manifest: move sshd config fragments to overlay sshd_config.d on F32 #349
Conversation
|
Don't suppose it would work on RHEL 8... But glad to see sshd finally has that support. |
|
@jlebon are we safe to merge things to next-devel without fear of them getting stomped on by config-bot ? |
|
Right, this will indeed get stomped on by config-bot. See #180 (comment). As mentioned in #180 (comment), I think folding the overlay stuff into the manifest would be a cleaner way to solve this. For now though... one hack is to make the postprocess scripts you're modifying just conditionalize on |
bgilbert
changed the title
bgilbert
changed the title
|
Updated, rebased on testing-devel, and tested on top of both testing-devel and next-devel. |
| @@ -0,0 +1,5 @@ | |||
| # This file is ignored on Fedora 31. | |||
There was a problem hiding this comment.
Ahh right, makes sense. I think we can drop these headers. We're moving off of f31 soon-ish anyway. :)
This is fine too, but we'll probably want to drop it at some point after we move into f32.
There was a problem hiding this comment.
Agreed that we'll want to drop eventually. I'd like to leave the headers for now, to avoid confusing users.
F31 and higher already default to PermitRootLogin prohibit-password.
Fedora 32 supports sshd_config.d. Use it. This allows users to easily re-enable password authentication if desired. We still need to disable the default AuthorizedKeysFile directive, since the Include directive appears after it in sshd_config. On Fedora 31, the sshd_config.d fragments will be ignored, so continue to edit sshd_config there.
|
Updated! |
Fedora 32 supports
sshd_config.d. Use it. This allows users to easily re-enable password authentication if desired.We still need to disable the default
AuthorizedKeysFiledirective, since theIncludedirective appears after it insshd_config.On Fedora 31, the
sshd_config.dfragments will be ignored, so continue to editsshd_configthere.