From: sthen Date: Tue, 28 Apr 2015 21:41:40 +0000 (+0000) Subject: ajacoutot spotted a problem with the new sshd logic (to disable root logins X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=4cc549e573818eb7cc60ba6c1ed65ecd92d50bc0;p=openbsd ajacoutot spotted a problem with the new sshd logic (to disable root logins by default completely in most cases, except where a public ssh key was provided to autoinstall) - in the case where a (non-root) account was created, sshd was being disabled; this diff fixes it. Looks good ajacoutot, OK djm@, extensive testing+OK rpe@, --- diff --git a/distrib/miniroot/install.sub b/distrib/miniroot/install.sub index 16cd174853c..c77003ccdbe 100644 --- a/distrib/miniroot/install.sub +++ b/distrib/miniroot/install.sub @@ -1,4 +1,4 @@ -# $OpenBSD: install.sub,v 1.834 2015/04/27 23:17:11 djm Exp $ +# $OpenBSD: install.sub,v 1.835 2015/04/28 21:41:40 sthen Exp $ # # Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback # Copyright (c) 2015, Robert Peichaer @@ -2019,14 +2019,14 @@ install_sets() { apply() { local ssh_permitroot= - if [[ $sshd == y && $sshd_enableroot == y ]]; then + if [[ $sshd == n ]]; then + echo "sshd_flags=NO" >>/mnt/etc/rc.conf.local + elif [[ $sshd_enableroot == y ]]; then ssh_permitroot=yes [[ -n $rootkey ]] && ssh_permitroot=without-password sed "/^#\(PermitRootLogin\) no/s//\1 $ssh_permitroot/" \ /tmp/sshd_config cp /tmp/sshd_config /mnt/etc/ssh/sshd_config - else - echo "sshd_flags=NO" >>/mnt/etc/rc.conf.local fi if [[ $ntpd == y ]]; then