diff mbox series

OpenSSH: do not ship ssh-keysign anymore

Message ID cdbc59f1-e0d3-3bf6-400e-04fc8fd8ca48@ipfire.org
State Accepted
Commit 7bb9bbb7327497c9599abf50d7732ca4602fa429
Headers
Series OpenSSH: do not ship ssh-keysign anymore |

Commit Message

Peter Müller May 16, 2021, 8:48 p.m. UTC 
  To my surprise, this binary comes with suid flag set, and since we do
not have SSH key signing enabled, there is no need to ship it with
IPFire.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 config/rootfiles/common/openssh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Adolf Belka May 17, 2021, 10:58 a.m. UTC | #1 
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>

On 16/05/2021 22:48, Peter Müller wrote:
> To my surprise, this binary comes with suid flag set, and since we do
> not have SSH key signing enabled, there is no need to ship it with
> IPFire.
>
> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
> ---
>   config/rootfiles/common/openssh | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh
> index f2f8ea6c5..c3666d914 100644
> --- a/config/rootfiles/common/openssh
> +++ b/config/rootfiles/common/openssh
> @@ -19,7 +19,7 @@ usr/bin/ssh-keygen
>   usr/bin/ssh-keyscan
>   #usr/lib/openssh
>   usr/lib/openssh/sftp-server
> -usr/lib/openssh/ssh-keysign
> +#usr/lib/openssh/ssh-keysign
>   usr/lib/openssh/ssh-pkcs11-helper
>   usr/lib/openssh/ssh-sk-helper
>   usr/sbin/sshd
diff mbox series

Patch

diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh
index f2f8ea6c5..c3666d914 100644
--- a/config/rootfiles/common/openssh
+++ b/config/rootfiles/common/openssh
@@ -19,7 +19,7 @@  usr/bin/ssh-keygen
 usr/bin/ssh-keyscan
 #usr/lib/openssh
 usr/lib/openssh/sftp-server
-usr/lib/openssh/ssh-keysign
+#usr/lib/openssh/ssh-keysign
 usr/lib/openssh/ssh-pkcs11-helper
 usr/lib/openssh/ssh-sk-helper
 usr/sbin/sshd