client install: fix broken sshd config

If ipa client was installed with openssh-server >= 8.2, the
configuration parameters for sshd were put in /etc/ssh/sshd_config
instead of in a snippet in /etc/ssh/sshd_config.d.
Upgrade to this new ipa version fixes the sshd conf by
moving the params to the snippet.

Related: https://pagure.io/freeipa/issue/8304
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Florence Blanc-Renaud 2020-06-19 10:43:56 +02:00
parent 3cf9979aec
commit 511f5194dc

View File

@ -1089,7 +1089,7 @@ fi
%endif
%triggerin client -- openssh-server
%triggerin client -- openssh-server < 8.2
# Has the client been configured?
restore=0
test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}')
@ -1125,6 +1125,26 @@ if [ -f '/etc/ssh/sshd_config' -a $restore -ge 2 ]; then
fi
%triggerin client -- openssh-server >= 8.2
# Has the client been configured?
restore=0
test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}')
if [ -f '/etc/ssh/sshd_config' -a $restore -ge 2 ]; then
# If the snippet already exists, skip
if [ ! -f '/etc/ssh/sshd_config.d/04-ipa.conf' ]; then
# Take the values from /etc/ssh/sshd_config and put them in 04-ipa.conf
grep -E '^(PubkeyAuthentication|KerberosAuthentication|GSSAPIAuthentication|UsePAM|ChallengeResponseAuthentication|AuthorizedKeysCommand|AuthorizedKeysCommandUser)' /etc/ssh/sshd_config 2>/dev/null > /etc/ssh/sshd_config.d/04-ipa.conf
# Remove the values from sshd_conf
sed -ri '
/^(PubkeyAuthentication|KerberosAuthentication|GSSAPIAuthentication|UsePAM|ChallengeResponseAuthentication|AuthorizedKeysCommand|AuthorizedKeysCommandUser)[ \t]/ d
' /etc/ssh/sshd_config
/bin/systemctl condrestart sshd.service 2>&1 || :
fi
fi
%if ! %{ONLY_CLIENT}
%files server