Disable manual reading of MOTD by default

2018-07-03 11:26:01 +02:00 · 2018-07-03 11:26:01 +02:00 · 6c68d655b2
commit 6c68d655b2
parent 191bbb979e
2 changed files with 34 additions and 25 deletions
--- a/openssh-7.7p1-redhat.patch
+++ b/openssh-7.7p1-redhat.patch
@ -1,7 +1,7 @@
-diff -up openssh-7.4p1/ssh_config.redhat openssh-7.4p1/ssh_config
--- openssh-7.4p1/ssh_config.redhat	2016-12-19 05:59:41.000000000 +0100
-+++ openssh-7.4p1/ssh_config	2016-12-23 13:32:00.045220402 +0100
-@@ -48,3 +48,7 @@
+diff -up openssh-7.7p1/ssh_config.redhat openssh-7.7p1/ssh_config
+--- openssh-7.7p1/ssh_config.redhat	2018-04-02 07:38:28.000000000 +0200
+++ openssh-7.7p1/ssh_config	2018-07-03 10:44:06.522245125 +0200
+@@ -44,3 +44,7 @@
 #   VisualHostKey no
 #   ProxyCommand ssh -q -W %h:%p gateway.example.com
 #   RekeyLimit 1G 1h
@ -9,9 +9,9 @@ diff -up openssh-7.4p1/ssh_config.redhat openssh-7.4p1/ssh_config
 +# To modify the system-wide ssh configuration, create a  *.conf  file under
 +#  /etc/ssh/ssh_config.d/  which will be automatically included below
 +Include /etc/ssh/ssh_config.d/*.conf
-diff -up openssh-7.4p1/ssh_config_redhat.redhat openssh-7.4p1/ssh_config_redhat
--- openssh-7.4p1/ssh_config_redhat.redhat	2016-12-23 13:32:00.045220402 +0100
-+++ openssh-7.4p1/ssh_config_redhat	2016-12-23 13:32:00.045220402 +0100
+diff -up openssh-7.7p1/ssh_config_redhat.redhat openssh-7.7p1/ssh_config_redhat
+--- openssh-7.7p1/ssh_config_redhat.redhat	2018-07-03 10:44:06.522245125 +0200
+++ openssh-7.7p1/ssh_config_redhat	2018-07-03 10:44:06.522245125 +0200
@@ -0,0 +1,20 @@
 +# Follow system-wide Crypto Policy, if defined:
 +Include /etc/crypto-policies/back-ends/openssh.config
@ -33,10 +33,10 @@ diff -up openssh-7.4p1/ssh_config_redhat.redhat openssh-7.4p1/ssh_config_redhat
 +	SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
 +	SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
 +	SendEnv XMODIFIERS
-diff -up openssh-7.4p1/sshd_config.0.redhat openssh-7.4p1/sshd_config.0
--- openssh-7.4p1/sshd_config.0.redhat	2016-12-19 06:21:22.000000000 +0100
-+++ openssh-7.4p1/sshd_config.0	2016-12-23 13:32:00.045220402 +0100
-@@ -837,9 +837,9 @@ DESCRIPTION
+diff -up openssh-7.7p1/sshd_config.0.redhat openssh-7.7p1/sshd_config.0
+--- openssh-7.7p1/sshd_config.0.redhat	2018-04-02 07:39:27.000000000 +0200
+++ openssh-7.7p1/sshd_config.0	2018-07-03 10:44:06.523245133 +0200
+@@ -872,9 +872,9 @@ DESCRIPTION
 
      SyslogFacility
              Gives the facility code that is used when logging messages from
@ -49,10 +49,10 @@ diff -up openssh-7.4p1/sshd_config.0.redhat openssh-7.4p1/sshd_config.0
 
      TCPKeepAlive
              Specifies whether the system should send TCP keepalive messages
-diff -up openssh-7.4p1/sshd_config.5.redhat openssh-7.4p1/sshd_config.5
--- openssh-7.4p1/sshd_config.5.redhat	2016-12-19 05:59:41.000000000 +0100
-+++ openssh-7.4p1/sshd_config.5	2016-12-23 13:32:00.046220403 +0100
-@@ -1393,7 +1393,7 @@ By default no subsystems are defined.
+diff -up openssh-7.7p1/sshd_config.5.redhat openssh-7.7p1/sshd_config.5
+--- openssh-7.7p1/sshd_config.5.redhat	2018-04-02 07:38:28.000000000 +0200
+++ openssh-7.7p1/sshd_config.5	2018-07-03 10:44:06.523245133 +0200
+@@ -1461,7 +1461,7 @@ By default no subsystems are defined.
 .It Cm SyslogFacility
 Gives the facility code that is used when logging messages from
 .Xr sshd 8 .
@ -61,9 +61,9 @@ diff -up openssh-7.4p1/sshd_config.5.redhat openssh-7.4p1/sshd_config.5
 LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
 The default is AUTH.
 .It Cm TCPKeepAlive
-diff -up openssh-7.4p1/sshd_config.redhat openssh-7.4p1/sshd_config
--- openssh-7.4p1/sshd_config.redhat	2016-12-19 05:59:41.000000000 +0100
-+++ openssh-7.4p1/sshd_config	2016-12-23 13:33:05.386233133 +0100
+diff -up openssh-7.7p1/sshd_config.redhat openssh-7.7p1/sshd_config
+--- openssh-7.7p1/sshd_config.redhat	2018-04-02 07:38:28.000000000 +0200
+++ openssh-7.7p1/sshd_config	2018-07-03 10:45:16.950782466 +0200
@@ -10,20 +10,34 @@
 # possible, but leave them commented.  Uncommented options override the
 # default value.
@ -78,9 +78,9 @@ diff -up openssh-7.4p1/sshd_config.redhat openssh-7.4p1/sshd_config
 #ListenAddress ::
 
 -#HostKey /etc/ssh/ssh_host_rsa_key
-+HostKey /etc/ssh/ssh_host_rsa_key
 -#HostKey /etc/ssh/ssh_host_ecdsa_key
 -#HostKey /etc/ssh/ssh_host_ed25519_key
+HostKey /etc/ssh/ssh_host_rsa_key
 +HostKey /etc/ssh/ssh_host_ecdsa_key
 +HostKey /etc/ssh/ssh_host_ed25519_key
 
@ -88,7 +88,7 @@ diff -up openssh-7.4p1/sshd_config.redhat openssh-7.4p1/sshd_config
 #RekeyLimit default none
 
 +# System-wide Crypto policy:
-+# If this system is following system-wide crypto policy, the changes to
+# This system is following system-wide crypto policy. The changes to
 +# Ciphers, MACs, KexAlgoritms and GSSAPIKexAlgorithsm will not have any
 +# effect here. They will be overridden by command-line options passed on
 +# the server start up.
@ -102,7 +102,7 @@ diff -up openssh-7.4p1/sshd_config.redhat openssh-7.4p1/sshd_config
 #LogLevel INFO
 
 # Authentication:
-@@ -57,9 +62,11 @@ AuthorizedKeysFile	.ssh/authorized_keys
+@@ -56,9 +70,11 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # To disable tunneled clear text passwords, change to no here!
 #PasswordAuthentication yes
 #PermitEmptyPasswords no
@ -114,7 +114,7 @@ diff -up openssh-7.4p1/sshd_config.redhat openssh-7.4p1/sshd_config
 
 # Kerberos options
 #KerberosAuthentication no
-@@ -68,8 +75,8 @@ AuthorizedKeysFile	.ssh/authorized_keys
+@@ -67,8 +83,8 @@ AuthorizedKeysFile	.ssh/authorized_keys
 #KerberosGetAFSToken no
 
 # GSSAPI options
@ -125,7 +125,7 @@ diff -up openssh-7.4p1/sshd_config.redhat openssh-7.4p1/sshd_config
 
 # Set this to 'yes' to enable PAM authentication, account processing,
 # and session processing. If this is enabled, PAM authentication will
-@@ -80,12 +87,12 @@ AuthorizedKeysFile	.ssh/authorized_keys
+@@ -79,16 +95,20 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
@ -140,7 +140,16 @@ diff -up openssh-7.4p1/sshd_config.redhat openssh-7.4p1/sshd_config
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PermitTTY yes
-@@ -108,6 +115,12 @@ AuthorizedKeysFile	.ssh/authorized_keys
+-#PrintMotd yes
+
+# It is recommended to use pam_motd in /etc/pam.d/ssh instead of PrintMotd,
+# as it is more configurable and versatile than the built-in version.
+PrintMotd no
+
+ #PrintLastLog yes
+ #TCPKeepAlive yes
+ #UseLogin no
+@@ -106,6 +126,12 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # no default banner path
 #Banner none
 
--- a/openssh.spec
+++ b/openssh.spec
@ -156,7 +156,7 @@ Patch702: openssh-5.1p1-askpass-progress.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=198332
 Patch703: openssh-4.3p2-askpass-grab-info.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX)
-Patch707: openssh-6.6p1-redhat.patch
+Patch707: openssh-7.7p1-redhat.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1890 (WONTFIX) need integration to prng helper which is discontinued :)
 Patch708: openssh-6.6p1-entropy.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1640 (WONTFIX)