From b4dd976c20b5556e2f6d87bd9f7c8834b1204a8c Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Fri, 23 Oct 2015 19:49:17 +0200 Subject: [PATCH 1/2] core94: add system menu to update. Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/94/filelists/files | 1 + 1 file changed, 1 insertion(+) diff --git a/config/rootfiles/core/94/filelists/files b/config/rootfiles/core/94/filelists/files index e63a611fc..9ef227bb6 100644 --- a/config/rootfiles/core/94/filelists/files +++ b/config/rootfiles/core/94/filelists/files @@ -22,5 +22,6 @@ srv/web/ipfire/cgi-bin/vpnmain.cgi srv/web/ipfire/cgi-bin/wakeonlan.cgi srv/web/ipfire/cgi-bin/wireless.cgi var/ipfire/langs +var/ipfire/menu.d/10-system.menu var/ipfire/menu.d/40-services.menu var/ipfire/network-functions.pl From 3a6784c065ca6513444f81d073874ff8118c6380 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sat, 24 Oct 2015 12:07:29 +0200 Subject: [PATCH 2/2] ssh: preferre ecdsa cipher again. Previous we had not configured it so the ssh default order was used. Now we define it to disable dsa so we had to give the correct order but in the example cfg rsa is prefered. Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/94/update.sh | 7 ++++--- lfs/openssh | 7 ++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/config/rootfiles/core/94/update.sh b/config/rootfiles/core/94/update.sh index a9c24a5f8..99aa04659 100644 --- a/config/rootfiles/core/94/update.sh +++ b/config/rootfiles/core/94/update.sh @@ -48,9 +48,10 @@ telinit u # Update SSH configuration sed -i /etc/ssh/sshd_config \ -e 's/^#PermitRootLogin yes$/PermitRootLogin yes/' \ - -e 's|^#\?HostKey /etc/ssh/ssh_host_rsa_key$|HostKey /etc/ssh/ssh_host_rsa_key|' \ - -e 's|^#\?HostKey /etc/ssh/ssh_host_ecdsa_key$|HostKey /etc/ssh/ssh_host_ecdsa_key|' \ - -e 's|^#\?HostKey /etc/ssh/ssh_host_ed25519_key$|HostKey /etc/ssh/ssh_host_ed25519_key|' \ + -e 's|^#\?HostKey /etc/ssh/ssh_host_dsa_key$||' \ + -e 's|^#\?HostKey /etc/ssh/ssh_host_ecdsa_key$||' \ + -e 's|^#\?HostKey /etc/ssh/ssh_host_ed25519_key$||' \ + -e 's|^#\?HostKey /etc/ssh/ssh_host_rsa_key$|HostKey /etc/ssh/ssh_host_ecdsa_key\nHostKey /etc/ssh/ssh_host_ed25519_key\nHostKey /etc/ssh/ssh_host_rsa_key|' \ # Move away old and unsupported keys mv -f /etc/ssh/ssh_host_dsa_key{,.old} diff --git a/lfs/openssh b/lfs/openssh index 1178d6ff0..0bba1ecd9 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -91,9 +91,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) -e 's/^#\?LogLevel INFO .*$$/LogLevel INFO/' \ -e 's/^#\?AllowTcpForwarding .*$$/AllowTcpForwarding no/' \ -e 's/^#\?PermitRootLogin .*$$/PermitRootLogin yes/' \ - -e 's|^#\?HostKey /etc/ssh/ssh_host_rsa_key$$|HostKey /etc/ssh/ssh_host_rsa_key|' \ - -e 's|^#\?HostKey /etc/ssh/ssh_host_ecdsa_key$$|HostKey /etc/ssh/ssh_host_ecdsa_key|' \ - -e 's|^#\?HostKey /etc/ssh/ssh_host_ed25519_key$$|HostKey /etc/ssh/ssh_host_ed25519_key|' \ + -e 's|^#\?HostKey /etc/ssh/ssh_host_dsa_key$$||' \ + -e 's|^#\?HostKey /etc/ssh/ssh_host_ecdsa_key$$||' \ + -e 's|^#\?HostKey /etc/ssh/ssh_host_ed25519_key$$||' \ + -e 's|^#\?HostKey /etc/ssh/ssh_host_rsa_key$$|HostKey /etc/ssh/ssh_host_ecdsa_key\nHostKey /etc/ssh/ssh_host_ed25519_key\nHostKey /etc/ssh/ssh_host_rsa_key|' \ /etc/ssh/sshd_config @rm -rf $(DIR_APP) @$(POSTBUILD)