From 3e611d91bb0598e7760fde3d5d9dc6c020707091 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 16 Mar 2020 11:02:42 +0100
Subject: [PATCH] Simplify references to crypto policies in configuration files
 (#1812854)

---
 openssh-7.7p1-redhat.patch | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/openssh-7.7p1-redhat.patch b/openssh-7.7p1-redhat.patch
index 0bf26bd..6c8d539 100644
--- a/openssh-7.7p1-redhat.patch
+++ b/openssh-7.7p1-redhat.patch
@@ -1,13 +1,16 @@
 diff -up openssh/ssh_config.redhat openssh/ssh_config
 --- openssh/ssh_config.redhat	2020-02-11 23:28:35.000000000 +0100
 +++ openssh/ssh_config	2020-02-13 18:13:39.180641839 +0100
-@@ -43,3 +43,7 @@
+@@ -43,3 +43,10 @@
  #   VisualHostKey no
  #   ProxyCommand ssh -q -W %h:%p gateway.example.com
  #   RekeyLimit 1G 1h
 +#
-+# To modify the system-wide ssh configuration, create a  *.conf  file under
-+#  /etc/ssh/ssh_config.d/  which will be automatically included below
++# This system is following system-wide crypto policy.
++# To modify the crypto properties (Ciphers, MACs, ...), create a  *.conf
++#  file under  /etc/ssh/ssh_config.d/  which will be automatically
++# included below. For more information, see manual page for
++#  update-crypto-policies(8)  and  ssh_config(5).
 +Include /etc/ssh/ssh_config.d/*.conf
 diff -up openssh/ssh_config_redhat.redhat openssh/ssh_config_redhat
 --- openssh/ssh_config_redhat.redhat	2020-02-13 18:13:39.180641839 +0100
@@ -81,21 +84,18 @@ diff -up openssh/sshd_config.redhat openssh/sshd_config
  #	PermitTTY no
  #	ForceCommand cvs server
 +
-+# To modify the system-wide ssh configuration, create a  *.conf  file under
++# To modify the system-wide sshd configuration, create a  *.conf  file under
 +#  /etc/ssh/sshd_config.d/  which will be automatically included below
 +Include /etc/ssh/sshd_config.d/*.conf
 diff -up openssh/sshd_config_redhat.redhat openssh/sshd_config_redhat
 --- openssh/sshd_config_redhat.redhat	2020-02-13 18:14:02.268006439 +0100
 +++ openssh/sshd_config_redhat	2020-02-13 18:19:20.765035947 +0100
-@@ -0,0 +1,31 @@
-+# System-wide Crypto policy:
+@@ -0,0 +1,28 @@
 +# This system is following system-wide crypto policy. The changes to
-+# Ciphers, MACs, KexAlgoritms and GSSAPIKexAlgorithsm will not have any
-+# effect here. They will be overridden by command-line options passed on
-+# the server start up.
-+# To opt out, uncomment a line with redefinition of  CRYPTO_POLICY=
-+# variable in  /etc/sysconfig/sshd  to overwrite the policy.
-+# For more information, see manual page for update-crypto-policies(8).
++# crypto properties (Ciphers, MACs, ...) will not have any effect here.
++# They will be overridden by command-line options passed to the server
++# on command line.
++# Please, check manual pages for update-crypto-policies(8) and sshd_config(5).
 +
 +SyslogFacility AUTHPRIV
 +