-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On Wed, 2018-05-30 at 21:47 +0200, Peter Müller wrote:
Hello Michael,
since we edit a lot of settings in the sshd_config file (and perhaps in the ssh_config file, too, when it comes to cipher selection), should we introduce a completely own config file? If so, how do I do so?
Well, write a new configuration file and a script that takes the settings from the previous one and changes it accordingly.
Those settings should also be in /var/ipfire/remote/settings.
We still need to manipulate it via sed for existing installations (via the update.sh script), but we could omit the procedure during building the package.
Yes.
As most of the config file is commented out by default, it could also be made much smaller and easier to read, only containing settings different than the defaults.
Yes, we can remove lots here.
I think we should keep this as easy as possible because we got loads of other things to take care of.
Best, - -Michael
Best regards, Peter Müller
I guess this looks good.
The problem here certainly was that editing a file that comes from upstream with sed is not a good idea. One line changed can cause the sed to do nothing and we won't even notice it. Therefore, in the future, I will only accept patches for changes like this. Those won't apply and then we can investigate why.
Best, -Michael
On Tue, 2018-05-01 at 14:40 +0200, Peter Müller wrote:
The logging settings for OpenSSH (log to syslog with "AUTH" facility at "INFO" level) were not applied correctly. This patch fixes that for both installed systems and the LFS file. Partially addresses #11538. Signed-off-by: Peter Müller peter.mueller@link38.eu
config/rootfiles/core/121/update.sh | 6 ++++++ lfs/openssh | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/config/rootfiles/core/121/update.sh b/config/rootfiles/core/121/update.sh index 87d5f6ebd..5b8f2c86e 100644 --- a/config/rootfiles/core/121/update.sh +++ b/config/rootfiles/core/121/update.sh @@ -56,7 +56,13 @@ rm -rvf \ /usr/share/nagios/ \ /var/nagios/ +# Update SSH configuration +sed -i /etc/ssh/sshd_config \
- -e 's/^#SyslogFacility AUTH$/SyslogFacility AUTH/' \
- -e 's/^#LogLevel INFO$/LogLevel INFO/'
# Start services +/etc/init.d/sshd restart /etc/init.d/apache restart # This update needs a reboot... diff --git a/lfs/openssh b/lfs/openssh index 203446370..46561953d 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -91,8 +91,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) -e 's/^#?IgnoreUserKnownHosts .*$$/IgnoreUserKnownHosts yes/' \ -e 's/^#?UsePAM .*$$//' \ -e 's/^#?X11Forwarding .*$$/X11Forwarding no/' \
-e 's/^#\?SyslogFacility AUTH .*$$/SyslogFacility AUTH/'\
-e 's/^#\?LogLevel INFO .*$$/LogLevel INFO/' \
-e 's/^#SyslogFacility AUTH$/SyslogFacility AUTH/' \-e 's/^#LogLevel INFO$/LogLevel INFO/' \\ -e 's/^#?PermitRootLogin .*$$/PermitRootLogin yes/' \ -e 's|^#?HostKey /etc/ssh/ssh_host_dsa_key$$||' \