From c00e83b16e3dd048c2396b57531a7cec40189a39 Mon Sep 17 00:00:00 2001
From: Cecil Hugh Watson <knoppmyth@gmail.com>
Date: Fri, 27 Feb 2009 21:44:42 -0800
Subject: Really protect users from themselves.

---
 abs/core-testing/openssh/PKGBUILD   |  8 ++++----
 abs/core-testing/openssh/sshd.patch | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+), 4 deletions(-)
 create mode 100644 abs/core-testing/openssh/sshd.patch

diff --git a/abs/core-testing/openssh/PKGBUILD b/abs/core-testing/openssh/PKGBUILD
index 81bc2a0..ade755f 100644
--- a/abs/core-testing/openssh/PKGBUILD
+++ b/abs/core-testing/openssh/PKGBUILD
@@ -4,7 +4,7 @@
 
 pkgname=openssh
 pkgver=5.1p1
-pkgrel=3
+pkgrel=4
 #_gsskexver=20080404
 pkgdesc='A Secure SHell server/client'
 arch=(i686 x86_64)
@@ -13,15 +13,15 @@ url="http://www.openssh.org/portable.html"
 backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd')
 depends=('openssl>=0.9.8g' 'zlib' 'pam' 'tcp_wrappers' 'heimdal>=1.2-1')
 source=(ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$pkgver.tar.gz
-        sshd sshd.confd sshd.pam sshd_config.diff)
+        sshd sshd.confd sshd.pam sshd.patch)
         #http://www.sxw.org.uk/computing/patches/$pkgname-$pkgver-gsskex-$_gsskexver.patch
 md5sums=('03f2d0c1b5ec60d4ac9997a146d2faec' 'd9ee5e0a0d143689b3d6f11454a2a892'
          'e2cea70ac13af7e63d40eb04415eacd5' '1c7c2ea8734ec7e3ca58d820634dc73a'
-	 'd41d8cd98f00b204e9800998ecf8427e')
+	 'd5e6ef9fd6126f6a560e402561f5be6e')
 
 build() {
   cd $startdir/src/$pkgname-$pkgver
-  patch -p1 < ../sshd_config.diff
+  patch -p1 < ../sshd.patch
   #patch -up0 < $startdir/src/$pkgname-$pkgver-gsskex-$_gsskexver.patch
 
   #NOTE we disable-strip so that makepkg can decide whether to strip or not
diff --git a/abs/core-testing/openssh/sshd.patch b/abs/core-testing/openssh/sshd.patch
new file mode 100644
index 0000000..e883a4c
--- /dev/null
+++ b/abs/core-testing/openssh/sshd.patch
@@ -0,0 +1,35 @@
+diff -ruaN openssh-5.1p1.orig/sshd_config openssh-5.1p1/sshd_config
+--- openssh-5.1p1.orig/sshd_config	2008-07-02 12:35:43.000000000 +0000
++++ openssh-5.1p1/sshd_config	2009-02-28 05:40:09.000000000 +0000
+@@ -38,14 +38,14 @@
+ # Authentication:
+ 
+ #LoginGraceTime 2m
+-#PermitRootLogin yes
++PermitRootLogin no
+ #StrictModes yes
+ #MaxAuthTries 6
+ #MaxSessions 10
+ 
+ #RSAAuthentication yes
+-#PubkeyAuthentication yes
+-#AuthorizedKeysFile	.ssh/authorized_keys
++PubkeyAuthentication yes
++AuthorizedKeysFile	.ssh/authorized_keys
+ 
+ # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+ #RhostsRSAAuthentication no
+@@ -88,7 +88,7 @@
+ #AllowAgentForwarding yes
+ #AllowTcpForwarding yes
+ #GatewayPorts no
+-#X11Forwarding no
++X11Forwarding yes
+ #X11DisplayOffset 10
+ #X11UseLocalhost yes
+ #PrintMotd yes
+@@ -117,3 +117,4 @@
+ #	X11Forwarding no
+ #	AllowTcpForwarding no
+ #	ForceCommand cvs server
++DenyUsers mythtv
-- 
cgit v0.12