Attachment 19898 Details for Bug 56564 – Пример патча

[patch] Пример патча

rear-sshd-alt.patch (text/plain), 7.56 KB, created by Vladislav Glinkin on 2025-10-22 19:33:42 MSK

(hide)

Description:

Filename:

MIME Type:

Creator: Vladislav Glinkin

Created: 2025-10-22 19:33:42 MSK

Size: 7.56 KB

patch

obsolete

>--- a/usr/share/rear/build/default/500_ssh_setup.sh
>+++ b/usr/share/rear/build/default/500_ssh_setup.sh
>@@ -10,7 +10,7 @@ is_false "$SSH_FILES" && return
> # Patch sshd_config:
> # Because only OpenSSH >= 3.1 is supported where /etc/ssh/ is the default directory for configuration files
> # only etc/ssh/sshd_config is used cf. https://github.com/rear/rear/pull/1538#issuecomment-337904240
>-local sshd_config_file="$ROOTFS_DIR/etc/ssh/sshd_config"
>+local sshd_config_file="$ROOTFS_DIR/etc/openssh/sshd_config"
> if [[ -f "$sshd_config_file" ]]; then
>     # Enable root login with a password only if SSH_ROOT_PASSWORD is set
>     local password_authentication_value=no
>@@ -137,7 +137,7 @@ local ssh_host_key_file=""
> local recovery_system_key_file=""
> local ssh_host_key_exists="no"
> for ssh_host_key_type in $ssh_host_key_types ; do
>-    ssh_host_key_file="etc/ssh/ssh_host_${ssh_host_key_type}_key"
>+    ssh_host_key_file="etc/openssh/ssh_host_${ssh_host_key_type}_key"
>     # Do not overwrite what is already there (could have been copied via COPY_AS_IS):
>     if test -f "$ROOTFS_DIR/$ssh_host_key_file" ; then
>         Log "Using existing SSH host key $ssh_host_key_file in recovery system"
>@@ -161,5 +161,5 @@ for ssh_host_key_type in $ssh_host_key_types ; do
>     # cf. https://github.com/rear/rear/pull/1530#issuecomment-336405425
>     ssh-keygen $v -t "$ssh_host_key_type" -N '' -f "$recovery_system_key_file" && ssh_host_key_exists="yes" || Log "Cannot generate $ssh_host_key_type key"
> done
>-is_false "$ssh_host_key_exists" && LogPrintError "No SSH host key etc/ssh/ssh_host_TYPE_key of any type $ssh_host_key_types in recovery system"
>+is_false "$ssh_host_key_exists" && LogPrintError "No SSH host key etc/openssh/ssh_host_TYPE_key of any type $ssh_host_key_types in recovery system"
>
>--- a/usr/share/rear/build/default/501_check_ssh_keys.sh
>+++ b/usr/share/rear/build/default/501_check_ssh_keys.sh
>@@ -18,7 +18,7 @@ local key_files=()
> # The funny [] around a letter makes 'shopt -s nullglob' remove this file from the list if it does not exist.
> if is_false "$SSH_UNPROTECTED_PRIVATE_KEYS" ; then
>     # When SSH_UNPROTECTED_PRIVATE_KEYS is false let ReaR find SSH key files:
>-    local host_key_files=( etc/ssh/ssh_host_* )
>+    local host_key_files=( etc/openssh/ssh_host_* )
>     # Caveat: This code will only detect SSH key files for root, not for other users.
>     local root_key_files=( ./$ROOT_HOME_DIR/.ssh/identi[t]y ./$ROOT_HOME_DIR/.ssh/id_* )
>     # Parse SSH config files in $ROOTFS_DIR/etc/ssh for non-commented IdentityFile keywords and values
>@@ -45,7 +45,7 @@ if is_false "$SSH_UNPROTECTED_PRIVATE_KEYS" ; then
>     # can be found and filtered out by the below key_files=( $( echo ... | sort -u ) )
>     # The "find ./etc/ssh" ensures that SSH 'Include' config files e.g. in /etc/ssh/ssh_config.d/
>     # are also parsed, cf. https://github.com/rear/rear/issues/2421
>-    local host_identity_files=( $( find ./etc/ssh -type f | xargs grep -ih '^[^#]*IdentityFile' | tr -d ' "=' | sed -e 's/identityfile//I' -e "s#~#./$ROOT_HOME_DIR#g" ) )
>+    local host_identity_files=( $( find ./etc/openssh -type f | xargs grep -ih '^[^#]*IdentityFile' | tr -d ' "=' | sed -e 's/identityfile//I' -e "s#~#./$ROOT_HOME_DIR#g" ) )
>     # If $ROOTFS_DIR/root/.ssh/config exists parse it for IdentityFile values in the same way as above:
>     local root_identity_files=()
>     local root_ssh_config="./$ROOT_HOME_DIR/.ssh/config"
>
>--- a/usr/share/rear/rescue/default/500_ssh.sh
>+++ b/usr/share/rear/rescue/default/500_ssh.sh
>@@ -23,7 +23,7 @@ if is_true "$SSH_FILES" ; then
>     # into the recovery system to make remote access "just work" in the recovery system
>     # (provided SSH_UNPROTECTED_PRIVATE_KEYS is not false - otherwise unprotected keys get excluded)
>     # cf. https://github.com/rear/rear/issues/1512 and https://github.com/rear/rear/issues/1511
>-    copy_as_is_ssh_files=( /etc/s[s]h $ROOT_HOME_DIR/.s[s]h $ROOT_HOME_DIR/.shos[t]s )
>+    copy_as_is_ssh_files=( /etc/opens[s]h $ROOT_HOME_DIR/.s[s]h $ROOT_HOME_DIR/.shos[t]s )
> else
>     # Use a reasonably secure fallback if SSH_FILES is not set or empty:
>     contains_visible_char "${SSH_FILES[*]}" || SSH_FILES="avoid_sensitive_files"
>@@ -32,7 +32,7 @@ else
>         # From /etc/ssh copy only moduli ssh_config sshd_config ssh_known_hosts
>         # and from $ROOT_HOME_DIR/.ssh copy only authorized_keys known_hosts (if exists)
>         # cf. https://github.com/rear/rear/issues/1512#issuecomment-331638066
>-        copy_as_is_ssh_files=( /etc/ssh/modu[l]i /etc/ssh/ssh_co[n]fig /etc/ssh/sshd_co[n]fig /etc/ssh/ssh_known_hos[t]s )
>+        copy_as_is_ssh_files=( /etc/openssh/modu[l]i /etc/openssh/ssh_co[n]fig /etc/openssh/sshd_co[n]fig /etc/openssh/ssh_known_hos[t]s )
>         copy_as_is_ssh_files+=( $ROOT_HOME_DIR/.ssh/authorized_ke[y]s $ROOT_HOME_DIR/.ssh/known_hos[t]s )
>     else
>         # Copy exactly what is specified:
>@@ -72,7 +72,7 @@ test "$sshdsessionpath" && COPY_AS_IS+=( "$sshdsessionpath" )
> # grep 'sftp' /etc/ssh/sshd_config 2>/dev/null
> # looks like
> # Subsystem  sftp    /usr/lib/ssh/sftp-server
>-local grep_sftp_output=( $( grep 'sftp' /etc/ssh/sshd_config 2>/dev/null ) )
>+local grep_sftp_output=( $( grep 'sftp' /etc/openssh/sshd_config 2>/dev/null ) )
> local sftp_program="${grep_sftp_output[2]}"
> test "$sftp_program" && PROGS+=( "$sftp_program" )
>
>--- a/usr/share/rear/skel/default/etc/scripts/run-sshd
>+++ b/usr/share/rear/skel/default/etc/scripts/run-sshd
>@@ -2,7 +2,7 @@
> # Check /etc/inittab for "ssh:23:respawn:..." which means sshd should be started
> # (that entry is written by rescue/default/500_ssh.sh if sshd should be started):
> if grep -q '^ssh:' /etc/inittab ; then
>-    if ! test -s /etc/ssh/ssh_host_rsa_key ; then
>+    if ! test -s /etc/openssh/ssh_host_rsa_key ; then
>         # Generate at least an rsa SSH host key if there is none to be fail-safe against
>         # running sshd possibly without any SSH host key which is not accessible from remote
>         # (on the remote host one would get "Connection to recovery.system.IP.address closed.")
>@@ -10,13 +10,13 @@ if grep -q '^ssh:' /etc/inittab ; then
>         # Run ssh-keygen silently with '-q' to avoid messages about key generation
>         # that swamp the recovery system login screen so that there is be no longer a login prompt visible
>         # cf. https://github.com/rear/rear/issues/1512#issuecomment-348196998
>-        ssh-keygen -q -t rsa -N '' -f /etc/ssh/ssh_host_rsa_key
>-        echo -e "\nSSH fingerprint: $( ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub )\n" >> /etc/issue
>+        ssh-keygen -q -t rsa -N '' -f /etc/openssh/ssh_host_rsa_key
>+        echo -e "\nSSH fingerprint: $( ssh-keygen -l -f /etc/openssh/ssh_host_rsa_key.pub )\n" >> /etc/issue
>     fi
>-    if ! test -s /etc/ssh/ssh_host_ed25519_key ; then
>+    if ! test -s /etc/openssh/ssh_host_ed25519_key ; then
>         # Generate the ed25519 SSH host key required on EL9
>-        ssh-keygen -q -t ed25519 -N '' -f /etc/ssh/ssh_host_ed25519_key
>-        echo -e "\nSSH fingerprint: $( ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub )\n" >> /etc/issue
>+        ssh-keygen -q -t ed25519 -N '' -f /etc/openssh/ssh_host_ed25519_key
>+        echo -e "\nSSH fingerprint: $( ssh-keygen -l -f /etc/openssh/ssh_host_ed25519_key.pub )\n" >> /etc/issue
>     fi
>     mkdir -p /usr/share/empty.sshd   # required on EL9
>     mkdir -p /run/sshd
>@@ -26,6 +26,6 @@ if grep -q '^ssh:' /etc/inittab ; then
>     # and without '-D' one gets at least on SLES11 with SysVinit
>     #   INIT: Id "ssh" respawning too fast: disabled for 5 minutes
>     # cf. https://github.com/rear/rear/issues/1512#issuecomment-348201905
>-    exec /bin/sshd -D 2>/dev/null
>+    exec /sbin/sshd -D 2>/dev/null
> fi

Actions: View | Diff

Attachments on bug 56564: 19898