FS#76493 : [openssh] add /etc/ssh/moduli to backup array

FS#76493 - [openssh] add /etc/ssh/moduli to backup array

Attached to Project: Arch Linux
Opened by John (graysky) - Wednesday, 09 November 2022, 08:40 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:14 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	Lukas Fleischer (lfleischer) David Runge (dvzrv) Levente Polyak (anthraxx) Giancarlo Razzolini (grazzolini)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	1 John (graysky) (2022-11-16)
Private	No

Details

Some users harden openssh[1]. Part of that is removing the small Diffie-Hellman entries from /etc/ssh/moduli. This is overwritten on package updates. Please add /etc/ssh/moduli to the backup array so users will be prompted to pacdiff on updates.

1. https://www.ssh-audit.com/hardening_guides.html

This task depends upon

Closed by Buggy McBugFace (bugbot)
Saturday, 25 November 2023, 20:14 GMT
Reason for closing: Moved
Additional comments about closing: https://gitlab.archlinux.org/archlinux/p ackaging/packages/openssh/issues/1

Comment by Toolybird (Toolybird) - Wednesday, 09 November 2022, 20:21 GMT

This has been knocked back at least *5 times* in the past ~~FS#45072~~ ~~FS#45515~~ ~~FS#46952~~ ~~FS#47152~~ ~~FS#58273~~ . 6th time lucky eh?

The original maintainer has now left the project, but I can understand the resistance after reading the rationale in those tickets. FWIW Fedora seem to mark it as "%config(noreplace)".

Rather than me auto-close this as another dupe, let's give current PM's an opportunity to comment.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#76493 - [openssh] add /etc/ssh/moduli to backup array

Details

Loading...