[gsi-openssh/f19] Based on openssh-6.2p2-7.fc19
Mattias Ellert
ellert at fedoraproject.org
Thu Dec 12 02:28:53 UTC 2013
commit 509f103f2d6e94c68b00a62d5119e998a9825530
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date: Thu Dec 12 03:15:00 2013 +0100
Based on openssh-6.2p2-7.fc19
gsi-openssh.spec | 5 ++++-
gsisshd-keygen | 2 +-
openssh-6.2p1-keycat.patch | 2 +-
3 files changed, 6 insertions(+), 3 deletions(-)
---
diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index edfda19..f5f1ff1 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -29,7 +29,7 @@
%global ldap 1
%global openssh_ver 6.2p2
-%global openssh_rel 3
+%global openssh_rel 4
Summary: An implementation of the SSH protocol with GSI authentication
Name: gsi-openssh
@@ -500,6 +500,9 @@ getent passwd sshd >/dev/null || \
%attr(0644,root,root) %{_unitdir}/gsisshd-keygen.service
%changelog
+* Thu Dec 12 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.2p2-4
+- Based on openssh-6.2p2-7.fc19
+
* Tue Nov 26 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.2p2-3
- Based on openssh-6.2p2-6.fc19
diff --git a/gsisshd-keygen b/gsisshd-keygen
index 6062362..30f6fbf 100644
--- a/gsisshd-keygen
+++ b/gsisshd-keygen
@@ -95,7 +95,7 @@ do_ecdsa_keygen() {
rm -f $ECDSA_KEY
if test ! -f $ECDSA_KEY && $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then
chgrp ssh_keys $ECDSA_KEY
- chmod 600 $ECDSA_KEY
+ chmod 640 $ECDSA_KEY
chmod 644 $ECDSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $ECDSA_KEY.pub
diff --git a/openssh-6.2p1-keycat.patch b/openssh-6.2p1-keycat.patch
index 41770b3..7ad81a1 100644
--- a/openssh-6.2p1-keycat.patch
+++ b/openssh-6.2p1-keycat.patch
@@ -26,7 +26,7 @@ diff -up openssh-6.2p1/HOWTO.ssh-keycat.keycat openssh-6.2p1/HOWTO.ssh-keycat
+
+To use ssh-keycat, set these options in /etc/ssh/sshd_config file:
+ AuthorizedKeysCommand /usr/libexec/openssh/ssh-keycat
-+ AuthorizedKeysCommandRunAs root
++ AuthorizedKeysCommandUser root
+
+Do not forget to enable public key authentication:
+ PubkeyAuthentication yes
More information about the scm-commits
mailing list