Hello Michael, > Hello, > > did you notice that this file is excluded from being updated on existing > installations? no - but I should have thought about that. :-\ > > How do we handle any custom changes from users here? The only possibility of keeping the user's settings is to move existing SSH client configurations to a new location, replace /etc/ssh/ssh_config with this one and include the version before. However, I strongly advise against this. (For example, some settings in the original config might revert hardening options, causing no security benefit after all.) Since it is "just" the client configuration, I consider overwriting it the best procedure. Of course, there has to be a yellow warning box in the release notes, but it is better than no hardening at all. > > I merged this for new installations already. Great. SSH server configuration will follow. Best regards, Peter Müller > > -Michael > > On Mon, 2018-09-10 at 16:29 +0200, Peter Müller wrote: >> Include OpenSSH client configuration file during build. >> >> Signed-off-by: Peter Müller >> --- >> lfs/openssh | 5 +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git a/lfs/openssh b/lfs/openssh >> index a88b2d126..0e6acc227 100644 >> --- a/lfs/openssh >> +++ b/lfs/openssh >> @@ -100,5 +100,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >> -e 's|^#\?HostKey /etc/ssh/ssh_host_ed25519_key$$||' \ >> -e 's|^#\?HostKey /etc/ssh/ssh_host_rsa_key$$|HostKey >> /etc/ssh/ssh_host_ecdsa_key\nHostKey /etc/ssh/ssh_host_ed25519_key\nHostKey >> /etc/ssh/ssh_host_rsa_key|' \ >> /etc/ssh/sshd_config >> + >> + # install custom OpenSSH client configuration >> + install -v -m 644 $(DIR_SRC)/config/ssh/ssh_config \ >> + /etc/ssh/ssh_config >> + >> @rm -rf $(DIR_APP) >> @$(POSTBUILD) > -- Microsoft DNS service terminates abnormally when it recieves a response to a DNS query that was never made. Fix Information: Run your DNS service on a different platform. -- bugtraq