Fix sftp broken before config_controller

The previous commit broke sftp before config_controller (sftp
fails to connect to the newly installed controller). This patch
fixed this by removing the change to sftp subsystem in the patch
to sshd_config.

Change-Id: I825ea3c0308cecbd94a5521568ed436797167f8b
Signed-off-by: Andy Ning <andy.ning@windriver.com>
This commit is contained in:
Andy Ning 2018-03-23 15:41:32 -04:00 committed by Jack Ding
parent 62ed634825
commit 3fd954326e

View File

@ -1,6 +1,6 @@
From 5f272d70827454c71a650018786c444116927348 Mon Sep 17 00:00:00 2001 From a2f285b181d1867266ff9e705e87d54737f863cb Mon Sep 17 00:00:00 2001
From: Andy Ning <andy.ning@windriver.com> From: Andy Ning <andy.ning@windriver.com>
Date: Thu, 22 Mar 2018 10:16:08 -0400 Date: Fri, 23 Mar 2018 14:46:06 -0400
Subject: [PATCH 1/1] CGTS-9265: remove sha1 based kex algorithms Subject: [PATCH 1/1] CGTS-9265: remove sha1 based kex algorithms
The patch hardened ssh server and client security, specifically The patch hardened ssh server and client security, specifically
@ -8,8 +8,8 @@ removed support of sha1 base kex algrorithms as found by Nessus
scan. scan.
--- ---
ssh_config | 3 +++ ssh_config | 3 +++
sshd_config | 47 ++++++++++++++++++++++++++++------------------- sshd_config | 45 +++++++++++++++++++++++++++------------------
2 files changed, 31 insertions(+), 19 deletions(-) 2 files changed, 30 insertions(+), 18 deletions(-)
diff --git a/ssh_config b/ssh_config diff --git a/ssh_config b/ssh_config
index d1c83ea..3320eb0 100644 index d1c83ea..3320eb0 100644
@ -23,7 +23,7 @@ index d1c83ea..3320eb0 100644
+# Filtered key exchange algorithm list +# Filtered key exchange algorithm list
+KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 +KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
diff --git a/sshd_config b/sshd_config diff --git a/sshd_config b/sshd_config
index 6bbb86b..122dee3 100644 index 6bbb86b..7fb2ac7 100644
--- a/sshd_config --- a/sshd_config
+++ b/sshd_config +++ b/sshd_config
@@ -25,19 +25,19 @@ HostKey /etc/ssh/ssh_host_ecdsa_key @@ -25,19 +25,19 @@ HostKey /etc/ssh/ssh_host_ecdsa_key
@ -107,15 +107,6 @@ index 6bbb86b..122dee3 100644
# Accept locale-related environment variables # Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
@@ -129,7 +130,7 @@ AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
# override default of no subsystems
-Subsystem sftp /usr/libexec/sftp-server
+Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
@@ -137,3 +138,11 @@ Subsystem sftp /usr/libexec/sftp-server @@ -137,3 +138,11 @@ Subsystem sftp /usr/libexec/sftp-server
# AllowTcpForwarding no # AllowTcpForwarding no
# PermitTTY no # PermitTTY no