diff mbox series

[isar-cip-core] security-customizations: Fix broken sshd_config in bookworm

Message ID 20230630113458.8610-1-Sai.Sathujoda@toshiba-tsip.com (mailing list archive)
State Accepted
Headers show
Series [isar-cip-core] security-customizations: Fix broken sshd_config in bookworm | expand

Commit Message

Sai.Sathujoda@toshiba-tsip.com June 30, 2023, 11:34 a.m. UTC 
From: Sai <Sai.Sathujoda@toshiba-tsip.com>

ChallengeResponseAuthentication configuration is sshd_config is deprecated from
bookworm, so modify the configuration setting based on its availability.

Signed-off-by: Sai <Sai.Sathujoda@toshiba-tsip.com>
---
 recipes-core/security-customizations/files/postinst | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)
 mode change 100644 => 100755 recipes-core/security-customizations/files/postinst

Comments

Jan Kiszka July 3, 2023, 10:48 a.m. UTC | #1 
On 30.06.23 13:34, Sai.Sathujoda@toshiba-tsip.com wrote:
> From: Sai <Sai.Sathujoda@toshiba-tsip.com>
> 
> ChallengeResponseAuthentication configuration is sshd_config is deprecated from
> bookworm, so modify the configuration setting based on its availability.
> 
> Signed-off-by: Sai <Sai.Sathujoda@toshiba-tsip.com>
> ---
>  recipes-core/security-customizations/files/postinst | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
>  mode change 100644 => 100755 recipes-core/security-customizations/files/postinst
> 
> diff --git a/recipes-core/security-customizations/files/postinst b/recipes-core/security-customizations/files/postinst
> old mode 100644
> new mode 100755
> index d370345..4438776
> --- a/recipes-core/security-customizations/files/postinst
> +++ b/recipes-core/security-customizations/files/postinst
> @@ -82,5 +82,11 @@ if grep -c "pam_google_authenticator.so" "${SSHD_AUTH_CONFIG}";then
>  fi
>  echo "auth required pam_google_authenticator.so nullok" | tee -a "${SSHD_AUTH_CONFIG}"
>  # Enable PAM configuration for Remote Session
> -sed -i 's/ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/g' "${SSHD_CONFIG}"
> +if grep -s -q "ChallengeResponseAuthentication" "${SSHD_CONFIG}";then
> +       sed -i 's/ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/g' "${SSHD_CONFIG}"
> +fi
> +
> +if grep -s -q "KbdInteractiveAuthentication" "${SSHD_CONFIG}";then
> +       sed -i 's/KbdInteractiveAuthentication no/KbdInteractiveAuthentication yes/g' "${SSHD_CONFIG}"
> +fi
>  echo "AuthenticationMethods keyboard-interactive" | tee -a "${SSHD_CONFIG}"

Thanks, applied.

Jan
diff mbox series

Patch

diff --git a/recipes-core/security-customizations/files/postinst b/recipes-core/security-customizations/files/postinst
old mode 100644
new mode 100755
index d370345..4438776
--- a/recipes-core/security-customizations/files/postinst
+++ b/recipes-core/security-customizations/files/postinst
@@ -82,5 +82,11 @@  if grep -c "pam_google_authenticator.so" "${SSHD_AUTH_CONFIG}";then
 fi
 echo "auth required pam_google_authenticator.so nullok" | tee -a "${SSHD_AUTH_CONFIG}"
 # Enable PAM configuration for Remote Session
-sed -i 's/ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/g' "${SSHD_CONFIG}"
+if grep -s -q "ChallengeResponseAuthentication" "${SSHD_CONFIG}";then
+       sed -i 's/ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/g' "${SSHD_CONFIG}"
+fi
+
+if grep -s -q "KbdInteractiveAuthentication" "${SSHD_CONFIG}";then
+       sed -i 's/KbdInteractiveAuthentication no/KbdInteractiveAuthentication yes/g' "${SSHD_CONFIG}"
+fi
 echo "AuthenticationMethods keyboard-interactive" | tee -a "${SSHD_CONFIG}"