make} install \ @@ -652,6 +655,8 @@ cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir} +cp -p %{SOURCE13} $RPM_BUILD_ROOT%{_sysconfdir}/ssh_config.d/50-pld.conf +cp -p %{SOURCE14} $RPM_BUILD_ROOT%{_sysconfdir}/sshd_config.d/50-pld.conf cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir} cp -p %{SOURCE9} %{SOURCE11} %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir} @@ -814,6 +819,8 @@ fi %attr(755,root,root) %{_bindir}/scp %attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config +%dir %{_sysconfdir}/ssh_config.d +%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config.d/50-pld.conf %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS %{_mandir}/man1/scp.1* %{_mandir}/man1/ssh.1* @@ -858,6 +865,8 @@ fi %{_mandir}/man5/sshd_config.5* %{_mandir}/man5/moduli.5* %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config +%attr(750,root,root) %dir %{_sysconfdir}/sshd_config.d +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config.d/50-pld.conf %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd %{_sysconfdir}/moduli %attr(754,root,root) /etc/rc.d/init.d/sshd diff --git a/pld-ssh_config b/pld-ssh_config new file mode 100644 index 0000000..9329fa6 --- /dev/null +++ b/pld-ssh_config @@ -0,0 +1,14 @@ +# The options here are in the "Match final block" to be applied as the last +# options and could be potentially overwritten by the user configuration +Match final all + + GSSAPIAuthentication yes + +# If this option is set to yes then remote X11 clients will have full access +# to the original X11 server. As some X11 clients don't support the untrusted +# mode correctly, you might consider changing this to 'yes' or using '-Y'. +# ForwardX11Trusted no + +# Send locale-related environment variables, also pass some GIT vars + SendEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL + diff --git a/pld-sshd_config b/pld-sshd_config new file mode 100644 index 0000000..d3462e5 --- /dev/null +++ b/pld-sshd_config @@ -0,0 +1,12 @@ +PermitRootLogin no + +GSSAPIAuthentication yes + +UsePAM yes + +# Accept locale-related environment variables, also accept some GIT vars +AcceptEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL + +# Uncomment this if you want to use .local domain +#Host *.local +# CheckHostIP no |