Commit - rpms/openssh - 08d842d5e8cb0edc7fe17c1f96b74f3b503733e3

    Use a service unit to strip ssh_keys group from host keys (rhbz#2172956)
    
    Use a systemd service unit to strip the ssh_keys group and change the
    mode for host keys. This ensure that this migration is done right before
    the openssh server startup on all kind of systems, either RPM or
    rpm-ostree based.
    
    Use a marker file to only do this once. We need to keep this service
    unit for two Fedora releases so we will be able to remove it in Fedora
    40.
    
    See: https://fedoraproject.org/wiki/Changes/SSHKeySignSuidBit
    Fixes: 7a21555 Get rid of ssh_keys group for new installations
    Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2172956
    
    Co-authored-by: Timothée Ravier <tim@siosm.fr>

Fedora CI - scratch build
success

Package tests for 08d842d5: passed
a year ago
Fedora CI - dist-git test
success

Package tests for 08d842d5: passed
a year ago
Zuul
success

Jobs result is success
a year ago
Build completed
success

Built as openssh-9.0p1-11.fc39.1
a year ago
Build completed
success

Built as openssh-9.0p1-11.eln126.1
a year ago

openssh.spec

file modified

+21 -6

ssh-host-keys-migration.service

file added

+15

ssh-host-keys-migration.sh

file added

+38

rpms / openssh

Source Code

08d842d Use a service unit to strip ssh_keys group from host keys (rhbz#2172956)

Authored and Committed by dustymabe a year ago

`08d842d` Use a service unit to strip ssh_keys group from host keys (rhbz#2172956)