Fix sftp broken before config_controller
The previous commit broke sftp before config_controller (sftp fails to connect to the newly installed controller). This patch fixed this by removing the change to sftp subsystem in the patch to sshd_config. Change-Id: I825ea3c0308cecbd94a5521568ed436797167f8b Signed-off-by: Andy Ning <andy.ning@windriver.com>
This commit is contained in:
parent
62ed634825
commit
3fd954326e
@ -1,6 +1,6 @@
|
|||||||
From 5f272d70827454c71a650018786c444116927348 Mon Sep 17 00:00:00 2001
|
From a2f285b181d1867266ff9e705e87d54737f863cb Mon Sep 17 00:00:00 2001
|
||||||
From: Andy Ning <andy.ning@windriver.com>
|
From: Andy Ning <andy.ning@windriver.com>
|
||||||
Date: Thu, 22 Mar 2018 10:16:08 -0400
|
Date: Fri, 23 Mar 2018 14:46:06 -0400
|
||||||
Subject: [PATCH 1/1] CGTS-9265: remove sha1 based kex algorithms
|
Subject: [PATCH 1/1] CGTS-9265: remove sha1 based kex algorithms
|
||||||
|
|
||||||
The patch hardened ssh server and client security, specifically
|
The patch hardened ssh server and client security, specifically
|
||||||
@ -8,8 +8,8 @@ removed support of sha1 base kex algrorithms as found by Nessus
|
|||||||
scan.
|
scan.
|
||||||
---
|
---
|
||||||
ssh_config | 3 +++
|
ssh_config | 3 +++
|
||||||
sshd_config | 47 ++++++++++++++++++++++++++++-------------------
|
sshd_config | 45 +++++++++++++++++++++++++++------------------
|
||||||
2 files changed, 31 insertions(+), 19 deletions(-)
|
2 files changed, 30 insertions(+), 18 deletions(-)
|
||||||
|
|
||||||
diff --git a/ssh_config b/ssh_config
|
diff --git a/ssh_config b/ssh_config
|
||||||
index d1c83ea..3320eb0 100644
|
index d1c83ea..3320eb0 100644
|
||||||
@ -23,7 +23,7 @@ index d1c83ea..3320eb0 100644
|
|||||||
+# Filtered key exchange algorithm list
|
+# Filtered key exchange algorithm list
|
||||||
+KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
|
+KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
|
||||||
diff --git a/sshd_config b/sshd_config
|
diff --git a/sshd_config b/sshd_config
|
||||||
index 6bbb86b..122dee3 100644
|
index 6bbb86b..7fb2ac7 100644
|
||||||
--- a/sshd_config
|
--- a/sshd_config
|
||||||
+++ b/sshd_config
|
+++ b/sshd_config
|
||||||
@@ -25,19 +25,19 @@ HostKey /etc/ssh/ssh_host_ecdsa_key
|
@@ -25,19 +25,19 @@ HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||||
@ -107,15 +107,6 @@ index 6bbb86b..122dee3 100644
|
|||||||
|
|
||||||
# Accept locale-related environment variables
|
# Accept locale-related environment variables
|
||||||
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
||||||
@@ -129,7 +130,7 @@ AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
|
|
||||||
AcceptEnv XMODIFIERS
|
|
||||||
|
|
||||||
# override default of no subsystems
|
|
||||||
-Subsystem sftp /usr/libexec/sftp-server
|
|
||||||
+Subsystem sftp /usr/libexec/openssh/sftp-server
|
|
||||||
|
|
||||||
# Example of overriding settings on a per-user basis
|
|
||||||
#Match User anoncvs
|
|
||||||
@@ -137,3 +138,11 @@ Subsystem sftp /usr/libexec/sftp-server
|
@@ -137,3 +138,11 @@ Subsystem sftp /usr/libexec/sftp-server
|
||||||
# AllowTcpForwarding no
|
# AllowTcpForwarding no
|
||||||
# PermitTTY no
|
# PermitTTY no
|
||||||
|
Loading…
Reference in New Issue
Block a user