OpenSSH: do not ship ssh-keysign anymore
Commit Message
To my surprise, this binary comes with suid flag set, and since we do
not have SSH key signing enabled, there is no need to ship it with
IPFire.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
config/rootfiles/common/openssh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
On 16/05/2021 22:48, Peter Müller wrote:
> To my surprise, this binary comes with suid flag set, and since we do
> not have SSH key signing enabled, there is no need to ship it with
> IPFire.
>
> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
> ---
> config/rootfiles/common/openssh | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh
> index f2f8ea6c5..c3666d914 100644
> --- a/config/rootfiles/common/openssh
> +++ b/config/rootfiles/common/openssh
> @@ -19,7 +19,7 @@ usr/bin/ssh-keygen
> usr/bin/ssh-keyscan
> #usr/lib/openssh
> usr/lib/openssh/sftp-server
> -usr/lib/openssh/ssh-keysign
> +#usr/lib/openssh/ssh-keysign
> usr/lib/openssh/ssh-pkcs11-helper
> usr/lib/openssh/ssh-sk-helper
> usr/sbin/sshd
@@ -19,7 +19,7 @@ usr/bin/ssh-keygen
usr/bin/ssh-keyscan
#usr/lib/openssh
usr/lib/openssh/sftp-server
-usr/lib/openssh/ssh-keysign
+#usr/lib/openssh/ssh-keysign
usr/lib/openssh/ssh-pkcs11-helper
usr/lib/openssh/ssh-sk-helper
usr/sbin/sshd