On 2015/04/28 10:45, Antoine Jacoutot wrote:
> On Mon, Apr 27, 2015 at 05:17:11PM -0600, Damien Miller wrote:
> > CVSROOT: /cvs
> > Module name: src
> > Changes by: d...@cvs.openbsd.org 2015/04/27 17:17:11
> >
> > Modified files:
> > distrib/miniroot: install.sh install.sub
> >
> > Log message:
> > Rework sshd enable root login questions in light of sshd PermitRootLogin
> > default change. The new default is not to ask to enable root logins
> > when a non-root user has been addedi. There is some additional sublety
> > for auto-installs that provide root ssh keys.
> >
> > patch by myself and rpe@ with feedback from sthen@;
> > ok rpe@ deraadt@ sthen@
>
> If I read the diff correctly it means that if I create a user, I end up with
> sshd_flags=NO
> in rc.conf.local ?
I think you're right, does this make sense? (I need to clean my src tree
before I can build a release, so not yet tested).
Index: install.sub
===================================================================
RCS file: /cvs/src/distrib/miniroot/install.sub,v
retrieving revision 1.834
diff -u -p -r1.834 install.sub
--- install.sub 27 Apr 2015 23:17:11 -0000 1.834
+++ install.sub 28 Apr 2015 09:06:50 -0000
@@ -2019,14 +2019,14 @@ install_sets() {
apply() {
local ssh_permitroot=
- if [[ $sshd == y && $sshd_enableroot == y ]]; then
+ if [[ $sshd == n ]]; then
+ echo "sshd_flags=NO" >>/mnt/etc/rc.conf.local
+ elif [[ $sshd_enableroot == y ]]; then
ssh_permitroot=yes
[[ -n $rootkey ]] && ssh_permitroot=without-password
sed "/^#\(PermitRootLogin\) no/s//\1 $ssh_permitroot/" \
</mnt/etc/ssh/sshd_config >/tmp/sshd_config
cp /tmp/sshd_config /mnt/etc/ssh/sshd_config
- else
- echo "sshd_flags=NO" >>/mnt/etc/rc.conf.local
fi
if [[ $ntpd == y ]]; then
