jonathan/openssh
1
0
Fork 0
forked from rpms/openssh
Code Pull Requests Activity

Disable manual reading of MOTD by default

Browse Source
This commit is contained in:
Jakub Jelen 2018-07-03 11:26:01 +02:00
parent 191bbb979e
commit 6c68d655b2
2 changed files with 34 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
openssh-6.6p1-redhat.patch → openssh-7.7p1-redhat.patch
View File

@ -1,7 +1,7 @@
diff -up openssh-7.4p1/ssh_config.redhat openssh-7.4p1/ssh_config diff -up openssh-7.7p1/ssh_config.redhat openssh-7.7p1/ssh_config
--- openssh-7.4p1/ssh_config.redhat 2016-12-19 05:59:41.000000000 +0100 --- openssh-7.7p1/ssh_config.redhat 2018-04-02 07:38:28.000000000 +0200
+++ openssh-7.4p1/ssh_config 2016-12-23 13:32:00.045220402 +0100 +++ openssh-7.7p1/ssh_config 2018-07-03 10:44:06.522245125 +0200
@@ -48,3 +48,7 @@ @@ -44,3 +44,7 @@
# VisualHostKey no # VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com # ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h # RekeyLimit 1G 1h
@ -9,9 +9,9 @@ diff -up openssh-7.4p1/ssh_config.redhat openssh-7.4p1/ssh_config
+# To modify the system-wide ssh configuration, create a *.conf file under +# To modify the system-wide ssh configuration, create a *.conf file under
+# /etc/ssh/ssh_config.d/ which will be automatically included below +# /etc/ssh/ssh_config.d/ which will be automatically included below
+Include /etc/ssh/ssh_config.d/*.conf +Include /etc/ssh/ssh_config.d/*.conf
diff -up openssh-7.4p1/ssh_config_redhat.redhat openssh-7.4p1/ssh_config_redhat diff -up openssh-7.7p1/ssh_config_redhat.redhat openssh-7.7p1/ssh_config_redhat
--- openssh-7.4p1/ssh_config_redhat.redhat 2016-12-23 13:32:00.045220402 +0100 --- openssh-7.7p1/ssh_config_redhat.redhat 2018-07-03 10:44:06.522245125 +0200
+++ openssh-7.4p1/ssh_config_redhat 2016-12-23 13:32:00.045220402 +0100 +++ openssh-7.7p1/ssh_config_redhat 2018-07-03 10:44:06.522245125 +0200
@@ -0,0 +1,20 @@ @@ -0,0 +1,20 @@
+# Follow system-wide Crypto Policy, if defined: +# Follow system-wide Crypto Policy, if defined:
+Include /etc/crypto-policies/back-ends/openssh.config +Include /etc/crypto-policies/back-ends/openssh.config
@ -33,10 +33,10 @@ diff -up openssh-7.4p1/ssh_config_redhat.redhat openssh-7.4p1/ssh_config_redhat
+ SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT + SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+ SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE + SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+ SendEnv XMODIFIERS + SendEnv XMODIFIERS
diff -up openssh-7.4p1/sshd_config.0.redhat openssh-7.4p1/sshd_config.0 diff -up openssh-7.7p1/sshd_config.0.redhat openssh-7.7p1/sshd_config.0
--- openssh-7.4p1/sshd_config.0.redhat 2016-12-19 06:21:22.000000000 +0100 --- openssh-7.7p1/sshd_config.0.redhat 2018-04-02 07:39:27.000000000 +0200
+++ openssh-7.4p1/sshd_config.0 2016-12-23 13:32:00.045220402 +0100 +++ openssh-7.7p1/sshd_config.0 2018-07-03 10:44:06.523245133 +0200
@@ -837,9 +837,9 @@ DESCRIPTION @@ -872,9 +872,9 @@ DESCRIPTION
SyslogFacility SyslogFacility
Gives the facility code that is used when logging messages from Gives the facility code that is used when logging messages from
@ -49,10 +49,10 @@ diff -up openssh-7.4p1/sshd_config.0.redhat openssh-7.4p1/sshd_config.0
TCPKeepAlive TCPKeepAlive
Specifies whether the system should send TCP keepalive messages Specifies whether the system should send TCP keepalive messages
diff -up openssh-7.4p1/sshd_config.5.redhat openssh-7.4p1/sshd_config.5 diff -up openssh-7.7p1/sshd_config.5.redhat openssh-7.7p1/sshd_config.5
--- openssh-7.4p1/sshd_config.5.redhat 2016-12-19 05:59:41.000000000 +0100 --- openssh-7.7p1/sshd_config.5.redhat 2018-04-02 07:38:28.000000000 +0200
+++ openssh-7.4p1/sshd_config.5 2016-12-23 13:32:00.046220403 +0100 +++ openssh-7.7p1/sshd_config.5 2018-07-03 10:44:06.523245133 +0200
@@ -1393,7 +1393,7 @@ By default no subsystems are defined. @@ -1461,7 +1461,7 @@ By default no subsystems are defined.
.It Cm SyslogFacility .It Cm SyslogFacility
Gives the facility code that is used when logging messages from Gives the facility code that is used when logging messages from
.Xr sshd 8 . .Xr sshd 8 .
@ -61,9 +61,9 @@ diff -up openssh-7.4p1/sshd_config.5.redhat openssh-7.4p1/sshd_config.5
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH. The default is AUTH.
.It Cm TCPKeepAlive .It Cm TCPKeepAlive
diff -up openssh-7.4p1/sshd_config.redhat openssh-7.4p1/sshd_config diff -up openssh-7.7p1/sshd_config.redhat openssh-7.7p1/sshd_config
--- openssh-7.4p1/sshd_config.redhat 2016-12-19 05:59:41.000000000 +0100 --- openssh-7.7p1/sshd_config.redhat 2018-04-02 07:38:28.000000000 +0200
+++ openssh-7.4p1/sshd_config 2016-12-23 13:33:05.386233133 +0100 +++ openssh-7.7p1/sshd_config 2018-07-03 10:45:16.950782466 +0200
@@ -10,20 +10,34 @@ @@ -10,20 +10,34 @@
# possible, but leave them commented. Uncommented options override the # possible, but leave them commented. Uncommented options override the
# default value. # default value.
@ -78,9 +78,9 @@ diff -up openssh-7.4p1/sshd_config.redhat openssh-7.4p1/sshd_config
#ListenAddress :: #ListenAddress ::
-#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key
-#HostKey /etc/ssh/ssh_host_ed25519_key -#HostKey /etc/ssh/ssh_host_ed25519_key
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key +HostKey /etc/ssh/ssh_host_ed25519_key
@ -88,7 +88,7 @@ diff -up openssh-7.4p1/sshd_config.redhat openssh-7.4p1/sshd_config
#RekeyLimit default none #RekeyLimit default none
+# System-wide Crypto policy: +# System-wide Crypto policy:
+# If this system is following system-wide crypto policy, the changes to +# This system is following system-wide crypto policy. The changes to
+# Ciphers, MACs, KexAlgoritms and GSSAPIKexAlgorithsm will not have any +# Ciphers, MACs, KexAlgoritms and GSSAPIKexAlgorithsm will not have any
+# effect here. They will be overridden by command-line options passed on +# effect here. They will be overridden by command-line options passed on
+# the server start up. +# the server start up.
@ -102,7 +102,7 @@ diff -up openssh-7.4p1/sshd_config.redhat openssh-7.4p1/sshd_config
#LogLevel INFO #LogLevel INFO
# Authentication: # Authentication:
@@ -57,9 +62,11 @@ AuthorizedKeysFile .ssh/authorized_keys @@ -56,9 +70,11 @@ AuthorizedKeysFile .ssh/authorized_keys
# To disable tunneled clear text passwords, change to no here! # To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes #PasswordAuthentication yes
#PermitEmptyPasswords no #PermitEmptyPasswords no
@ -114,7 +114,7 @@ diff -up openssh-7.4p1/sshd_config.redhat openssh-7.4p1/sshd_config
# Kerberos options # Kerberos options
#KerberosAuthentication no #KerberosAuthentication no
@@ -68,8 +75,8 @@ AuthorizedKeysFile .ssh/authorized_keys @@ -67,8 +83,8 @@ AuthorizedKeysFile .ssh/authorized_keys
#KerberosGetAFSToken no #KerberosGetAFSToken no
# GSSAPI options # GSSAPI options
@ -125,7 +125,7 @@ diff -up openssh-7.4p1/sshd_config.redhat openssh-7.4p1/sshd_config
# Set this to 'yes' to enable PAM authentication, account processing, # Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will # and session processing. If this is enabled, PAM authentication will
@@ -80,12 +87,12 @@ AuthorizedKeysFile .ssh/authorized_keys @@ -79,16 +95,20 @@ AuthorizedKeysFile .ssh/authorized_keys
# If you just want the PAM account and session checks to run without # If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication # PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'. # and ChallengeResponseAuthentication to 'no'.
@ -140,7 +140,16 @@ diff -up openssh-7.4p1/sshd_config.redhat openssh-7.4p1/sshd_config
#X11DisplayOffset 10 #X11DisplayOffset 10
#X11UseLocalhost yes #X11UseLocalhost yes
#PermitTTY yes #PermitTTY yes
@@ -108,6 +115,12 @@ AuthorizedKeysFile .ssh/authorized_keys -#PrintMotd yes
+
+# It is recommended to use pam_motd in /etc/pam.d/ssh instead of PrintMotd,
+# as it is more configurable and versatile than the built-in version.
+PrintMotd no
+
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
@@ -106,6 +126,12 @@ AuthorizedKeysFile .ssh/authorized_keys
# no default banner path # no default banner path
#Banner none #Banner none

2
openssh.spec
View File

@ -156,7 +156,7 @@ Patch702: openssh-5.1p1-askpass-progress.patch
#https://bugzilla.redhat.com/show_bug.cgi?id=198332 #https://bugzilla.redhat.com/show_bug.cgi?id=198332
Patch703: openssh-4.3p2-askpass-grab-info.patch Patch703: openssh-4.3p2-askpass-grab-info.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX) #https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX)
Patch707: openssh-6.6p1-redhat.patch Patch707: openssh-7.7p1-redhat.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1890 (WONTFIX) need integration to prng helper which is discontinued :) #https://bugzilla.mindrot.org/show_bug.cgi?id=1890 (WONTFIX) need integration to prng helper which is discontinued :)
Patch708: openssh-6.6p1-entropy.patch Patch708: openssh-6.6p1-entropy.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1640 (WONTFIX) #https://bugzilla.mindrot.org/show_bug.cgi?id=1640 (WONTFIX)