[openssh-commits] [openssh] 01/01: Adapt Cygwin config script to privsep knob removal
git+noreply at mindrot.org
git+noreply at mindrot.org
Thu Mar 16 11:23:48 AEDT 2017
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 55a1117d7342a0bf8b793250cf314bab6b482b99
Author: Damien Miller <djm at mindrot.org>
Date: Thu Mar 16 11:22:42 2017 +1100
Adapt Cygwin config script to privsep knob removal
Patch from Corinna Vinschen.
---
contrib/cygwin/ssh-host-config | 43 +++++++++---------------------------------
1 file changed, 9 insertions(+), 34 deletions(-)
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index d934d09..db6aaa0 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -63,7 +63,6 @@ sshd_config_configured=no
port_number=22
service_name=sshd
strictmodes=yes
-privsep_used=yes
cygwin_value=""
user_account=
password_value=
@@ -140,33 +139,21 @@ sshd_strictmodes() {
# ======================================================================
# Routine: sshd_privsep
-# MODIFIES: privsep_used
+# Try to create ssshd user account
# ======================================================================
sshd_privsep() {
local ret=0
if [ "${sshd_config_configured}" != "yes" ]
then
- echo
- csih_inform "Privilege separation is set to 'sandbox' by default since"
- csih_inform "OpenSSH 6.1. This is unsupported by Cygwin and has to be set"
- csih_inform "to 'yes' or 'no'."
- csih_inform "However, using privilege separation requires a non-privileged account"
- csih_inform "called 'sshd'."
- csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
- if csih_request "Should privilege separation be used?"
+ if ! csih_create_unprivileged_user sshd
then
- privsep_used=yes
- if ! csih_create_unprivileged_user sshd
- then
- csih_error_recoverable "Couldn't create user 'sshd'!"
- csih_error_recoverable "Privilege separation set to 'no' again!"
- csih_error_recoverable "Check your ${SYSCONFDIR}/sshd_config file!"
- let ++ret
- privsep_used=no
- fi
- else
- privsep_used=no
+ csih_error_recoverable "Could not create user 'sshd'!"
+ csih_error_recoverable "You will not be able to run an sshd service"
+ csih_error_recoverable "under a privileged account successfully."
+ csih_error_recoverable "Make sure to create a non-privileged user 'sshd'"
+ csih_error_recoverable "manually before trying to run the service!"
+ let ++ret
fi
fi
return $ret
@@ -202,18 +189,6 @@ sshd_config_tweak() {
let ++ret
fi
fi
- if [ "${sshd_config_configured}" != "yes" ]
- then
- /usr/bin/sed -i -e "
- s/^#\?UsePrivilegeSeparation .*/UsePrivilegeSeparation ${privsep_used}/" \
- ${SYSCONFDIR}/sshd_config
- if [ $? -ne 0 ]
- then
- csih_warning "Setting privilege separation failed!"
- csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
- let ++ret
- fi
- fi
return $ret
} # --- End of sshd_config_tweak --- #
@@ -693,7 +668,7 @@ then
fi
fi
-# handle sshd_config (and privsep)
+# handle sshd_config
csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt
if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
then
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list