From cdfe238b7eb4a69b48d0f3251afce0b3564f702d Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 1 Nov 2011 21:10:41 +0100 Subject: [PATCH] openssh: Fix weird configuration files. Configuration files were not recognized as those and had invalid options. --- openssh/openssh.nm | 14 ++++-- openssh/sshd_config | 117 -------------------------------------------- 2 files changed, 11 insertions(+), 120 deletions(-) delete mode 100644 openssh/sshd_config diff --git a/openssh/openssh.nm b/openssh/openssh.nm index 2555f7e26..59bdc3cc9 100644 --- a/openssh/openssh.nm +++ b/openssh/openssh.nm @@ -5,7 +5,7 @@ name = openssh version = 5.9p1 -release = 1 +release = 2 groups = Application/Internet url = http://www.openssh.com/portable.html @@ -81,8 +81,8 @@ build end install_cmds - mkdir -pv %{BUILDROOT}/etc/ssh - cp -vf %{DIR_SOURCE}/sshd_config %{BUILDROOT}/etc/ssh/sshd_config + # Disable GSS API authentication because KRB5 is required for that. + sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config # Install scriptfile for key generation install -m 754 %{DIR_SOURCE}/ssh-keygen %{BUILDROOT}/usr/lib/openssh/ @@ -121,6 +121,10 @@ packages /usr/share/man/cat5/ssh_config.5 /usr/share/man/cat8/ssh-pkcs11-helper.8 end + + configfiles + /etc/ssh/ssh_config + end end package openssh-server @@ -145,6 +149,10 @@ packages /var/lib/sshd end + configfiles + /etc/ssh/sshd_config + end + prerequires = shadow-utils systemd-units script prein diff --git a/openssh/sshd_config b/openssh/sshd_config deleted file mode 100644 index dbf322826..000000000 --- a/openssh/sshd_config +++ /dev/null @@ -1,117 +0,0 @@ -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options change a -# default value. - -Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -# Disable legacy (protocol version 1) support in the server for new -# installations. In future the default will change to require explicit -# activation of protocol 1 -Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key - -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - -# Logging -# obsoletes QuietMode and FascistLogging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -LoginGraceTime 30s -#PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -RSAAuthentication yes -PubkeyAuthentication yes -#AuthorizedKeysFile .ssh/authorized_keys - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication -IgnoreUserKnownHosts yes -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -ChallengeResponseAuthentication yes - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -AllowTcpForwarding yes -#GatewayPorts no -X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PrintMotd yes -#PrintLastLog yes -#TCPKeepAlive yes -#UseLogin no -#UsePrivilegeSeparation yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS yes -#PidFile /var/run/sshd.pid -MaxStartups 5 -#PermitTunnel no -#ChrootDirectory none - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp /usr/lib/openssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# ForceCommand cvs server -- 2.39.2