On Tue, Apr 28, 2015 at 10:09:41AM +0100, Stuart Henderson wrote: > On 2015/04/28 10:45, Antoine Jacoutot wrote: > > On Mon, Apr 27, 2015 at 05:17:11PM -0600, Damien Miller wrote: > > > CVSROOT: /cvs > > > Module name: src > > > Changes by: d...@cvs.openbsd.org 2015/04/27 17:17:11 > > > > > > Modified files: > > > distrib/miniroot: install.sh install.sub > > > > > > Log message: > > > Rework sshd enable root login questions in light of sshd PermitRootLogin > > > default change. The new default is not to ask to enable root logins > > > when a non-root user has been addedi. There is some additional sublety > > > for auto-installs that provide root ssh keys. > > > > > > patch by myself and rpe@ with feedback from sthen@; > > > ok rpe@ deraadt@ sthen@ > > > > If I read the diff correctly it means that if I create a user, I end up with > > sshd_flags=NO > > in rc.conf.local ? > > I think you're right, does this make sense? (I need to clean my src tree > before I can build a release, so not yet tested).
That looks better yes. But I cannot test it today though... > Index: install.sub > =================================================================== > RCS file: /cvs/src/distrib/miniroot/install.sub,v > retrieving revision 1.834 > diff -u -p -r1.834 install.sub > --- install.sub 27 Apr 2015 23:17:11 -0000 1.834 > +++ install.sub 28 Apr 2015 09:06:50 -0000 > @@ -2019,14 +2019,14 @@ install_sets() { > apply() { > local ssh_permitroot= > > - if [[ $sshd == y && $sshd_enableroot == y ]]; then > + if [[ $sshd == n ]]; then > + echo "sshd_flags=NO" >>/mnt/etc/rc.conf.local > + elif [[ $sshd_enableroot == y ]]; then > ssh_permitroot=yes > [[ -n $rootkey ]] && ssh_permitroot=without-password > sed "/^#\(PermitRootLogin\) no/s//\1 $ssh_permitroot/" \ > </mnt/etc/ssh/sshd_config >/tmp/sshd_config > cp /tmp/sshd_config /mnt/etc/ssh/sshd_config > - else > - echo "sshd_flags=NO" >>/mnt/etc/rc.conf.local > fi > > if [[ $ntpd == y ]]; then > -- Antoine