On 2015/04/28 10:45, Antoine Jacoutot wrote: > On Mon, Apr 27, 2015 at 05:17:11PM -0600, Damien Miller wrote: > > CVSROOT: /cvs > > Module name: src > > Changes by: d...@cvs.openbsd.org 2015/04/27 17:17:11 > > > > Modified files: > > distrib/miniroot: install.sh install.sub > > > > Log message: > > Rework sshd enable root login questions in light of sshd PermitRootLogin > > default change. The new default is not to ask to enable root logins > > when a non-root user has been addedi. There is some additional sublety > > for auto-installs that provide root ssh keys. > > > > patch by myself and rpe@ with feedback from sthen@; > > ok rpe@ deraadt@ sthen@ > > If I read the diff correctly it means that if I create a user, I end up with > sshd_flags=NO > in rc.conf.local ?
I think you're right, does this make sense? (I need to clean my src tree before I can build a release, so not yet tested). Index: install.sub =================================================================== RCS file: /cvs/src/distrib/miniroot/install.sub,v retrieving revision 1.834 diff -u -p -r1.834 install.sub --- install.sub 27 Apr 2015 23:17:11 -0000 1.834 +++ install.sub 28 Apr 2015 09:06:50 -0000 @@ -2019,14 +2019,14 @@ install_sets() { apply() { local ssh_permitroot= - if [[ $sshd == y && $sshd_enableroot == y ]]; then + if [[ $sshd == n ]]; then + echo "sshd_flags=NO" >>/mnt/etc/rc.conf.local + elif [[ $sshd_enableroot == y ]]; then ssh_permitroot=yes [[ -n $rootkey ]] && ssh_permitroot=without-password sed "/^#\(PermitRootLogin\) no/s//\1 $ssh_permitroot/" \ </mnt/etc/ssh/sshd_config >/tmp/sshd_config cp /tmp/sshd_config /mnt/etc/ssh/sshd_config - else - echo "sshd_flags=NO" >>/mnt/etc/rc.conf.local fi if [[ $ntpd == y ]]; then