From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
Received: from mail.pqgruber.com ([178.189.19.235])
 by metis.ext.pengutronix.de with esmtps
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80)
 (envelope-from <clemens.gruber@pqgruber.com>) id 1ZGBj8-00066M-Ab
 for ptxdist@pengutronix.de; Fri, 17 Jul 2015 21:55:22 +0200
From: Clemens Gruber <clemens.gruber@pqgruber.com>
Date: Fri, 17 Jul 2015 23:54:51 +0200
Message-Id: <1437170091-7429-1-git-send-email-clemens.gruber@pqgruber.com>
Subject: [ptxdist] [PATCH] openssh: improve rc.once.d script and harden
	sshd_config
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/pipermail/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: ptxdist-bounces@pengutronix.de
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
To: ptxdist@pengutronix.de
Cc: Clemens Gruber <clemens.gruber@pqgruber.com>

U1NIMSBjb25maWcgb3B0aW9ucyB3ZXJlIHJlbW92ZWQgYW5kIGEgdmFyaWV0eSBvZiBtb3JlIHNl
Y3VyZSBkZWZhdWx0cwpjaG9zZW4sIGluc3BpcmVkIGJ5IHRoZSBEZWJpYW4gcHJlaW5pdCBzY3Jp
cHQgYW5kIHRoZWlyIHNzaGRfY29uZmlnLgpVc2VycyBjYW4gbm93IGFkZCBvdGhlciBIb3N0S2V5
cyB0byB0aGUgc3NoZF9jb25maWcgYW5kIHRoZSBvcGVuc3NoCnJjLm9uY2UuZCBzY3JpcHQgd2ls
bCBhdXRvbWF0aWNhbGx5IGdlbmVyYXRlIHRoZSBuZWNlc3Nhcnkga2V5cy4KSSBhbHNvIGFkZGVk
IGFuIG9wdGlvbiB0byBzaG93IHRoZSByYW5kb21hcnQgcmVwcmVzZW50YXRpb24gb2YgdGhlIGtl
eQp0byB0aGUgdXNlci4KCkluIHRoZSBzc2hkX2NvbmZpZywgYWxsIFNTSDEgcmVsYXRlZCBzZXR0
aW5ncyB3ZXJlIHJlbW92ZWQgYW5kIHNvbWUKaW1wb3J0YW50IG9wdGlvbnMgd2VyZSBleHBsaWNp
dGx5IGVuYWJsZWQuClRDUEtlZXBBbGl2ZSB3YXMgZGlzYWJsZWQgYXMgaXQgaXMgZWFzaWx5IHNw
b29mYWJsZSBhbmQgYSBiZXR0ZXIKYWx0ZXJuYXRpdmUgZG9lcyBleGlzdCAoQ2xpZW50QWxpdmVJ
bnRlcnZhbCkuClRoZSBzYW5kYm94IG1lY2hhbmlzbSAodXNpbmcgc2VjY29tcCkgaXMgdXNlZCwg
aWYgYXZhaWxhYmxlLgoKU2lnbmVkLW9mZi1ieTogQ2xlbWVucyBHcnViZXIgPGNsZW1lbnMuZ3J1
YmVyQHBxZ3J1YmVyLmNvbT4KLS0tCiBwcm9qZWN0cm9vdC9ldGMvcmMub25jZS5kL29wZW5zc2gg
fCA2OSArKysrKysrKysrKysrKysrKysrKysrLS0tLS0tLS0tLS0tCiBwcm9qZWN0cm9vdC9ldGMv
c3NoL3NzaGRfY29uZmlnICAgfCA3OSArKysrKysrKysrKysrKy0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0KIDIgZmlsZXMgY2hhbmdlZCwgNzQgaW5zZXJ0aW9ucygrKSwgNzQgZGVsZXRpb25zKC0p
CgpkaWZmIC0tZ2l0IGEvcHJvamVjdHJvb3QvZXRjL3JjLm9uY2UuZC9vcGVuc3NoIGIvcHJvamVj
dHJvb3QvZXRjL3JjLm9uY2UuZC9vcGVuc3NoCmluZGV4IDgzZTZlMzcuLmRmNWY2NjcgMTAwNjQ0
Ci0tLSBhL3Byb2plY3Ryb290L2V0Yy9yYy5vbmNlLmQvb3BlbnNzaAorKysgYi9wcm9qZWN0cm9v
dC9ldGMvcmMub25jZS5kL29wZW5zc2gKQEAgLTIsMzIgKzIsNTUgQEAKIAogUEFUSD0vdXNyL2xv
Y2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3NiaW46L2JpbjovdXNyL3NiaW46L3Vzci9iaW4KIAot
T1BFTlNTSF9SU0FLRVlfREVGQVVMVD0iL2V0Yy9zc2gvc3NoX2hvc3RfcnNhX2tleSIKLU9QRU5T
U0hfRFNBS0VZX0RFRkFVTFQ9Ii9ldGMvc3NoL3NzaF9ob3N0X2RzYV9rZXkiCi0KLXRlc3QgLW4g
IiRPUEVOU1NIX1JTQUtFWSIgfHwgXAotCU9QRU5TU0hfUlNBS0VZPSRPUEVOU1NIX1JTQUtFWV9E
RUZBVUxUCi10ZXN0IC1uICIkT1BFTlNTSF9EU0FLRVkiIHx8IFwKLQlPUEVOU1NIX0RTQUtFWT0k
T1BFTlNTSF9EU0FLRVlfREVGQVVMVAotCi1nZW5fa2V5KCkgewotCi0Ja2V5X3R5cGU9JDEKLQlr
ZXlfZmlsZT0kMgotCi0Jcm0gLWYgJGtleV9maWxlID4gL2Rldi9udWxsIDI+JjEKLQotCWVjaG8g
LW4gImdlbmVyYXRpbmcgJGtleV90eXBlIGtleS4uLiIKLQlzc2gta2V5Z2VuIC10ICRrZXlfdHlw
ZSAtZiAka2V5X2ZpbGUgLU4gIiIgPiAvZGV2L251bGwgMj4mMQorZ2V0X2hvc3RrZXlzKCkgewor
CVsgLWYgL2V0Yy9zc2gvc3NoZF9jb25maWcgXSB8fCByZXR1cm4KKwlncmVwICJeSG9zdEtleSIg
L2V0Yy9zc2gvc3NoZF9jb25maWcgfCBzZWQgInMvXkhvc3RLZXkgLy9nIgorfQogCi0JaWYgWyAi
JD8iID0gIjAiIF07IHRoZW4KLQkJZWNobyAiZG9uZSIKK2hvc3Rfa2V5c19yZXF1aXJlZCgpIHsK
Kwlob3N0a2V5cz0iJChnZXRfaG9zdGtleXMpIgorCWlmIFsgIiRob3N0a2V5cyIgXTsgdGhlbgor
CQllY2hvICIkaG9zdGtleXMiCiAJZWxzZQotCQllY2hvICJmYWlsZWQiCi0JCWV4aXQgMQorCQkj
IE5vIEhvc3RLZXkgZGlyZWN0aXZlcyBmb3VuZCwgc28gd2UgcGljayBzb21lIGRlZmF1bHRzCisJ
CWVjaG8gL2V0Yy9zc2gvc3NoX2hvc3RfZWQyNTUxOV9rZXkKKwkJZWNobyAvZXRjL3NzaC9zc2hf
aG9zdF9yc2Ffa2V5CiAJZmkKIH0KIAotZ2VuX2tleSByc2EgIiRPUEVOU1NIX1JTQUtFWSIKLWdl
bl9rZXkgZHNhICIkT1BFTlNTSF9EU0FLRVkiCitjcmVhdGVfa2V5KCkgeworCW1zZz0iJDEiCisJ
c2hpZnQKKwlob3N0a2V5cz0iJDEiCisJc2hpZnQKKwlmaWxlPSIkMSIKKwlzaGlmdAorCisJaWYg
ZWNobyAiJGhvc3RrZXlzIiB8IGdyZXAgLXggIiRmaWxlIiA+L2Rldi9udWxsICYmIFwKKwkgICBb
ICEgLWYgIiRmaWxlIiBdIDsgdGhlbgorCQllY2hvIC1uICRtc2cKKwkJcm0gLWYgJGZpbGUgPiAv
ZGV2L251bGwgMj4mMQorCQlzc2gta2V5Z2VuIC1xIC1mICIkZmlsZSIgLU4gJycgIiRAIgorCQll
Y2hvCisJCWlmIHdoaWNoIHJlc3RvcmVjb24gPi9kZXYvbnVsbCAyPiYxOyB0aGVuCisJCQlyZXN0
b3JlY29uICIkZmlsZSIgIiRmaWxlLnB1YiIKKwkJZmkKKwkJc3NoLWtleWdlbiAtbHYgLWYgIiRm
aWxlLnB1YiIKKwlmaQorfQorCitjcmVhdGVfa2V5cygpIHsKKwlob3N0a2V5cz0iJChob3N0X2tl
eXNfcmVxdWlyZWQpIgorCisJY3JlYXRlX2tleSAiQ3JlYXRpbmcgRFNBIGtleTsgdGhpcyBtYXkg
dGFrZSBzb21lIHRpbWUgLi4uIiBcCisJCSIkaG9zdGtleXMiIC9ldGMvc3NoL3NzaF9ob3N0X2Rz
YV9rZXkgLXQgZHNhCisJY3JlYXRlX2tleSAiQ3JlYXRpbmcgRUNEU0Ega2V5OyB0aGlzIG1heSB0
YWtlIHNvbWUgdGltZSAuLi4iIFwKKwkJIiRob3N0a2V5cyIgL2V0Yy9zc2gvc3NoX2hvc3RfZWNk
c2Ffa2V5IC10IGVjZHNhCisJY3JlYXRlX2tleSAiQ3JlYXRpbmcgRUQyNTUxOSBrZXk7IHRoaXMg
bWF5IHRha2Ugc29tZSB0aW1lIC4uLiIgXAorCQkiJGhvc3RrZXlzIiAvZXRjL3NzaC9zc2hfaG9z
dF9lZDI1NTE5X2tleSAtdCBlZDI1NTE5CisJY3JlYXRlX2tleSAiQ3JlYXRpbmcgUlNBIGtleTsg
dGhpcyBtYXkgdGFrZSBzb21lIHRpbWUgLi4uIiBcCisJCSIkaG9zdGtleXMiIC9ldGMvc3NoL3Nz
aF9ob3N0X3JzYV9rZXkgLXQgcnNhCit9CisKK2NyZWF0ZV9rZXlzCiAKZGlmZiAtLWdpdCBhL3By
b2plY3Ryb290L2V0Yy9zc2gvc3NoZF9jb25maWcgYi9wcm9qZWN0cm9vdC9ldGMvc3NoL3NzaGRf
Y29uZmlnCmluZGV4IDdjZDc4OTcuLmM2MzdhYTEgMTAwNjQ0Ci0tLSBhL3Byb2plY3Ryb290L2V0
Yy9zc2gvc3NoZF9jb25maWcKKysrIGIvcHJvamVjdHJvb3QvZXRjL3NzaC9zc2hkX2NvbmZpZwpA
QCAtMSw1MyArMSwzMCBAQAotIwkkT3BlbkJTRDogc3NoZF9jb25maWcsdiAxLjczIDIwMDUvMTIv
MDYgMjI6Mzg6MjggcmV5ayBFeHAgJAotCi0jIFRoaXMgaXMgdGhlIHNzaGQgc2VydmVyIHN5c3Rl
bS13aWRlIGNvbmZpZ3VyYXRpb24gZmlsZS4gIFNlZQotIyBzc2hkX2NvbmZpZyg1KSBmb3IgbW9y
ZSBpbmZvcm1hdGlvbi4KLQotIyBUaGlzIHNzaGQgd2FzIGNvbXBpbGVkIHdpdGggUEFUSD0vdXNy
L2JpbjovYmluOi91c3Ivc2Jpbjovc2JpbgotCi0jIFRoZSBzdHJhdGVneSB1c2VkIGZvciBvcHRp
b25zIGluIHRoZSBkZWZhdWx0IHNzaGRfY29uZmlnIHNoaXBwZWQgd2l0aAotIyBPcGVuU1NIIGlz
IHRvIHNwZWNpZnkgb3B0aW9ucyB3aXRoIHRoZWlyIGRlZmF1bHQgdmFsdWUgd2hlcmUKLSMgcG9z
c2libGUsIGJ1dCBsZWF2ZSB0aGVtIGNvbW1lbnRlZC4gIFVuY29tbWVudGVkIG9wdGlvbnMgY2hh
bmdlIGEKLSMgZGVmYXVsdCB2YWx1ZS4KKyMgT3BlblNTSCBzZXJ2ZXIgc3lzdGVtLXdpZGUgY29u
ZmlndXJhdGlvbgorIyBTZWUgdGhlIHNzaGRfY29uZmlnIG1hbnBhZ2UgZm9yIGRldGFpbHMKIAog
UG9ydCAyMgotUHJvdG9jb2wgMgotI0FkZHJlc3NGYW1pbHkgYW55Ci0jTGlzdGVuQWRkcmVzcyAw
LjAuMC4wCiAjTGlzdGVuQWRkcmVzcyA6OgorI0xpc3RlbkFkZHJlc3MgMC4wLjAuMAogCi0jIEhv
c3RLZXkgZm9yIHByb3RvY29sIHZlcnNpb24gMQotI0hvc3RLZXkgL2V0Yy9zc2gvc3NoX2hvc3Rf
a2V5Ci0jIEhvc3RLZXlzIGZvciBwcm90b2NvbCB2ZXJzaW9uIDIKKyMgSG9zdEtleXMKK0hvc3RL
ZXkgL2V0Yy9zc2gvc3NoX2hvc3RfZWQyNTUxOV9rZXkKIEhvc3RLZXkgL2V0Yy9zc2gvc3NoX2hv
c3RfcnNhX2tleQotSG9zdEtleSAvZXRjL3NzaC9zc2hfaG9zdF9kc2Ffa2V5Ci0KLSMgTGlmZXRp
bWUgYW5kIHNpemUgb2YgZXBoZW1lcmFsIHZlcnNpb24gMSBzZXJ2ZXIga2V5Ci0jS2V5UmVnZW5l
cmF0aW9uSW50ZXJ2YWwgMWgKLSNTZXJ2ZXJLZXlCaXRzIDc2OAogCiAjIExvZ2dpbmcKLSMgb2Jz
b2xldGVzIFF1aWV0TW9kZSBhbmQgRmFzY2lzdExvZ2dpbmcKICNTeXNsb2dGYWNpbGl0eSBBVVRI
CiAjTG9nTGV2ZWwgSU5GTwogCi0jIEF1dGhlbnRpY2F0aW9uOgotCi0jTG9naW5HcmFjZVRpbWUg
Mm0KKyMgQXV0aGVudGljYXRpb24KK0xvZ2luR3JhY2VUaW1lIDFtCiBQZXJtaXRSb290TG9naW4g
eWVzCi0jU3RyaWN0TW9kZXMgeWVzCi0jTWF4QXV0aFRyaWVzIDYKK1N0cmljdE1vZGVzIHllcwog
Ci0jUlNBQXV0aGVudGljYXRpb24geWVzCiAjUHVia2V5QXV0aGVudGljYXRpb24geWVzCiAjQXV0
aG9yaXplZEtleXNGaWxlCS5zc2gvYXV0aG9yaXplZF9rZXlzCiAKICMgRm9yIHRoaXMgdG8gd29y
ayB5b3Ugd2lsbCBhbHNvIG5lZWQgaG9zdCBrZXlzIGluIC9ldGMvc3NoL3NzaF9rbm93bl9ob3N0
cwotI1Job3N0c1JTQUF1dGhlbnRpY2F0aW9uIG5vCi0jIHNpbWlsYXIgZm9yIHByb3RvY29sIHZl
cnNpb24gMgogI0hvc3RiYXNlZEF1dGhlbnRpY2F0aW9uIG5vCiAjIENoYW5nZSB0byB5ZXMgaWYg
eW91IGRvbid0IHRydXN0IH4vLnNzaC9rbm93bl9ob3N0cyBmb3IKLSMgUmhvc3RzUlNBQXV0aGVu
dGljYXRpb24gYW5kIEhvc3RiYXNlZEF1dGhlbnRpY2F0aW9uCisjIEhvc3RiYXNlZEF1dGhlbnRp
Y2F0aW9uCiAjSWdub3JlVXNlcktub3duSG9zdHMgbm8KICMgRG9uJ3QgcmVhZCB0aGUgdXNlcidz
IH4vLnJob3N0cyBhbmQgfi8uc2hvc3RzIGZpbGVzCiAjSWdub3JlUmhvc3RzIHllcwpAQCAtNjMs
NyArNDAsNiBAQCBQZXJtaXRSb290TG9naW4geWVzCiAjS2VyYmVyb3NBdXRoZW50aWNhdGlvbiBu
bwogI0tlcmJlcm9zT3JMb2NhbFBhc3N3ZCB5ZXMKICNLZXJiZXJvc1RpY2tldENsZWFudXAgeWVz
Ci0jS2VyYmVyb3NHZXRBRlNUb2tlbiBubwogCiAjIEdTU0FQSSBvcHRpb25zCiAjR1NTQVBJQXV0
aGVudGljYXRpb24gbm8KQEAgLTc5LDI3ICs1NSwyOCBAQCBQZXJtaXRSb290TG9naW4geWVzCiAj
IENoYWxsZW5nZVJlc3BvbnNlQXV0aGVudGljYXRpb249bm8KICNVc2VQQU0gbm8KIAotI0FsbG93
VGNwRm9yd2FyZGluZyB5ZXMKLSNHYXRld2F5UG9ydHMgbm8KKyMgUHJpdmlsZWdlIHNlcGFyYXRp
b24gaXMgdHVybmVkIG9uIGZvciBpbmNyZWFzZWQgc2VjdXJpdHkKK1VzZVByaXZpbGVnZVNlcGFy
YXRpb24gc2FuZGJveAorCisjIENvbXByZXNzaW9uIGlzIGRlbGF5ZWQgdW50aWwgdGhlIHVzZXIg
aGFzIGF1dGhlbnRpY2F0ZWQKK0NvbXByZXNzaW9uIGRlbGF5ZWQKKworIyBUQ1BLZWVwQWxpdmUg
aXMgc3Bvb2ZhYmxlLCB1c2UgQ2xpZW50QWxpdmVJbnRlcnZhbCBpbnN0ZWFkCitUQ1BLZWVwQWxp
dmUgbm8KKyMgRGlzY29ubmVjdCBjbGllbnRzIGFmdGVyIG5vdCByZXNwb25kaW5nIG92ZXIgdGhl
IGVuY3J5cHRlZCBjaGFubmVsIGZvciAzIG1pbi4KK0NsaWVudEFsaXZlSW50ZXJ2YWwgNjAKK0Ns
aWVudEFsaXZlQ291bnRNYXggMworCiAjWDExRm9yd2FyZGluZyBubwogI1gxMURpc3BsYXlPZmZz
ZXQgMTAKLSNYMTFVc2VMb2NhbGhvc3QgeWVzCiAjUHJpbnRNb3RkIHllcwogI1ByaW50TGFzdExv
ZyB5ZXMKLSNUQ1BLZWVwQWxpdmUgeWVzCiAjVXNlTG9naW4gbm8KLSNVc2VQcml2aWxlZ2VTZXBh
cmF0aW9uIHllcwotI1Blcm1pdFVzZXJFbnZpcm9ubWVudCBubwotI0NvbXByZXNzaW9uIGRlbGF5
ZWQKLSNDbGllbnRBbGl2ZUludGVydmFsIDAKLSNDbGllbnRBbGl2ZUNvdW50TWF4IDMKLSNVc2VE
TlMgeWVzCi0jUGlkRmlsZSAvdmFyL3J1bi9zc2hkLnBpZAotI01heFN0YXJ0dXBzIDEwCi0jUGVy
bWl0VHVubmVsIG5vCi0KLSMgbm8gZGVmYXVsdCBiYW5uZXIgcGF0aAotI0Jhbm5lciAvc29tZS9w
YXRoCi0KLSMgb3ZlcnJpZGUgZGVmYXVsdCBvZiBubyBzdWJzeXN0ZW1zCisKKyNNYXhTdGFydHVw
cyAxMDozMDo2MAorI0Jhbm5lciAvZXRjL2lzc3VlCisKKyMgQWxsb3cgY2xpZW50cyB0byBwYXNz
IGxvY2FsZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMKKyNBY2NlcHRFbnYgTEFORyBMQ18qCisKIFN1
YnN5c3RlbQlzZnRwCS91c3Ivc2Jpbi9zZnRwLXNlcnZlcgotLSAKMi40LjYKCgotLSAKcHR4ZGlz
dCBtYWlsaW5nIGxpc3QKcHR4ZGlzdEBwZW5ndXRyb25peC5kZQo=