-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Acked.
On Tue, 2018-05-01 at 14:43 +0200, Peter Müller wrote:
Always make sure permissions of .ssh/authorized_keys are checked. This prevents word-writeable keyfiles from being processed, reducing attack surface after misconfiguration.
Partially addresses #11538 and depends on patch 1/3.
Signed-off-by: Peter Müller peter.mueller@link38.eu
config/rootfiles/core/121/update.sh | 3 ++- lfs/openssh | 1 + 2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/config/rootfiles/core/121/update.sh b/config/rootfiles/core/121/update.sh index 5b8f2c86e..3ec251292 100644 --- a/config/rootfiles/core/121/update.sh +++ b/config/rootfiles/core/121/update.sh @@ -59,7 +59,8 @@ rm -rvf \ # Update SSH configuration sed -i /etc/ssh/sshd_config \ -e 's/^#SyslogFacility AUTH$/SyslogFacility AUTH/' \
- -e 's/^#LogLevel INFO$/LogLevel INFO/'
- -e 's/^#LogLevel INFO$/LogLevel INFO/' \
- -e 's/^#StrictModes .*$/StrictModes yes/'
# Start services /etc/init.d/sshd restart diff --git a/lfs/openssh b/lfs/openssh index 46561953d..7e8468ac9 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -95,6 +95,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) -e 's/^#LogLevel INFO$/LogLevel INFO/' \ -e 's/^#?AllowTcpForwarding .*$$/AllowTcpForwarding no/' \ -e 's/^#?PermitRootLogin .*$$/PermitRootLogin yes/' \
-e 's/^#StrictModes .*$/StrictModes yes/' \