[Freeipa-devel] [PATCH] 130 Drop support for OpenSSH versions before 6.2
Rob Crittenden
rcritten at redhat.com
Fri Apr 19 17:39:08 UTC 2013
Jan Cholasta wrote:
> Hi,
>
> this patch fixes <https://fedorahosted.org/freeipa/ticket/3571>.
>
> OpenSSH 6.2 brings upstream support for AuthorizedKeysCommand,
> which is required for OpenSSH integration. Until now, we relied on
> downstream
> patches and enabled parts of OpenSSH integration conditionally.
>
> This patch includes a scriptlet which updates sshd_config on
> freeipa-client RPM update. Please note that the scriptlet will work only
> if IPA client was set up before openssh-server package was updated to
> 6.2p1. This is because unpatched ipa-client-install does not configure
> sshd_config when openssh-server 6.2p1 is already installed (see
> https://bugzilla.redhat.com/show_bug.cgi?id=953617). Specifically, it
> will not work for IPA installs done on recently updated Fedora 19.
>
> Also, this does not fix SSH integration not working on Fedora 18, as
> that is caused by backward incompatiblity in openssh-server-6.1p1-6 and
> later (see https://bugzilla.redhat.com/show_bug.cgi?id=953534).
This seems to work ok. Do we want to do this upgrade as an rpm scriptlet
or is it better to handle this in ipa-upgradeconfig (it might be easier
to maintain there)?
In any case, a condrestart of sssd is required to have it pick up the
new config.
Do you know if F-18 will get 6.2? Do we need to consider backporting
this to 3.1?
rob
More information about the Freeipa-devel
mailing list