|
1 # |
|
2 # Originally we planned to only deprecate client config (ssh_config) options |
|
3 # and leave it up to system administrators to remove all SunSSH specific |
|
4 # server config (sshd_config) options. In internal testing we have discovered, |
|
5 # that this would bring too much trouble to the said administrators. |
|
6 # The probability of these options appearing in existing sshd_config files |
|
7 # is higher than initially though, because some of the options have been in |
|
8 # default sshd_config file for very long time. Also the consequence of |
|
9 # unknown server option is harsh - ssh service goes to maintenance mode |
|
10 # possible rendering the instance not accessible. For this reason we will |
|
11 # deprecate SunSSH specific sshd_config options too. |
|
12 # |
|
13 # This is a Solaris specific change to ease the transition and will not be |
|
14 # offered upstream. |
|
15 # |
|
16 diff -ur old/servconf.c new/servconf.c |
|
17 --- old/servconf.c 2014-10-29 07:27:34.549410967 -0700 |
|
18 +++ new/servconf.c 2014-10-29 07:27:58.775996557 -0700 |
|
19 @@ -516,6 +516,28 @@ |
|
20 { "pamserviceprefix", sPAMServicePrefix, SSHCFG_GLOBAL }, |
|
21 { "pamservicename", sPAMServiceName, SSHCFG_GLOBAL }, |
|
22 #endif |
|
23 +#ifdef DEPRECATE_SUNSSH_OPT |
|
24 + /* |
|
25 + * On Solaris, to make the transition from SunSSH to OpenSSH as smooth |
|
26 + * as possible, we will deprecate SunSSH-only options in OpenSSH. |
|
27 + * Therefore on a system having one of the following options in |
|
28 + * /etc/ssh/sshd_config, change to OpenSSH will not result in service |
|
29 + * network/ssh going to maintenance. Instead, a warning will be printed |
|
30 + * to /var/svc/log/network-ssh:default.log. Note that |
|
31 + * this is an interim enhancement to OpenSSH to make the transition |
|
32 + * smoother. If a deprecated SunSSH-only option is migrated to OpenSSH |
|
33 + * later, then it will be changed from deprecated to supported. |
|
34 + */ |
|
35 + { "maxauthtrieslog", sDeprecated, SSHCFG_GLOBAL }, |
|
36 + { "lookupclienthostnames", sDeprecated, SSHCFG_GLOBAL }, |
|
37 + { "useopensslengine", sDeprecated, SSHCFG_GLOBAL }, |
|
38 + { "preuserauthhook", sDeprecated, SSHCFG_ALL}, |
|
39 + { "kmfpolicydatabase", sDeprecated, SSHCFG_GLOBAL }, |
|
40 + { "kmfpolicyname", sDeprecated, SSHCFG_GLOBAL }, |
|
41 + { "trustedanchorkeystore", sDeprecated, SSHCFG_GLOBAL }, |
|
42 + { "useunsupportedsshv1", sDeprecated, SSHCFG_GLOBAL }, |
|
43 + { "usefips140", sDeprecated, SSHCFG_ALL}, |
|
44 +#endif |
|
45 { NULL, sBadOption, 0 } |
|
46 }; |
|
47 |