From 549697725012ccd368ff8f67aa63f2a36327a7a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?= Date: Fri, 18 Aug 2023 20:07:21 +0700 Subject: [PATCH] openssh: use sshd_config.d for customisation --- srcpkgs/openssh/patches/sshd_config.patch | 37 +++++++++++++++++++++++ srcpkgs/openssh/template | 12 +++----- 2 files changed, 41 insertions(+), 8 deletions(-) create mode 100644 srcpkgs/openssh/patches/sshd_config.patch diff --git a/srcpkgs/openssh/patches/sshd_config.patch b/srcpkgs/openssh/patches/sshd_config.patch new file mode 100644 index 0000000000000..4be59e843bebc --- /dev/null +++ b/srcpkgs/openssh/patches/sshd_config.patch @@ -0,0 +1,37 @@ +--- a/sshd_config ++++ b/sshd_config +@@ -9,6 +9,7 @@ + # OpenSSH is to specify options with their default value where + # possible, but leave them commented. Uncommented options override the + # default value. ++Include /etc/ssh/sshd_config.d/*.conf + + #Port 22 + #AddressFamily any +@@ -58,7 +59,7 @@ AuthorizedKeysFile .ssh/authorized_keys + #PermitEmptyPasswords no + + # Change to no to disable s/key passwords +-#KbdInteractiveAuthentication yes ++KbdInteractiveAuthentication no + + # Kerberos options + #KerberosAuthentication no +@@ -79,7 +80,7 @@ AuthorizedKeysFile .ssh/authorized_keys + # If you just want the PAM account and session checks to run without + # PAM authentication, then enable this but set PasswordAuthentication + # and KbdInteractiveAuthentication to 'no'. +-#UsePAM no ++UsePAM yes + + #AllowAgentForwarding yes + #AllowTcpForwarding yes +@@ -88,7 +89,7 @@ AuthorizedKeysFile .ssh/authorized_keys + #X11DisplayOffset 10 + #X11UseLocalhost yes + #PermitTTY yes +-#PrintMotd yes ++PrintMotd no + #PrintLastLog yes + #TCPKeepAlive yes + #PermitUserEnvironment no diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template index a5c920fb10b2e..c92949cf91735 100644 --- a/srcpkgs/openssh/template +++ b/srcpkgs/openssh/template @@ -1,7 +1,7 @@ # Template file for 'openssh' pkgname=openssh version=9.3p2 -revision=2 +revision=3 build_style=gnu-configure configure_args="--datadir=/usr/share/openssh --sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody @@ -27,7 +27,9 @@ homepage="https://www.openssh.com" distfiles="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${version}.tar.gz" checksum=200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8 conf_files="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/pam.d/sshd" -make_dirs="/var/chroot/ssh 0755 root root" +make_dirs=" + /var/chroot/ssh 0755 root root + /etc/ssh/sshd_config.d 0755 root root" # Package build options build_options="fido2 gssapi ldns ssl" @@ -65,12 +67,6 @@ post_install() { vman contrib/ssh-copy-id.1 vlicense LICENCE - # configure to use PAM - vsed -i ${DESTDIR}/etc/ssh/sshd_config \ - -e 's|^#\(UsePAM\) no|\1 yes|g' \ - -e 's|^#\(KbdInteractiveAuthentication\) yes|\1 no|g' \ - -e 's|^#\(PrintMotd\) yes|\1 no|g' - vinstall ${FILESDIR}/sshd.pam 644 etc/pam.d sshd vsv sshd }