Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssh/patches/020-deprecate_sunssh_sshd_config_opts.patch
author Huie-Ying Lee <huieying.lee@oracle.com>
Tue, 28 Jul 2015 14:47:36 -0700
changeset 4709 fd98db93ff7c
parent 4503 bf30d46ab06e
child 5027 c71f34180df2
permissions -rw-r--r--
21509846 problem in UTILITY/OPENSSH 21279048 OpenSSH missing dependency on xauth 21459889 GSSAPIStoreDelegatedCredentials option should be deprecated in OpenSSH 21482420 OpenSSH default XAuthLocation should be /usr/bin/xauth on Solaris

#
# Originally we planned to only deprecate client config (ssh_config) options 
# and leave it up to system administrators to remove all SunSSH specific
# server config (sshd_config) options. In internal testing we have discovered,
# that this would bring too much trouble to the said administrators.
# The probability of these options appearing in existing sshd_config files
# is higher than initially though, because some of the options have been in
# default sshd_config file for very long time. Also the consequence of
# unknown server option is harsh - ssh service goes to maintenance mode
# possible rendering the instance not accessible. For this reason we will
# deprecate SunSSH specific sshd_config options too.
#
# This is a Solaris specific change to ease the transition and will not be
# offered upstream.
#
--- orig/servconf.c	Tue Jul 21 16:34:07 2015
+++ new/servconf.c	Tue Jul 21 17:00:39 2015
@@ -567,6 +567,29 @@
 	{ "pamserviceprefix", sPAMServicePrefix, SSHCFG_GLOBAL },
 	{ "pamservicename", sPAMServiceName, SSHCFG_GLOBAL },
 #endif
+#ifdef DEPRECATE_SUNSSH_OPT
+	/*
+	 * On Solaris, to make the transition from SunSSH to OpenSSH as smooth
+	 * as possible, we will deprecate SunSSH-only options in OpenSSH.
+	 * Therefore on a system having one of the following options in
+	 * /etc/ssh/sshd_config, change to OpenSSH will not result in service
+	 * network/ssh going to maintenance. Instead, a warning will be printed
+	 * to /var/svc/log/network-ssh:default.log. Note that
+	 * this is an interim enhancement to OpenSSH to make the transition
+	 * smoother.  If a deprecated SunSSH-only option is migrated to OpenSSH
+	 * later, then it will be changed from deprecated to supported.
+	 */
+	{ "maxauthtrieslog", sDeprecated, SSHCFG_GLOBAL },
+	{ "lookupclienthostnames", sDeprecated, SSHCFG_GLOBAL },
+	{ "useopensslengine", sDeprecated, SSHCFG_GLOBAL },
+	{ "preuserauthhook", sDeprecated, SSHCFG_ALL},
+	{ "kmfpolicydatabase", sDeprecated, SSHCFG_GLOBAL },
+	{ "kmfpolicyname", sDeprecated, SSHCFG_GLOBAL },
+	{ "trustedanchorkeystore", sDeprecated, SSHCFG_GLOBAL },
+	{ "useunsupportedsshv1", sDeprecated, SSHCFG_GLOBAL },
+	{ "usefips140", sDeprecated, SSHCFG_ALL},
+	{ "gssapistoredelegatedcredentials", sDeprecated, SSHCFG_ALL },
+#endif
 	{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
 	{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
 	{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
upstream/oracle/userland-gate