On Tue, Apr 28, 2015 at 10:09:41AM +0100, Stuart Henderson wrote:
> On 2015/04/28 10:45, Antoine Jacoutot wrote:
> > On Mon, Apr 27, 2015 at 05:17:11PM -0600, Damien Miller wrote:
> > > CVSROOT: /cvs
> > > Module name: src
> > > Changes by: d...@cvs.openbsd.org 2015/04/27 17:17:11
> > >
> > > Modified files:
> > > distrib/miniroot: install.sh install.sub
> > >
> > > Log message:
> > > Rework sshd enable root login questions in light of sshd PermitRootLogin
> > > default change. The new default is not to ask to enable root logins
> > > when a non-root user has been addedi. There is some additional sublety
> > > for auto-installs that provide root ssh keys.
> > >
> > > patch by myself and rpe@ with feedback from sthen@;
> > > ok rpe@ deraadt@ sthen@
> >
> > If I read the diff correctly it means that if I create a user, I end up with
> > sshd_flags=NO
> > in rc.conf.local ?
>
> I think you're right, does this make sense? (I need to clean my src tree
> before I can build a release, so not yet tested).
That looks better yes. But I cannot test it today though...
> Index: install.sub
> ===================================================================
> RCS file: /cvs/src/distrib/miniroot/install.sub,v
> retrieving revision 1.834
> diff -u -p -r1.834 install.sub
> --- install.sub 27 Apr 2015 23:17:11 -0000 1.834
> +++ install.sub 28 Apr 2015 09:06:50 -0000
> @@ -2019,14 +2019,14 @@ install_sets() {
> apply() {
> local ssh_permitroot=
>
> - if [[ $sshd == y && $sshd_enableroot == y ]]; then
> + if [[ $sshd == n ]]; then
> + echo "sshd_flags=NO" >>/mnt/etc/rc.conf.local
> + elif [[ $sshd_enableroot == y ]]; then
> ssh_permitroot=yes
> [[ -n $rootkey ]] && ssh_permitroot=without-password
> sed "/^#\(PermitRootLogin\) no/s//\1 $ssh_permitroot/" \
> </mnt/etc/ssh/sshd_config >/tmp/sshd_config
> cp /tmp/sshd_config /mnt/etc/ssh/sshd_config
> - else
> - echo "sshd_flags=NO" >>/mnt/etc/rc.conf.local
> fi
>
> if [[ $ntpd == y ]]; then
>
--
Antoine
