[gsi-openssh/f18] Based on openssh-6.1p1-11.fc18
Mattias Ellert
ellert at fedoraproject.org
Thu Dec 12 02:28:48 UTC 2013
commit 52febf6fa822d57374379c90b6bef675ed40823e
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date: Thu Dec 12 03:25:14 2013 +0100
Based on openssh-6.1p1-11.fc18
gsi-openssh.spec | 5 ++++-
gsisshd-keygen | 2 +-
openssh-5.9p1-keycat.patch | 2 +-
3 files changed, 6 insertions(+), 3 deletions(-)
---
diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index f4516ee..0dc525e 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -32,7 +32,7 @@
%global nologin 1
%global openssh_ver 6.1p1
-%global openssh_rel 8
+%global openssh_rel 9
Summary: An implementation of the SSH protocol with GSI authentication
Name: gsi-openssh
@@ -538,6 +538,9 @@ getent passwd sshd >/dev/null || \
%attr(0644,root,root) %{_unitdir}/gsisshd.service
%changelog
+* Thu Dec 12 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.1p1-9
+- Based on openssh-6.1p1-11.fc18
+
* Tue Nov 26 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.1p1-8
- Based on openssh-6.1p1-10.fc18
diff --git a/gsisshd-keygen b/gsisshd-keygen
index 6062362..30f6fbf 100644
--- a/gsisshd-keygen
+++ b/gsisshd-keygen
@@ -95,7 +95,7 @@ do_ecdsa_keygen() {
rm -f $ECDSA_KEY
if test ! -f $ECDSA_KEY && $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then
chgrp ssh_keys $ECDSA_KEY
- chmod 600 $ECDSA_KEY
+ chmod 640 $ECDSA_KEY
chmod 644 $ECDSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $ECDSA_KEY.pub
diff --git a/openssh-5.9p1-keycat.patch b/openssh-5.9p1-keycat.patch
index 1630c39..d517757 100644
--- a/openssh-5.9p1-keycat.patch
+++ b/openssh-5.9p1-keycat.patch
@@ -26,7 +26,7 @@ diff -up openssh-6.1p1/HOWTO.ssh-keycat.keycat openssh-6.1p1/HOWTO.ssh-keycat
+
+To use ssh-keycat, set these options in /etc/ssh/sshd_config file:
+ AuthorizedKeysCommand /usr/libexec/openssh/ssh-keycat
-+ AuthorizedKeysCommandRunAs root
++ AuthorizedKeysCommandUser root
+
+Do not forget to enable public key authentication:
+ PubkeyAuthentication yes
More information about the scm-commits
mailing list