openssh: use sshd_config.d for customisation
This commit is contained in:
Đoàn Trần Công Danh
Leah Neukirchen
parent
27669137e9
commit
a7f592e114
5 changed files with 57 additions and 20 deletions
|
|
@ -1,23 +1,23 @@
|
|||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -184,6 +184,7 @@
|
||||
OSSH_CHECK_CFLAG_COMPILE([-Wall])
|
||||
@@ -198,6 +198,7 @@ if test "$GCC" = "yes" || test "$GCC" =
|
||||
OSSH_CHECK_CFLAG_COMPILE([-Wextra])
|
||||
OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
|
||||
OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
|
||||
+ OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-function-declaration])
|
||||
OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
|
||||
OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
|
||||
OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
|
||||
@@ -1761,8 +1760,6 @@
|
||||
@@ -1973,8 +1974,6 @@ AC_CHECK_FUNCS([ \
|
||||
strcasestr \
|
||||
strdup \
|
||||
strerror \
|
||||
- strlcat \
|
||||
- strlcpy \
|
||||
strmode \
|
||||
strndup \
|
||||
strnlen \
|
||||
strnvis \
|
||||
@@ -1785,6 +1781,13 @@
|
||||
@@ -2001,6 +2000,13 @@ AC_CHECK_FUNCS([ \
|
||||
waitpid \
|
||||
warn \
|
||||
])
|
||||
|
|
@ -29,5 +29,5 @@
|
|||
+], [], [], [[#include <string.h>]])
|
||||
+AC_CHECK_DECLS([reallocarray], [], [], [[#include <stdlib.h>]])
|
||||
|
||||
dnl Wide character support.
|
||||
AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
|
||||
AC_CHECK_DECLS([bzero, memmem])
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
--- a/gss-serv.c 2022-10-03 16:51:42.000000000 +0200
|
||||
+++ b/gss-serv.c 2022-11-09 13:28:59.124968270 +0100
|
||||
--- a/gss-serv.c
|
||||
+++ b/gss-serv.c
|
||||
@@ -33,6 +33,7 @@
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
|
|
|
|||
41
srcpkgs/openssh/patches/sshd_config.patch
Normal file
41
srcpkgs/openssh/patches/sshd_config.patch
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
--- a/sshd_config
|
||||
+++ b/sshd_config
|
||||
@@ -10,6 +10,11 @@
|
||||
# possible, but leave them commented. Uncommented options override the
|
||||
# default value.
|
||||
|
||||
+# To avoid conflicts with the packaged configuration, specify custom options
|
||||
+# in drop-in files under /etc/ssh/sshd_config.d to override any defaults or
|
||||
+# options set below.
|
||||
+Include /etc/ssh/sshd_config.d/*.conf
|
||||
+
|
||||
#Port 22
|
||||
#AddressFamily any
|
||||
#ListenAddress 0.0.0.0
|
||||
@@ -58,7 +63,7 @@ AuthorizedKeysFile .ssh/authorized_keys
|
||||
#PermitEmptyPasswords no
|
||||
|
||||
# Change to no to disable s/key passwords
|
||||
-#KbdInteractiveAuthentication yes
|
||||
+KbdInteractiveAuthentication no
|
||||
|
||||
# Kerberos options
|
||||
#KerberosAuthentication no
|
||||
@@ -79,7 +84,7 @@ AuthorizedKeysFile .ssh/authorized_keys
|
||||
# If you just want the PAM account and session checks to run without
|
||||
# PAM authentication, then enable this but set PasswordAuthentication
|
||||
# and KbdInteractiveAuthentication to 'no'.
|
||||
-#UsePAM no
|
||||
+UsePAM yes
|
||||
|
||||
#AllowAgentForwarding yes
|
||||
#AllowTcpForwarding yes
|
||||
@@ -88,7 +93,7 @@ AuthorizedKeysFile .ssh/authorized_keys
|
||||
#X11DisplayOffset 10
|
||||
#X11UseLocalhost yes
|
||||
#PermitTTY yes
|
||||
-#PrintMotd yes
|
||||
+PrintMotd no
|
||||
#PrintLastLog yes
|
||||
#TCPKeepAlive yes
|
||||
#PermitUserEnvironment no
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
--- openssh-9.2p1.orig/channels.c
|
||||
+++ openssh-9.2p1/channels.c
|
||||
@@ -2558,7 +2558,7 @@ channel_handler(struct ssh *ssh, int tab
|
||||
--- a/channels.c
|
||||
+++ b/channels.c
|
||||
@@ -2566,7 +2566,7 @@ channel_handler(struct ssh *ssh, int tab
|
||||
if (table == CHAN_PRE &&
|
||||
c->type == SSH_CHANNEL_OPEN &&
|
||||
c->inactive_deadline != 0 && c->lastused != 0 &&
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# Template file for 'openssh'
|
||||
pkgname=openssh
|
||||
version=9.3p2
|
||||
revision=2
|
||||
revision=3
|
||||
build_style=gnu-configure
|
||||
configure_args="--datadir=/usr/share/openssh
|
||||
--sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody
|
||||
|
|
@ -27,7 +27,9 @@ homepage="https://www.openssh.com"
|
|||
distfiles="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${version}.tar.gz"
|
||||
checksum=200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8
|
||||
conf_files="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/pam.d/sshd"
|
||||
make_dirs="/var/chroot/ssh 0755 root root"
|
||||
make_dirs="
|
||||
/var/chroot/ssh 0755 root root
|
||||
/etc/ssh/sshd_config.d 0755 root root"
|
||||
|
||||
# Package build options
|
||||
build_options="fido2 gssapi ldns ssl"
|
||||
|
|
@ -65,12 +67,6 @@ post_install() {
|
|||
vman contrib/ssh-copy-id.1
|
||||
vlicense LICENCE
|
||||
|
||||
# configure to use PAM
|
||||
vsed -i ${DESTDIR}/etc/ssh/sshd_config \
|
||||
-e 's|^#\(UsePAM\) no|\1 yes|g' \
|
||||
-e 's|^#\(KbdInteractiveAuthentication\) yes|\1 no|g' \
|
||||
-e 's|^#\(PrintMotd\) yes|\1 no|g'
|
||||
|
||||
vinstall ${FILESDIR}/sshd.pam 644 etc/pam.d sshd
|
||||
vsv sshd
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue