Corinna Vinschen
2019-Jan-26 22:42 UTC
[PATCH 2/2] Cygwin: only tweak sshd_config file if it's new, drop creating sshd user
The sshd_config tweaks were executed even if the old file was
still in place. Fix that. Also disable sshd user creation.
It's not used on Cygwin.
---
contrib/cygwin/ssh-host-config | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index 52916d14ba94..cc36ea102f42 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -669,14 +669,24 @@ then
fi
# handle sshd_config
+# make sure not to change the existing file
+mod_before=""
+if [ -e "${SYSCONFDIR}/sshd_config" ]
+then
+ mod_before=$(stat "${SYSCONFDIR}/sshd_config" | grep
'^Modify:')
+fi
csih_install_config "${SYSCONFDIR}/sshd_config"
"${SYSCONFDIR}/defaults" || let ++warning_cnt
+mod_now=$(stat "${SYSCONFDIR}/sshd_config" | grep '^Modify:')
if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config"
"${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null
2>&1
then
sshd_config_configured=yes
fi
-sshd_strictmodes || let warning_cnt+=$?
-sshd_privsep || let warning_cnt+=$?
-sshd_config_tweak || let warning_cnt+=$?
+if [ "${mod_before}" != "${mod_now}" ]
+then
+ sshd_strictmodes || let warning_cnt+=$?
+ sshd_config_tweak || let warning_cnt+=$?
+fi
+#sshd_privsep || let warning_cnt+=$?
update_services_file || let warning_cnt+=$?
update_inetd_conf || let warning_cnt+=$?
install_service || let warning_cnt+=$?
--
2.20.1
Damien Miller
2019-Jan-27 22:58 UTC
[PATCH 2/2] Cygwin: only tweak sshd_config file if it's new, drop creating sshd user
On Sat, 26 Jan 2019, Corinna Vinschen wrote:> The sshd_config tweaks were executed even if the old file was > still in place. Fix that. Also disable sshd user creation. > It's not used on Cygwin.This and your previous have been merged - thanks again Corinna :) -d
Corinna Vinschen
2019-Jan-28 10:23 UTC
[PATCH 2/2] Cygwin: only tweak sshd_config file if it's new, drop creating sshd user
On Jan 28 09:58, Damien Miller wrote:> On Sat, 26 Jan 2019, Corinna Vinschen wrote: > > > The sshd_config tweaks were executed even if the old file was > > still in place. Fix that. Also disable sshd user creation. > > It's not used on Cygwin. > > This and your previous have been merged - thanks again Corinna :)Thanks Damien! I have a third patch in the loop which removes the requirement to create a special privileged account. But this has to wait until after the Cygwin 3.0 release. Corinna -- Corinna Vinschen Cygwin Maintainer Red Hat -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20190128/0fa04efe/attachment.asc>
Reasonably Related Threads
- [patch/cygwin] contrib/cygwin/ssh-host-config
- [PATCH/cygwin]: Revised sshh-host-config script
- [patch/Cygwin]: Simplify host key generation in ssh-host-config script
- [PATCH] Cygwin: rel 3.0 drops requirement for privileged non-SYSTEM account
- [PATCH] Cygwin: Change service name to cygsshd