###############################################################################
name = openssh
-version = 7.3p1
+version = 7.4p1
release = 1
groups = Application/Internet
# Disable GSS API authentication because KRB5 is required for that.
sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
- # Enable PAM usage, disable ChallengeResponseAuthentication and disable Motd.
+ # Enable PAM usage, disable ChallengeResponseAuthentication, enable root login and disable Motd.
sed \
-e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
-e '/^#PrintMotd yes$/c PrintMotd no' \
-e '/^#UsePAM no$/c UsePAM yes' \
+ -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
-i %{BUILDROOT}/etc/ssh/sshd_config
# Install scriptfile for key generation
%{sysconfdir}/ssh/sshd_config
%{unitdir}/sshd.service
%{unitdir}/sshd-keygen.service
+ %{unitdir}/sshd@.service
+ %{unitdir}/sshd.socket
%{libdir}/openssh/sftp-server
%{sbindir}/sshd-keygen
%{sbindir}/sshd
script preun
/bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || :
+ /bin/systemctl --no-reload disable sshd.socket
/bin/systemctl stop sshd.service >/dev/null 2>&1 || :
+ /bin/systemctl stop sshd.socket >/dev/null 2>&1 || :
end
script postun
end
script postup
+ # Enable root login.
+ sed -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
+ -i %{sysconfdir}/ssh/sshd_config
+
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
/bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
#%PAM-1.0
-auth required pam_sepermit.so
auth substack password-auth
auth include postlogin
account required pam_nologin.so
account include password-auth
password include password-auth
-# pam_selinux.so close should be the first session rule
-session required pam_selinux.so close
session required pam_loginuid.so
-# pam_selinux.so open should only be followed by sessions to be executed in the user context
-session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth
session include postlogin
[Unit]
Description=OpenSSH server daemon
-After=syslog.target network.target auditd.service
+After=syslog.target network.target auditd.service sshd-keygen.service
+Wants=sshd-keygen.service
[Service]
-ExecStartPre=/usr/sbin/sshd-keygen
ExecStart=/usr/sbin/sshd -D
ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=on-failure
+RestartSec=30s
[Install]
WantedBy=multi-user.target
--- /dev/null
+[Unit]
+Description=OpenSSH per-connection server daemon
+Documentation=man:sshd(8) man:sshd_config(5)
+Wants=sshd-keygen.service
+After=sshd-keygen.service
+
+[Service]
+ExecStart=-/usr/sbin/sshd -i
+StandardInput=socket