[gsi-openssh/f20] Based on openssh-6.4p1-3.fc20

Mattias Ellert ellert at fedoraproject.org
Thu Dec 12 02:28:58 UTC 2013


commit 36e3247d205f1c8d7ea98dbfae9ef93caea0ade0
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date:   Thu Dec 12 03:07:35 2013 +0100

    Based on openssh-6.4p1-3.fc20

 gsi-openssh.spec           |    5 ++++-
 gsisshd-keygen             |    9 +++++----
 gsisshd.sysconfig          |    8 +++++---
 openssh-6.3p1-redhat.patch |   12 ++++++++++++
 4 files changed, 26 insertions(+), 8 deletions(-)
---
diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index d2b1396..ef16f84 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -29,7 +29,7 @@
 %global ldap 1
 
 %global openssh_ver 6.4p1
-%global openssh_rel 1
+%global openssh_rel 2
 
 Summary: An implementation of the SSH protocol with GSI authentication
 Name: gsi-openssh
@@ -491,6 +491,9 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_unitdir}/gsisshd-keygen.service
 
 %changelog
+* Wed Dec 11 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.4p1-2
+- Based on openssh-6.4p1-3.fc20
+
 * Tue Nov 26 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.4p1-1
 - Based on openssh-6.4p1-2.fc20
 
diff --git a/gsisshd-keygen b/gsisshd-keygen
index c944449..d8e19f3 100644
--- a/gsisshd-keygen
+++ b/gsisshd-keygen
@@ -4,7 +4,7 @@
 #
 # The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment
 # variable.
-AUTOCREATE_SERVER_KEYS=RSAONLY
+AUTOCREATE_SERVER_KEYS=NODSA
 
 # source function library
 . /etc/rc.d/init.d/functions
@@ -96,7 +96,7 @@ do_ecdsa_keygen() {
 		rm -f $ECDSA_KEY
 		if test ! -f $ECDSA_KEY && $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then
 			chgrp ssh_keys $ECDSA_KEY
-			chmod 600 $ECDSA_KEY
+			chmod 640 $ECDSA_KEY
 			chmod 644 $ECDSA_KEY.pub
 			if [ -x /sbin/restorecon ]; then
 			    /sbin/restorecon $ECDSA_KEY.pub
@@ -115,8 +115,9 @@ do_ecdsa_keygen() {
 if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
 	do_rsa_keygen
 	if [ "x${AUTOCREATE_SERVER_KEYS}" != xRSAONLY ]; then
-		do_rsa1_keygen
-		do_dsa_keygen
 		do_ecdsa_keygen
+		if [ "x${AUTOCREATE_SERVER_KEYS}" != xNODSA ]; then
+			do_dsa_keygen
+		fi
 	fi
 fi
diff --git a/gsisshd.sysconfig b/gsisshd.sysconfig
index 9a30a83..ddd7744 100644
--- a/gsisshd.sysconfig
+++ b/gsisshd.sysconfig
@@ -1,9 +1,11 @@
 # Configuration file for the sshd service.
 
-# The server keys are automatically generated if they ommited
-# to change the automatic creation uncomment the approprite 
-# line. The default is RSAONLY
+# The server keys are automatically generated if they omitted
+# to change the automatic creation uncomment the appropriate
+# line. The default is NODSA which means rsa and ecdsa keys are
+# generated.
 
+# AUTOCREATE_SERVER_KEYS=NODSA
 # AUTOCREATE_SERVER_KEYS=RSAONLY
 # AUTOCREATE_SERVER_KEYS=NO
 # AUTOCREATE_SERVER_KEYS=YES
diff --git a/openssh-6.3p1-redhat.patch b/openssh-6.3p1-redhat.patch
index 5b1ec1d..d85244d 100644
--- a/openssh-6.3p1-redhat.patch
+++ b/openssh-6.3p1-redhat.patch
@@ -58,6 +58,18 @@ diff -up openssh-6.3p1/sshd_config.redhat openssh-6.3p1/sshd_config
  #Port 22
  #AddressFamily any
  #ListenAddress 0.0.0.0
+@@ -21,9 +25,9 @@
+ # HostKey for protocol version 1
+ #HostKey /etc/ssh/ssh_host_key
+ # HostKeys for protocol version 2
+-#HostKey /etc/ssh/ssh_host_rsa_key
++HostKey /etc/ssh/ssh_host_rsa_key
+ #HostKey /etc/ssh/ssh_host_dsa_key
+-#HostKey /etc/ssh/ssh_host_ecdsa_key
++HostKey /etc/ssh/ssh_host_ecdsa_key
+ 
+ # Lifetime and size of ephemeral version 1 server key
+ #KeyRegenerationInterval 1h
 @@ -35,6 +39,7 @@
  # Logging
  # obsoletes QuietMode and FascistLogging


More information about the scm-commits mailing list