diff options
| author | Cecil Hugh Watson <knoppmyth@gmail.com> | 2009-02-28 05:44:42 (GMT) |
|---|---|---|
| committer | Cecil Hugh Watson <knoppmyth@gmail.com> | 2009-02-28 05:44:42 (GMT) |
| commit | c00e83b16e3dd048c2396b57531a7cec40189a39 (patch) | |
| tree | 06cfc43b4e47d248be6082ace89d94337b7dbe3a | |
| parent | d089f6a6e210a4b4dfbcb435c94200171c28423e (diff) | |
| download | linhes_pkgbuild-c00e83b16e3dd048c2396b57531a7cec40189a39.zip linhes_pkgbuild-c00e83b16e3dd048c2396b57531a7cec40189a39.tar.gz linhes_pkgbuild-c00e83b16e3dd048c2396b57531a7cec40189a39.tar.bz2 | |
Really protect users from themselves.
| -rw-r--r-- | abs/core-testing/openssh/PKGBUILD | 8 | ||||
| -rw-r--r-- | abs/core-testing/openssh/sshd.patch | 35 |
2 files changed, 39 insertions, 4 deletions
diff --git a/abs/core-testing/openssh/PKGBUILD b/abs/core-testing/openssh/PKGBUILD index 81bc2a0..ade755f 100644 --- a/abs/core-testing/openssh/PKGBUILD +++ b/abs/core-testing/openssh/PKGBUILD @@ -4,7 +4,7 @@ pkgname=openssh pkgver=5.1p1 -pkgrel=3 +pkgrel=4 #_gsskexver=20080404 pkgdesc='A Secure SHell server/client' arch=(i686 x86_64) @@ -13,15 +13,15 @@ url="http://www.openssh.org/portable.html" backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd') depends=('openssl>=0.9.8g' 'zlib' 'pam' 'tcp_wrappers' 'heimdal>=1.2-1') source=(ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$pkgver.tar.gz - sshd sshd.confd sshd.pam sshd_config.diff) + sshd sshd.confd sshd.pam sshd.patch) #http://www.sxw.org.uk/computing/patches/$pkgname-$pkgver-gsskex-$_gsskexver.patch md5sums=('03f2d0c1b5ec60d4ac9997a146d2faec' 'd9ee5e0a0d143689b3d6f11454a2a892' 'e2cea70ac13af7e63d40eb04415eacd5' '1c7c2ea8734ec7e3ca58d820634dc73a' - 'd41d8cd98f00b204e9800998ecf8427e') + 'd5e6ef9fd6126f6a560e402561f5be6e') build() { cd $startdir/src/$pkgname-$pkgver - patch -p1 < ../sshd_config.diff + patch -p1 < ../sshd.patch #patch -up0 < $startdir/src/$pkgname-$pkgver-gsskex-$_gsskexver.patch #NOTE we disable-strip so that makepkg can decide whether to strip or not diff --git a/abs/core-testing/openssh/sshd.patch b/abs/core-testing/openssh/sshd.patch new file mode 100644 index 0000000..e883a4c --- /dev/null +++ b/abs/core-testing/openssh/sshd.patch @@ -0,0 +1,35 @@ +diff -ruaN openssh-5.1p1.orig/sshd_config openssh-5.1p1/sshd_config +--- openssh-5.1p1.orig/sshd_config 2008-07-02 12:35:43.000000000 +0000 ++++ openssh-5.1p1/sshd_config 2009-02-28 05:40:09.000000000 +0000 +@@ -38,14 +38,14 @@ + # Authentication: + + #LoginGraceTime 2m +-#PermitRootLogin yes ++PermitRootLogin no + #StrictModes yes + #MaxAuthTries 6 + #MaxSessions 10 + + #RSAAuthentication yes +-#PubkeyAuthentication yes +-#AuthorizedKeysFile .ssh/authorized_keys ++PubkeyAuthentication yes ++AuthorizedKeysFile .ssh/authorized_keys + + # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts + #RhostsRSAAuthentication no +@@ -88,7 +88,7 @@ + #AllowAgentForwarding yes + #AllowTcpForwarding yes + #GatewayPorts no +-#X11Forwarding no ++X11Forwarding yes + #X11DisplayOffset 10 + #X11UseLocalhost yes + #PrintMotd yes +@@ -117,3 +117,4 @@ + # X11Forwarding no + # AllowTcpForwarding no + # ForceCommand cvs server ++DenyUsers mythtv |