openssh: Disable privilege separation by patching
The UsePrivilegeSeparation option is no longer supported, so we need to disable privilege separation by a code patch.
This commit is contained in:
parent
b91127f39b
commit
b79434aa72
|
@ -51,7 +51,7 @@ termux_step_post_configure() {
|
||||||
|
|
||||||
termux_step_post_make_install () {
|
termux_step_post_make_install () {
|
||||||
# OpenSSH 7.0 disabled ssh-dss by default, keep it for a while in Termux:
|
# OpenSSH 7.0 disabled ssh-dss by default, keep it for a while in Termux:
|
||||||
echo -e "PasswordAuthentication no\nUsePrivilegeSeparation no\nPubkeyAcceptedKeyTypes +ssh-dss\nSubsystem sftp $TERMUX_PREFIX/libexec/sftp-server" > $TERMUX_PREFIX/etc/ssh/sshd_config
|
echo -e "PasswordAuthentication no\nPubkeyAcceptedKeyTypes +ssh-dss\nSubsystem sftp $TERMUX_PREFIX/libexec/sftp-server" > $TERMUX_PREFIX/etc/ssh/sshd_config
|
||||||
echo "PubkeyAcceptedKeyTypes +ssh-dss" > $TERMUX_PREFIX/etc/ssh/ssh_config
|
echo "PubkeyAcceptedKeyTypes +ssh-dss" > $TERMUX_PREFIX/etc/ssh/ssh_config
|
||||||
cp $TERMUX_PKG_BUILDER_DIR/source-ssh-agent.sh $TERMUX_PREFIX/bin/source-ssh-agent
|
cp $TERMUX_PKG_BUILDER_DIR/source-ssh-agent.sh $TERMUX_PREFIX/bin/source-ssh-agent
|
||||||
cp $TERMUX_PKG_BUILDER_DIR/ssh-with-agent.sh $TERMUX_PREFIX/bin/ssha
|
cp $TERMUX_PKG_BUILDER_DIR/ssh-with-agent.sh $TERMUX_PREFIX/bin/ssha
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
diff -u -r ../openssh-6.9p1/servconf.c ./servconf.c
|
diff -u -r ../openssh-7.5p1/servconf.c ./servconf.c
|
||||||
--- ../openssh-6.9p1/servconf.c 2015-06-30 22:35:31.000000000 -0400
|
--- ../openssh-7.5p1/servconf.c 2017-03-20 03:39:27.000000000 +0100
|
||||||
+++ ./servconf.c 2015-07-11 21:40:29.639988543 -0400
|
+++ ./servconf.c 2017-03-24 00:08:05.880913398 +0100
|
||||||
@@ -208,7 +208,7 @@
|
@@ -212,7 +212,7 @@
|
||||||
}
|
}
|
||||||
/* No certificates by default */
|
/* No certificates by default */
|
||||||
if (options->num_ports == 0)
|
if (options->num_ports == 0)
|
||||||
|
@ -10,7 +10,22 @@ diff -u -r ../openssh-6.9p1/servconf.c ./servconf.c
|
||||||
if (options->address_family == -1)
|
if (options->address_family == -1)
|
||||||
options->address_family = AF_UNSPEC;
|
options->address_family = AF_UNSPEC;
|
||||||
if (options->listen_addrs == NULL)
|
if (options->listen_addrs == NULL)
|
||||||
@@ -663,7 +663,7 @@
|
@@ -336,9 +336,13 @@
|
||||||
|
|
||||||
|
assemble_algorithms(options);
|
||||||
|
|
||||||
|
- /* Turn privilege separation and sandboxing on by default */
|
||||||
|
if (use_privsep == -1)
|
||||||
|
+#ifdef __ANDROID__
|
||||||
|
+ use_privsep = PRIVSEP_OFF;
|
||||||
|
+#else
|
||||||
|
+ /* Turn privilege separation and sandboxing on by default */
|
||||||
|
use_privsep = PRIVSEP_ON;
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
#define CLEAR_ON_NONE(v) \
|
||||||
|
do { \
|
||||||
|
@@ -675,7 +679,7 @@
|
||||||
u_int i;
|
u_int i;
|
||||||
|
|
||||||
if (options->num_ports == 0)
|
if (options->num_ports == 0)
|
||||||
|
|
Loading…
Reference in New Issue