rpms/openssh
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Another approach for crypto policies (#1479271)

Browse Source
This commit is contained in:
Jakub Jelen 2017-08-09 15:14:13 +02:00
parent 970a418151
commit 0ce6c7b710
4 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
openssh-6.6p1-redhat.patch
View File

@ -64,7 +64,7 @@ diff -up openssh-7.4p1/sshd_config.5.redhat openssh-7.4p1/sshd_config.5
diff -up openssh-7.4p1/sshd_config.redhat openssh-7.4p1/sshd_config
--- openssh-7.4p1/sshd_config.redhat 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/sshd_config 2016-12-23 13:33:05.386233133 +0100
@@ -10,21 +10,26 @@
@@ -10,21 +10,35 @@
# possible, but leave them commented. Uncommented options override the
# default value.
@ -88,6 +88,15 @@ diff -up openssh-7.4p1/sshd_config.redhat openssh-7.4p1/sshd_config
# Ciphers and keying
#RekeyLimit default none
+# System-wide Crypto policy:
+# If this system is following system-wide crypto policy, the changes to
+# Ciphers, MACs, KexAlgoritms and GSSAPIKexAlgorithsm will not have any
+# effect here. They will be overridden by command-line options passed on
+# the server start up.
+# To opt out, uncomment a line with redefinition of CRYPTO_POLICY=
+# variable in /etc/sysconfig/sshd to overwrite the policy.
+# For more information, see manual page for update-crypto-policies(8).
+
# Logging
#SyslogFacility AUTH
+SyslogFacility AUTHPRIV

3
sshd.service
View File

@ -6,8 +6,9 @@ Wants=sshd-keygen.target
[Service]
Type=notify
EnvironmentFile=-/etc/crypto-policies/back-ends/openssh-server.config
EnvironmentFile=-/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -D $OPTIONS
ExecStart=/usr/sbin/sshd -D $OPTIONS $CRYPTO_POLICY
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure

4
sshd.sysconfig
View File

@ -11,3 +11,7 @@
SSH_USE_STRONG_RNG=0
# SSH_USE_STRONG_RNG=1
# System-wide crypto policy:
# To opt-out, uncomment the following line
# CRYPTO_POLICY=

3
sshd@.service
View File

@ -5,6 +5,7 @@ Wants=sshd-keygen.target
After=sshd-keygen.target
[Service]
EnvironmentFile=-/etc/crypto-policies/back-ends/openssh-server.config
EnvironmentFile=-/etc/sysconfig/sshd
ExecStart=-/usr/sbin/sshd -i $OPTIONS
ExecStart=-/usr/sbin/sshd -i $OPTIONS $CRYPTO_POLICY
StandardInput=socket