diff options
| author |   Sam James <sam@gentoo.org> | 2023-05-08 18:06:39 +0100 |
|---|---|---|
| committer | Sam James <sam@gentoo.org> | 2023-05-11 21:03:44 +0100 |
| commit | 988aa8b2fcff709be8f4deb43d7f8e8667506600 (patch) | |
| tree | 1e1e453e14321d48025b0922dbd3f104e64ef26c /net-misc | |
| parent | net-misc/openssh: use /etc/ssh/ssh_config.d and /etc/ssh/sshd_config.d for co... (diff) | |
| download | gentoo-988aa8b2fcff709be8f4deb43d7f8e8667506600.tar.gz gentoo-988aa8b2fcff709be8f4deb43d7f8e8667506600.tar.bz2 gentoo-988aa8b2fcff709be8f4deb43d7f8e8667506600.zip | |
net-misc/openssh-contrib: use /etc/ssh/ssh_config.d and /etc/ssh/sshd_config.d for config dropinsa
Debian patches this into their config already and we found ourselves wanting
it when looking at handling the github.com SSH key change/rotation.
/etc/ssh/ssh_config.d and /etc/ssh/sshd_config.d both become directories
where users can add their own configuration files, but we also install the Gentoo
snippets formerly in ssh_config and sshd_config in there instead.
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'net-misc')
| -rw-r--r-- | net-misc/openssh-contrib/openssh-contrib-9.3_p1.ebuild | 51 |
1 files changed, 29 insertions, 22 deletions
diff --git a/net-misc/openssh-contrib/openssh-contrib-9.3_p1.ebuild b/net-misc/openssh-contrib/openssh-contrib-9.3_p1.ebuild index f20217c819ff..18255acf5f45 100644 --- a/net-misc/openssh-contrib/openssh-contrib-9.3_p1.ebuild +++ b/net-misc/openssh-contrib/openssh-contrib-9.3_p1.ebuild @@ -377,39 +377,46 @@ tweak_ssh_configs() { LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE ) - # First the server config. - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables. #367017 - AcceptEnv ${locale_vars[*]} - - # Allow client to pass COLORTERM to match TERM. #658540 - AcceptEnv COLORTERM + dodir /etc/ssh/ssh_config.d /etc/ssh/sshd_config.d + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config || die + Include "${EPREFIX}/etc/ssh/ssh_config.d/*.conf" + EOF + cat <<-EOF >> "${ED}"/etc/ssh/sshd_config || die + Include "${EPREFIX}/etc/ssh/sshd_config.d/*.conf" EOF - # Then the client config. - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables. #367017 + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config.d/90gentoo.conf || die + # Send locale environment variables (bug #367017) SendEnv ${locale_vars[*]} - # Send COLORTERM to match TERM. #658540 + # Send COLORTERM to match TERM (bug #658540) SendEnv COLORTERM EOF + cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/90gentoo.conf || die + # Allow client to pass locale environment variables (bug #367017) + AcceptEnv ${locale_vars[*]} + + # Allow client to pass COLORTERM to match TERM (bug #658540) + AcceptEnv COLORTERM + EOF + if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die + cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/90gentoo-pam.conf || die + UsePAM yes + # This interferes with PAM. + PasswordAuthentication no + # PAM can do its own handling of MOTD. + PrintMotd no + PrintLastLog no + EOF fi if use livecd ; then - sed -i \ - -e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \ - "${ED}"/etc/ssh/sshd_config || die + cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/90gentoo-livecd.conf || die + # Allow root login with password on livecds. + PermitRootLogin Yes + EOF fi } |