From: Marcin Krol Date: Wed, 18 Nov 2015 09:07:43 +0000 (+0000) Subject: - ssh1 is disabled by default, fix ssh-keygen and init script X-Git-Url: https://git.tld-linux.org/?a=commitdiff_plain;h=8338040e9bab1e1f668294e297cd2166a94f9c94;p=packages%2Fopenssh.git - ssh1 is disabled by default, fix ssh-keygen and init script --- diff --git a/openssh.spec b/openssh.spec index 8a2eb2c..79bc1c8 100644 --- a/openssh.spec +++ b/openssh.spec @@ -42,7 +42,7 @@ Summary(ru.UTF-8): OpenSSH - свободная реализация прото Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH) Name: openssh Version: 7.1p1 -Release: 1 +Release: 2 Epoch: 2 License: BSD Group: Applications/Networking @@ -77,6 +77,7 @@ Patch13: %{name}-kuserok.patch Patch14: %{name}-bind.patch Patch15: %{name}-disable_ldap.patch Patch16: libseccomp-sandbox.patch +Patch17: ssh-keygen-no-ssh1.patch URL: http://www.openssh.com/portable.html BuildRequires: %{__perl} %{?with_audit:BuildRequires: audit-libs-devel} @@ -535,6 +536,7 @@ openldap-a. %patch14 -p1 %{!?with_ldap:%patch15 -p1} %{?with_libseccomp:%patch16 -p1} +%patch17 -p1 # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh#g' Makefile* diff --git a/opensshd.init b/opensshd.init index 9e76029..8075d3d 100755 --- a/opensshd.init +++ b/opensshd.init @@ -56,7 +56,7 @@ start() { checkconfig - if [ ! -s /etc/ssh/ssh_host_key ]; then + if [ ! -s /etc/ssh/ssh_host_rsa_key ]; then msg_not_running "OpenSSH" nls "No SSH host key found! You must run \"%s init\" first." "$0" exit 1 diff --git a/ssh-keygen-no-ssh1.patch b/ssh-keygen-no-ssh1.patch new file mode 100644 index 0000000..254bc79 --- /dev/null +++ b/ssh-keygen-no-ssh1.patch @@ -0,0 +1,15 @@ +diff -ur openssh-7.1p1.orig/ssh-keygen.c openssh-7.1p1/ssh-keygen.c +--- openssh-7.1p1.orig/ssh-keygen.c 2015-08-21 04:49:03.000000000 +0000 ++++ openssh-7.1p1/ssh-keygen.c 2015-11-18 08:50:13.050305000 +0000 +@@ -2148,7 +2148,11 @@ + usage(void) + { + fprintf(stderr, ++#ifdef WITH_SSH1 + "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]\n" ++#else ++ "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]\n" ++#endif + " [-N new_passphrase] [-C comment] [-f output_keyfile]\n" + " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n" + " ssh-keygen -i [-m key_format] [-f input_keyfile]\n" diff --git a/sshd-keygen b/sshd-keygen index c6205e6..da3534b 100644 --- a/sshd-keygen +++ b/sshd-keygen @@ -15,7 +15,6 @@ ssh_gen_key() { } # generate new keys with empty passwords if they do not exist -ssh_gen_key rsa1 /etc/ssh/ssh_host_key ssh_gen_key rsa /etc/ssh/ssh_host_rsa_key ssh_gen_key dsa /etc/ssh/ssh_host_dsa_key ssh_gen_key ecdsa /etc/ssh/ssh_host_ecdsa_key