diff options
Diffstat (limited to 'freeipa.spec.in')
-rw-r--r-- | freeipa.spec.in | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index 135e9c980..a9f976d6a 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -1007,17 +1007,21 @@ if [ -f '/etc/ssh/sshd_config' -a $restore -ge 2 ]; then /^(AuthorizedKeysCommand(User|RunAs)|PubKeyAgentRunAs)[ \t]/ d ' /etc/ssh/sshd_config >/etc/ssh/sshd_config.ipanew - if /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandUser=nobody'; then + # Prevent complaints about missing host keys by using the configured ones + tmp_config=$(mktemp sshd_config.XXXXXX) + sed -n '/^HostKey[ \t]/ p' /etc/ssh/sshd_config > $tmp_config + + if /usr/sbin/sshd -t -f $tmp_config -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandUser=nobody'; then sed -ri ' s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/ s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandUser nobody/ ' /etc/ssh/sshd_config.ipanew - elif /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandRunAs=nobody'; then + elif /usr/sbin/sshd -t -f $tmp_config -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandRunAs=nobody'; then sed -ri ' s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/ s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandRunAs nobody/ ' /etc/ssh/sshd_config.ipanew - elif /usr/sbin/sshd -t -f /dev/null -o 'PubKeyAgent=/usr/bin/sss_ssh_authorizedkeys %u' -o 'PubKeyAgentRunAs=nobody'; then + elif /usr/sbin/sshd -t -f $tmp_config -o 'PubKeyAgent=/usr/bin/sss_ssh_authorizedkeys %u' -o 'PubKeyAgentRunAs=nobody'; then sed -ri ' s/^AuthorizedKeysCommand (.+)$/PubKeyAgent \1 %u/ s/^PubKeyAgent .*$/\0\nPubKeyAgentRunAs nobody/ |