summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorDan McGregor <dan.mcgregor@usask.ca>2015-01-15 15:11:00 -0600
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-02-03 14:53:54 +0000
commite4dc8fe86c6b503cc3e55a2a466a65a1313501a1 (patch)
treebbbccb8d7332ded9a47cab38fd72677a7766aa5e /meta
parent93842f0ec96b6e0f7863441f6ae02febe8a24a62 (diff)
downloadpoky-e4dc8fe86c6b503cc3e55a2a466a65a1313501a1.tar.gz
openssh: configuration updates
Rebase sshd_config and ssh_config with openssh upstream. Check for the ed25519 key in the systemd keygen service. (From OE-Core rev: 046dd5567d9de0596023846e7f0c6df7f01a9f5b) Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-connectivity/openssh/openssh/ssh_config4
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd_config30
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service1
3 files changed, 26 insertions, 9 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/ssh_config b/meta/recipes-connectivity/openssh/openssh/ssh_config
index 4a4a649ba8..9e919156d3 100644
--- a/meta/recipes-connectivity/openssh/openssh/ssh_config
+++ b/meta/recipes-connectivity/openssh/openssh/ssh_config
@@ -1,4 +1,4 @@
1# $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $ 1# $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $
2 2
3# This is the ssh client system-wide configuration file. See 3# This is the ssh client system-wide configuration file. See
4# ssh_config(5) for more information. This file provides defaults for 4# ssh_config(5) for more information. This file provides defaults for
@@ -44,3 +44,5 @@ Host *
44# TunnelDevice any:any 44# TunnelDevice any:any
45# PermitLocalCommand no 45# PermitLocalCommand no
46# VisualHostKey no 46# VisualHostKey no
47# ProxyCommand ssh -q -W %h:%p gateway.example.com
48# RekeyLimit 1G 1h
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config
index 4f9b626fbd..3553669aa0 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd_config
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_config
@@ -15,9 +15,7 @@
15#ListenAddress 0.0.0.0 15#ListenAddress 0.0.0.0
16#ListenAddress :: 16#ListenAddress ::
17 17
18# Disable legacy (protocol version 1) support in the server for new 18# The default requires explicit activation of protocol 1
19# installations. In future the default will change to require explicit
20# activation of protocol 1
21Protocol 2 19Protocol 2
22 20
23# HostKey for protocol version 1 21# HostKey for protocol version 1
@@ -25,11 +23,16 @@ Protocol 2
25# HostKeys for protocol version 2 23# HostKeys for protocol version 2
26#HostKey /etc/ssh/ssh_host_rsa_key 24#HostKey /etc/ssh/ssh_host_rsa_key
27#HostKey /etc/ssh/ssh_host_dsa_key 25#HostKey /etc/ssh/ssh_host_dsa_key
26#HostKey /etc/ssh/ssh_host_ecdsa_key
27#HostKey /etc/ssh/ssh_host_ed25519_key
28 28
29# Lifetime and size of ephemeral version 1 server key 29# Lifetime and size of ephemeral version 1 server key
30#KeyRegenerationInterval 1h 30#KeyRegenerationInterval 1h
31#ServerKeyBits 1024 31#ServerKeyBits 1024
32 32
33# Ciphers and keying
34#RekeyLimit default none
35
33# Logging 36# Logging
34# obsoletes QuietMode and FascistLogging 37# obsoletes QuietMode and FascistLogging
35#SyslogFacility AUTH 38#SyslogFacility AUTH
@@ -45,7 +48,15 @@ Protocol 2
45 48
46#RSAAuthentication yes 49#RSAAuthentication yes
47#PubkeyAuthentication yes 50#PubkeyAuthentication yes
48#AuthorizedKeysFile .ssh/authorized_keys 51
52# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
53# but this is overridden so installations will only check .ssh/authorized_keys
54AuthorizedKeysFile .ssh/authorized_keys
55
56#AuthorizedPrincipalsFile none
57
58#AuthorizedKeysCommand none
59#AuthorizedKeysCommandUser nobody
49 60
50# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 61# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
51#RhostsRSAAuthentication no 62#RhostsRSAAuthentication no
@@ -74,8 +85,8 @@ Protocol 2
74#GSSAPIAuthentication no 85#GSSAPIAuthentication no
75#GSSAPICleanupCredentials yes 86#GSSAPICleanupCredentials yes
76 87
77# Set this to 'yes' to enable PAM authentication, account processing, 88# Set this to 'yes' to enable PAM authentication, account processing,
78# and session processing. If this is enabled, PAM authentication will 89# and session processing. If this is enabled, PAM authentication will
79# be allowed through the ChallengeResponseAuthentication and 90# be allowed through the ChallengeResponseAuthentication and
80# PasswordAuthentication. Depending on your PAM configuration, 91# PasswordAuthentication. Depending on your PAM configuration,
81# PAM authentication via ChallengeResponseAuthentication may bypass 92# PAM authentication via ChallengeResponseAuthentication may bypass
@@ -91,20 +102,22 @@ Protocol 2
91#X11Forwarding no 102#X11Forwarding no
92#X11DisplayOffset 10 103#X11DisplayOffset 10
93#X11UseLocalhost yes 104#X11UseLocalhost yes
105#PermitTTY yes
94#PrintMotd yes 106#PrintMotd yes
95#PrintLastLog yes 107#PrintLastLog yes
96#TCPKeepAlive yes 108#TCPKeepAlive yes
97#UseLogin no 109#UseLogin no
98UsePrivilegeSeparation yes 110UsePrivilegeSeparation sandbox # Default for new installations.
99#PermitUserEnvironment no 111#PermitUserEnvironment no
100Compression no 112Compression no
101ClientAliveInterval 15 113ClientAliveInterval 15
102ClientAliveCountMax 4 114ClientAliveCountMax 4
103#UseDNS yes 115#UseDNS yes
104#PidFile /var/run/sshd.pid 116#PidFile /var/run/sshd.pid
105#MaxStartups 10 117#MaxStartups 10:30:100
106#PermitTunnel no 118#PermitTunnel no
107#ChrootDirectory none 119#ChrootDirectory none
120#VersionAddendum none
108 121
109# no default banner path 122# no default banner path
110#Banner none 123#Banner none
@@ -116,4 +129,5 @@ Subsystem sftp /usr/libexec/sftp-server
116#Match User anoncvs 129#Match User anoncvs
117# X11Forwarding no 130# X11Forwarding no
118# AllowTcpForwarding no 131# AllowTcpForwarding no
132# PermitTTY no
119# ForceCommand cvs server 133# ForceCommand cvs server
diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
index c21d70baf0..d65086fc8a 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
+++ b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
@@ -3,6 +3,7 @@ Description=OpenSSH Key Generation
3ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key 3ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key
4ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key 4ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key
5ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key 5ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key
6ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key
6 7
7[Service] 8[Service]
8ExecStart=@BINDIR@/ssh-keygen -A 9ExecStart=@BINDIR@/ssh-keygen -A