openssh: use sshd_config.d for customisation
This commit is contained in:
parent
27669137e9
commit
a7f592e114
5 changed files with 57 additions and 20 deletions
|
@ -1,23 +1,23 @@
|
||||||
--- a/configure.ac
|
--- a/configure.ac
|
||||||
+++ b/configure.ac
|
+++ b/configure.ac
|
||||||
@@ -184,6 +184,7 @@
|
@@ -198,6 +198,7 @@ if test "$GCC" = "yes" || test "$GCC" =
|
||||||
OSSH_CHECK_CFLAG_COMPILE([-Wall])
|
OSSH_CHECK_CFLAG_COMPILE([-Wextra])
|
||||||
OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
|
OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
|
||||||
OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
|
OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
|
||||||
+ OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-function-declaration])
|
+ OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-function-declaration])
|
||||||
OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
|
OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
|
||||||
OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
|
OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
|
||||||
OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
|
OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
|
||||||
@@ -1761,8 +1760,6 @@
|
@@ -1973,8 +1974,6 @@ AC_CHECK_FUNCS([ \
|
||||||
strcasestr \
|
strcasestr \
|
||||||
strdup \
|
strdup \
|
||||||
strerror \
|
strerror \
|
||||||
- strlcat \
|
- strlcat \
|
||||||
- strlcpy \
|
- strlcpy \
|
||||||
strmode \
|
strmode \
|
||||||
|
strndup \
|
||||||
strnlen \
|
strnlen \
|
||||||
strnvis \
|
@@ -2001,6 +2000,13 @@ AC_CHECK_FUNCS([ \
|
||||||
@@ -1785,6 +1781,13 @@
|
|
||||||
waitpid \
|
waitpid \
|
||||||
warn \
|
warn \
|
||||||
])
|
])
|
||||||
|
@ -29,5 +29,5 @@
|
||||||
+], [], [], [[#include <string.h>]])
|
+], [], [], [[#include <string.h>]])
|
||||||
+AC_CHECK_DECLS([reallocarray], [], [], [[#include <stdlib.h>]])
|
+AC_CHECK_DECLS([reallocarray], [], [], [[#include <stdlib.h>]])
|
||||||
|
|
||||||
dnl Wide character support.
|
AC_CHECK_DECLS([bzero, memmem])
|
||||||
AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
--- a/gss-serv.c 2022-10-03 16:51:42.000000000 +0200
|
--- a/gss-serv.c
|
||||||
+++ b/gss-serv.c 2022-11-09 13:28:59.124968270 +0100
|
+++ b/gss-serv.c
|
||||||
@@ -33,6 +33,7 @@
|
@@ -33,6 +33,7 @@
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
41
srcpkgs/openssh/patches/sshd_config.patch
Normal file
41
srcpkgs/openssh/patches/sshd_config.patch
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
--- a/sshd_config
|
||||||
|
+++ b/sshd_config
|
||||||
|
@@ -10,6 +10,11 @@
|
||||||
|
# possible, but leave them commented. Uncommented options override the
|
||||||
|
# default value.
|
||||||
|
|
||||||
|
+# To avoid conflicts with the packaged configuration, specify custom options
|
||||||
|
+# in drop-in files under /etc/ssh/sshd_config.d to override any defaults or
|
||||||
|
+# options set below.
|
||||||
|
+Include /etc/ssh/sshd_config.d/*.conf
|
||||||
|
+
|
||||||
|
#Port 22
|
||||||
|
#AddressFamily any
|
||||||
|
#ListenAddress 0.0.0.0
|
||||||
|
@@ -58,7 +63,7 @@ AuthorizedKeysFile .ssh/authorized_keys
|
||||||
|
#PermitEmptyPasswords no
|
||||||
|
|
||||||
|
# Change to no to disable s/key passwords
|
||||||
|
-#KbdInteractiveAuthentication yes
|
||||||
|
+KbdInteractiveAuthentication no
|
||||||
|
|
||||||
|
# Kerberos options
|
||||||
|
#KerberosAuthentication no
|
||||||
|
@@ -79,7 +84,7 @@ AuthorizedKeysFile .ssh/authorized_keys
|
||||||
|
# If you just want the PAM account and session checks to run without
|
||||||
|
# PAM authentication, then enable this but set PasswordAuthentication
|
||||||
|
# and KbdInteractiveAuthentication to 'no'.
|
||||||
|
-#UsePAM no
|
||||||
|
+UsePAM yes
|
||||||
|
|
||||||
|
#AllowAgentForwarding yes
|
||||||
|
#AllowTcpForwarding yes
|
||||||
|
@@ -88,7 +93,7 @@ AuthorizedKeysFile .ssh/authorized_keys
|
||||||
|
#X11DisplayOffset 10
|
||||||
|
#X11UseLocalhost yes
|
||||||
|
#PermitTTY yes
|
||||||
|
-#PrintMotd yes
|
||||||
|
+PrintMotd no
|
||||||
|
#PrintLastLog yes
|
||||||
|
#TCPKeepAlive yes
|
||||||
|
#PermitUserEnvironment no
|
|
@ -1,6 +1,6 @@
|
||||||
--- openssh-9.2p1.orig/channels.c
|
--- a/channels.c
|
||||||
+++ openssh-9.2p1/channels.c
|
+++ b/channels.c
|
||||||
@@ -2558,7 +2558,7 @@ channel_handler(struct ssh *ssh, int tab
|
@@ -2566,7 +2566,7 @@ channel_handler(struct ssh *ssh, int tab
|
||||||
if (table == CHAN_PRE &&
|
if (table == CHAN_PRE &&
|
||||||
c->type == SSH_CHANNEL_OPEN &&
|
c->type == SSH_CHANNEL_OPEN &&
|
||||||
c->inactive_deadline != 0 && c->lastused != 0 &&
|
c->inactive_deadline != 0 && c->lastused != 0 &&
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Template file for 'openssh'
|
# Template file for 'openssh'
|
||||||
pkgname=openssh
|
pkgname=openssh
|
||||||
version=9.3p2
|
version=9.3p2
|
||||||
revision=2
|
revision=3
|
||||||
build_style=gnu-configure
|
build_style=gnu-configure
|
||||||
configure_args="--datadir=/usr/share/openssh
|
configure_args="--datadir=/usr/share/openssh
|
||||||
--sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody
|
--sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody
|
||||||
|
@ -27,7 +27,9 @@ homepage="https://www.openssh.com"
|
||||||
distfiles="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${version}.tar.gz"
|
distfiles="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${version}.tar.gz"
|
||||||
checksum=200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8
|
checksum=200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8
|
||||||
conf_files="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/pam.d/sshd"
|
conf_files="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/pam.d/sshd"
|
||||||
make_dirs="/var/chroot/ssh 0755 root root"
|
make_dirs="
|
||||||
|
/var/chroot/ssh 0755 root root
|
||||||
|
/etc/ssh/sshd_config.d 0755 root root"
|
||||||
|
|
||||||
# Package build options
|
# Package build options
|
||||||
build_options="fido2 gssapi ldns ssl"
|
build_options="fido2 gssapi ldns ssl"
|
||||||
|
@ -65,12 +67,6 @@ post_install() {
|
||||||
vman contrib/ssh-copy-id.1
|
vman contrib/ssh-copy-id.1
|
||||||
vlicense LICENCE
|
vlicense LICENCE
|
||||||
|
|
||||||
# configure to use PAM
|
|
||||||
vsed -i ${DESTDIR}/etc/ssh/sshd_config \
|
|
||||||
-e 's|^#\(UsePAM\) no|\1 yes|g' \
|
|
||||||
-e 's|^#\(KbdInteractiveAuthentication\) yes|\1 no|g' \
|
|
||||||
-e 's|^#\(PrintMotd\) yes|\1 no|g'
|
|
||||||
|
|
||||||
vinstall ${FILESDIR}/sshd.pam 644 etc/pam.d sshd
|
vinstall ${FILESDIR}/sshd.pam 644 etc/pam.d sshd
|
||||||
vsv sshd
|
vsv sshd
|
||||||
}
|
}
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue