From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
From: Clemens Gruber <clemens.gruber@pqgruber.com>
Date: Fri,  7 Aug 2015 13:12:08 +0200
Message-Id: <1438945928-10439-1-git-send-email-clemens.gruber@pqgruber.com>
Subject: [ptxdist] [PATCH v2] openssh: improve rc.once.d script and harden
	sshd_config
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/pipermail/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: ptxdist-bounces@pengutronix.de
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
To: ptxdist@pengutronix.de
Cc: Michael Olbrich <m.olbrich@pengutronix.de>, Clemens Gruber <clemens.gruber@pqgruber.com>

U1NIMSBjb25maWcgb3B0aW9ucyB3ZXJlIHJlbW92ZWQgYW5kIGEgdmFyaWV0eSBvZiBtb3JlIHNl
Y3VyZSBkZWZhdWx0cwpjaG9zZW4sIGluc3BpcmVkIGJ5IHRoZSBEZWJpYW4gcHJlaW5pdCBzY3Jp
cHQgYW5kIHRoZWlyIHNzaGRfY29uZmlnLgpVc2VycyBjYW4gbm93IGFkZCBvdGhlciBIb3N0S2V5
cyB0byB0aGUgc3NoZF9jb25maWcgYW5kIHRoZSBvcGVuc3NoCnJjLm9uY2UuZCBzY3JpcHQgd2ls
bCBhdXRvbWF0aWNhbGx5IGdlbmVyYXRlIHRoZSBuZWNlc3Nhcnkga2V5cy4KCkluIHRoZSBzc2hk
X2NvbmZpZywgYWxsIFNTSDEgcmVsYXRlZCBzZXR0aW5ncyB3ZXJlIHJlbW92ZWQgYW5kIHNvbWUK
aW1wb3J0YW50IG9wdGlvbnMgd2VyZSBleHBsaWNpdGx5IGVuYWJsZWQuClRDUEtlZXBBbGl2ZSB3
YXMgZGlzYWJsZWQgYXMgaXQgaXMgZWFzaWx5IHNwb29mYWJsZSBhbmQgYSBiZXR0ZXIKYWx0ZXJu
YXRpdmUgZG9lcyBleGlzdCAoQ2xpZW50QWxpdmVJbnRlcnZhbCkuClRoZSBzYW5kYm94IG1lY2hh
bmlzbSwgcmVseWluZyBvbiBzZWNjb21wLCBpcyB1c2VkIGlmIGF2YWlsYWJsZS4KCkkgYWxzbyB0
b29rIHNvbWUgY29tbWVudGVkLW91dCBvcHRpb25zIGZyb20gRGViaWFuIGFzIHRoZXkgbWF5IGJl
IHVzZWZ1bApmb3IgbWFueSB1c2VycyBidXQgaXQgaXMgbm90IGFkdmlzYWJsZSB0byBlbmFibGUg
dGhlbSBpbiBnZW5lcmFsLiAoZS5nLgpBY2NlcHRFbnYpCgpTaWduZWQtb2ZmLWJ5OiBDbGVtZW5z
IEdydWJlciA8Y2xlbWVucy5ncnViZXJAcHFncnViZXIuY29tPgotLS0KCkNoYW5nZXMgaW4gdjI6
Ci0gUmViYXNlZAotIFVzZSBpbXByb3ZlZCBvcGVuc3NoIHJjLm9uY2UuZCBzY3JpcHQgZnJvbSBN
aWNoYWVsIE9sYnJpY2gKCi0tLQogcHJvamVjdHJvb3QvZXRjL3JjLm9uY2UuZC9vcGVuc3NoIHwg
NjggKysrKysrKysrKysrKysrKysrKysrLS0tLS0tLS0tLS0tCiBwcm9qZWN0cm9vdC9ldGMvc3No
L3NzaGRfY29uZmlnICAgfCA3OSArKysrKysrKysrKysrKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0KIDIgZmlsZXMgY2hhbmdlZCwgNzIgaW5zZXJ0aW9ucygrKSwgNzUgZGVsZXRpb25zKC0pCgpk
aWZmIC0tZ2l0IGEvcHJvamVjdHJvb3QvZXRjL3JjLm9uY2UuZC9vcGVuc3NoIGIvcHJvamVjdHJv
b3QvZXRjL3JjLm9uY2UuZC9vcGVuc3NoCmluZGV4IDgzZTZlMzcuLmVkZmNlNWYgMTAwNjQ0Ci0t
LSBhL3Byb2plY3Ryb290L2V0Yy9yYy5vbmNlLmQvb3BlbnNzaAorKysgYi9wcm9qZWN0cm9vdC9l
dGMvcmMub25jZS5kL29wZW5zc2gKQEAgLTEsMzMgKzEsNTMgQEAKICMhL2Jpbi9zaAogCi1QQVRI
PS91c3IvbG9jYWwvc2JpbjovdXNyL2xvY2FsL2Jpbjovc2JpbjovYmluOi91c3Ivc2JpbjovdXNy
L2JpbgorUEFUSD0vc2JpbjovYmluOi91c3Ivc2JpbjovdXNyL2JpbgogCi1PUEVOU1NIX1JTQUtF
WV9ERUZBVUxUPSIvZXRjL3NzaC9zc2hfaG9zdF9yc2Ffa2V5IgotT1BFTlNTSF9EU0FLRVlfREVG
QVVMVD0iL2V0Yy9zc2gvc3NoX2hvc3RfZHNhX2tleSIKLQotdGVzdCAtbiAiJE9QRU5TU0hfUlNB
S0VZIiB8fCBcCi0JT1BFTlNTSF9SU0FLRVk9JE9QRU5TU0hfUlNBS0VZX0RFRkFVTFQKLXRlc3Qg
LW4gIiRPUEVOU1NIX0RTQUtFWSIgfHwgXAotCU9QRU5TU0hfRFNBS0VZPSRPUEVOU1NIX0RTQUtF
WV9ERUZBVUxUCi0KLWdlbl9rZXkoKSB7Ci0KLQlrZXlfdHlwZT0kMQotCWtleV9maWxlPSQyCi0K
LQlybSAtZiAka2V5X2ZpbGUgPiAvZGV2L251bGwgMj4mMQotCi0JZWNobyAtbiAiZ2VuZXJhdGlu
ZyAka2V5X3R5cGUga2V5Li4uIgotCXNzaC1rZXlnZW4gLXQgJGtleV90eXBlIC1mICRrZXlfZmls
ZSAtTiAiIiA+IC9kZXYvbnVsbCAyPiYxCitnZXRfaG9zdGtleXMoKSB7CisJWyAtZiAvZXRjL3Nz
aC9zc2hkX2NvbmZpZyBdIHx8IHJldHVybgorCXNlZCAtbiAncy9eSG9zdEtleVsgXHRdWyBcdF0q
XCguKlwpL1wxL3AnIC9ldGMvc3NoL3NzaGRfY29uZmlnCit9CiAKLQlpZiBbICIkPyIgPSAiMCIg
XTsgdGhlbgotCQllY2hvICJkb25lIgoraG9zdF9rZXlzX3JlcXVpcmVkKCkgeworCWhvc3RrZXlz
PSIkKGdldF9ob3N0a2V5cykiCisJaWYgWyAiJGhvc3RrZXlzIiBdOyB0aGVuCisJCWVjaG8gIiRo
b3N0a2V5cyIKIAllbHNlCi0JCWVjaG8gImZhaWxlZCIKLQkJZXhpdCAxCisJCSMgTm8gSG9zdEtl
eSBkaXJlY3RpdmVzIGZvdW5kLCBzbyB3ZSBwaWNrIHNvbWUgZGVmYXVsdHMKKwkJZWNobyAvZXRj
L3NzaC9zc2hfaG9zdF9lZDI1NTE5X2tleQorCQllY2hvIC9ldGMvc3NoL3NzaF9ob3N0X3JzYV9r
ZXkKIAlmaQogfQogCi1nZW5fa2V5IHJzYSAiJE9QRU5TU0hfUlNBS0VZIgotZ2VuX2tleSBkc2Eg
IiRPUEVOU1NIX0RTQUtFWSIKK2NyZWF0ZV9rZXkoKSB7CisJbXNnPSIkMSIKKwlzaGlmdAorCWhv
c3RrZXlzPSIkMSIKKwlzaGlmdAorCWZpbGU9IiQxIgorCXNoaWZ0CisKKwlpZiBlY2hvICIkaG9z
dGtleXMiIHwgZ3JlcCAteCAiJGZpbGUiID4vZGV2L251bGw7IHRoZW4KKwkJZWNobyAiJG1zZzsg
dGhpcyBtYXkgdGFrZSBzb21lIHRpbWUgLi4uIgorCQlybSAtZiAkZmlsZSAmJgorCQlzc2gta2V5
Z2VuIC1xIC1mICIkZmlsZSIgLU4gJycgIiRAIiB8fCByZXR1cm4KKwkJZWNobyAiJG1zZzsgZG9u
ZS4iCisJZmkKK30KKworY3JlYXRlX2tleXMoKSB7CisJaG9zdGtleXM9IiQoaG9zdF9rZXlzX3Jl
cXVpcmVkKSIKKworCWNyZWF0ZV9rZXkgIkNyZWF0aW5nIERTQSBrZXkiIFwKKwkJIiRob3N0a2V5
cyIgL2V0Yy9zc2gvc3NoX2hvc3RfZHNhX2tleSAtdCBkc2EgJiYKKwljcmVhdGVfa2V5ICJDcmVh
dGluZyBFQ0RTQSBrZXkiIFwKKwkJIiRob3N0a2V5cyIgL2V0Yy9zc2gvc3NoX2hvc3RfZWNkc2Ff
a2V5IC10IGVjZHNhICYmCisJY3JlYXRlX2tleSAiQ3JlYXRpbmcgRUQyNTUxOSBrZXkiIFwKKwkJ
IiRob3N0a2V5cyIgL2V0Yy9zc2gvc3NoX2hvc3RfZWQyNTUxOV9rZXkgLXQgZWQyNTUxOSAmJgor
CWNyZWF0ZV9rZXkgIkNyZWF0aW5nIFJTQSBrZXkiIFwKKwkJIiRob3N0a2V5cyIgL2V0Yy9zc2gv
c3NoX2hvc3RfcnNhX2tleSAtdCByc2EgLWIgNDA5NgorfQogCitpZiAhIGNyZWF0ZV9rZXlzOyB0
aGVuCisJZWNobyAiR2VuZXJhdGluZyBTU0gga2V5cyBmYWlsZWQhIgorCWV4aXQgMQorZmkKZGlm
ZiAtLWdpdCBhL3Byb2plY3Ryb290L2V0Yy9zc2gvc3NoZF9jb25maWcgYi9wcm9qZWN0cm9vdC9l
dGMvc3NoL3NzaGRfY29uZmlnCmluZGV4IDdjZDc4OTcuLmM2MzdhYTEgMTAwNjQ0Ci0tLSBhL3By
b2plY3Ryb290L2V0Yy9zc2gvc3NoZF9jb25maWcKKysrIGIvcHJvamVjdHJvb3QvZXRjL3NzaC9z
c2hkX2NvbmZpZwpAQCAtMSw1MyArMSwzMCBAQAotIwkkT3BlbkJTRDogc3NoZF9jb25maWcsdiAx
LjczIDIwMDUvMTIvMDYgMjI6Mzg6MjggcmV5ayBFeHAgJAotCi0jIFRoaXMgaXMgdGhlIHNzaGQg
c2VydmVyIHN5c3RlbS13aWRlIGNvbmZpZ3VyYXRpb24gZmlsZS4gIFNlZQotIyBzc2hkX2NvbmZp
Zyg1KSBmb3IgbW9yZSBpbmZvcm1hdGlvbi4KLQotIyBUaGlzIHNzaGQgd2FzIGNvbXBpbGVkIHdp
dGggUEFUSD0vdXNyL2JpbjovYmluOi91c3Ivc2Jpbjovc2JpbgotCi0jIFRoZSBzdHJhdGVneSB1
c2VkIGZvciBvcHRpb25zIGluIHRoZSBkZWZhdWx0IHNzaGRfY29uZmlnIHNoaXBwZWQgd2l0aAot
IyBPcGVuU1NIIGlzIHRvIHNwZWNpZnkgb3B0aW9ucyB3aXRoIHRoZWlyIGRlZmF1bHQgdmFsdWUg
d2hlcmUKLSMgcG9zc2libGUsIGJ1dCBsZWF2ZSB0aGVtIGNvbW1lbnRlZC4gIFVuY29tbWVudGVk
IG9wdGlvbnMgY2hhbmdlIGEKLSMgZGVmYXVsdCB2YWx1ZS4KKyMgT3BlblNTSCBzZXJ2ZXIgc3lz
dGVtLXdpZGUgY29uZmlndXJhdGlvbgorIyBTZWUgdGhlIHNzaGRfY29uZmlnIG1hbnBhZ2UgZm9y
IGRldGFpbHMKIAogUG9ydCAyMgotUHJvdG9jb2wgMgotI0FkZHJlc3NGYW1pbHkgYW55Ci0jTGlz
dGVuQWRkcmVzcyAwLjAuMC4wCiAjTGlzdGVuQWRkcmVzcyA6OgorI0xpc3RlbkFkZHJlc3MgMC4w
LjAuMAogCi0jIEhvc3RLZXkgZm9yIHByb3RvY29sIHZlcnNpb24gMQotI0hvc3RLZXkgL2V0Yy9z
c2gvc3NoX2hvc3Rfa2V5Ci0jIEhvc3RLZXlzIGZvciBwcm90b2NvbCB2ZXJzaW9uIDIKKyMgSG9z
dEtleXMKK0hvc3RLZXkgL2V0Yy9zc2gvc3NoX2hvc3RfZWQyNTUxOV9rZXkKIEhvc3RLZXkgL2V0
Yy9zc2gvc3NoX2hvc3RfcnNhX2tleQotSG9zdEtleSAvZXRjL3NzaC9zc2hfaG9zdF9kc2Ffa2V5
Ci0KLSMgTGlmZXRpbWUgYW5kIHNpemUgb2YgZXBoZW1lcmFsIHZlcnNpb24gMSBzZXJ2ZXIga2V5
Ci0jS2V5UmVnZW5lcmF0aW9uSW50ZXJ2YWwgMWgKLSNTZXJ2ZXJLZXlCaXRzIDc2OAogCiAjIExv
Z2dpbmcKLSMgb2Jzb2xldGVzIFF1aWV0TW9kZSBhbmQgRmFzY2lzdExvZ2dpbmcKICNTeXNsb2dG
YWNpbGl0eSBBVVRICiAjTG9nTGV2ZWwgSU5GTwogCi0jIEF1dGhlbnRpY2F0aW9uOgotCi0jTG9n
aW5HcmFjZVRpbWUgMm0KKyMgQXV0aGVudGljYXRpb24KK0xvZ2luR3JhY2VUaW1lIDFtCiBQZXJt
aXRSb290TG9naW4geWVzCi0jU3RyaWN0TW9kZXMgeWVzCi0jTWF4QXV0aFRyaWVzIDYKK1N0cmlj
dE1vZGVzIHllcwogCi0jUlNBQXV0aGVudGljYXRpb24geWVzCiAjUHVia2V5QXV0aGVudGljYXRp
b24geWVzCiAjQXV0aG9yaXplZEtleXNGaWxlCS5zc2gvYXV0aG9yaXplZF9rZXlzCiAKICMgRm9y
IHRoaXMgdG8gd29yayB5b3Ugd2lsbCBhbHNvIG5lZWQgaG9zdCBrZXlzIGluIC9ldGMvc3NoL3Nz
aF9rbm93bl9ob3N0cwotI1Job3N0c1JTQUF1dGhlbnRpY2F0aW9uIG5vCi0jIHNpbWlsYXIgZm9y
IHByb3RvY29sIHZlcnNpb24gMgogI0hvc3RiYXNlZEF1dGhlbnRpY2F0aW9uIG5vCiAjIENoYW5n
ZSB0byB5ZXMgaWYgeW91IGRvbid0IHRydXN0IH4vLnNzaC9rbm93bl9ob3N0cyBmb3IKLSMgUmhv
c3RzUlNBQXV0aGVudGljYXRpb24gYW5kIEhvc3RiYXNlZEF1dGhlbnRpY2F0aW9uCisjIEhvc3Ri
YXNlZEF1dGhlbnRpY2F0aW9uCiAjSWdub3JlVXNlcktub3duSG9zdHMgbm8KICMgRG9uJ3QgcmVh
ZCB0aGUgdXNlcidzIH4vLnJob3N0cyBhbmQgfi8uc2hvc3RzIGZpbGVzCiAjSWdub3JlUmhvc3Rz
IHllcwpAQCAtNjMsNyArNDAsNiBAQCBQZXJtaXRSb290TG9naW4geWVzCiAjS2VyYmVyb3NBdXRo
ZW50aWNhdGlvbiBubwogI0tlcmJlcm9zT3JMb2NhbFBhc3N3ZCB5ZXMKICNLZXJiZXJvc1RpY2tl
dENsZWFudXAgeWVzCi0jS2VyYmVyb3NHZXRBRlNUb2tlbiBubwogCiAjIEdTU0FQSSBvcHRpb25z
CiAjR1NTQVBJQXV0aGVudGljYXRpb24gbm8KQEAgLTc5LDI3ICs1NSwyOCBAQCBQZXJtaXRSb290
TG9naW4geWVzCiAjIENoYWxsZW5nZVJlc3BvbnNlQXV0aGVudGljYXRpb249bm8KICNVc2VQQU0g
bm8KIAotI0FsbG93VGNwRm9yd2FyZGluZyB5ZXMKLSNHYXRld2F5UG9ydHMgbm8KKyMgUHJpdmls
ZWdlIHNlcGFyYXRpb24gaXMgdHVybmVkIG9uIGZvciBpbmNyZWFzZWQgc2VjdXJpdHkKK1VzZVBy
aXZpbGVnZVNlcGFyYXRpb24gc2FuZGJveAorCisjIENvbXByZXNzaW9uIGlzIGRlbGF5ZWQgdW50
aWwgdGhlIHVzZXIgaGFzIGF1dGhlbnRpY2F0ZWQKK0NvbXByZXNzaW9uIGRlbGF5ZWQKKworIyBU
Q1BLZWVwQWxpdmUgaXMgc3Bvb2ZhYmxlLCB1c2UgQ2xpZW50QWxpdmVJbnRlcnZhbCBpbnN0ZWFk
CitUQ1BLZWVwQWxpdmUgbm8KKyMgRGlzY29ubmVjdCBjbGllbnRzIGFmdGVyIG5vdCByZXNwb25k
aW5nIG92ZXIgdGhlIGVuY3J5cHRlZCBjaGFubmVsIGZvciAzIG1pbi4KK0NsaWVudEFsaXZlSW50
ZXJ2YWwgNjAKK0NsaWVudEFsaXZlQ291bnRNYXggMworCiAjWDExRm9yd2FyZGluZyBubwogI1gx
MURpc3BsYXlPZmZzZXQgMTAKLSNYMTFVc2VMb2NhbGhvc3QgeWVzCiAjUHJpbnRNb3RkIHllcwog
I1ByaW50TGFzdExvZyB5ZXMKLSNUQ1BLZWVwQWxpdmUgeWVzCiAjVXNlTG9naW4gbm8KLSNVc2VQ
cml2aWxlZ2VTZXBhcmF0aW9uIHllcwotI1Blcm1pdFVzZXJFbnZpcm9ubWVudCBubwotI0NvbXBy
ZXNzaW9uIGRlbGF5ZWQKLSNDbGllbnRBbGl2ZUludGVydmFsIDAKLSNDbGllbnRBbGl2ZUNvdW50
TWF4IDMKLSNVc2VETlMgeWVzCi0jUGlkRmlsZSAvdmFyL3J1bi9zc2hkLnBpZAotI01heFN0YXJ0
dXBzIDEwCi0jUGVybWl0VHVubmVsIG5vCi0KLSMgbm8gZGVmYXVsdCBiYW5uZXIgcGF0aAotI0Jh
bm5lciAvc29tZS9wYXRoCi0KLSMgb3ZlcnJpZGUgZGVmYXVsdCBvZiBubyBzdWJzeXN0ZW1zCisK
KyNNYXhTdGFydHVwcyAxMDozMDo2MAorI0Jhbm5lciAvZXRjL2lzc3VlCisKKyMgQWxsb3cgY2xp
ZW50cyB0byBwYXNzIGxvY2FsZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMKKyNBY2NlcHRFbnYgTEFO
RyBMQ18qCisKIFN1YnN5c3RlbQlzZnRwCS91c3Ivc2Jpbi9zZnRwLXNlcnZlcgotLSAKMi41LjAK
CgotLSAKcHR4ZGlzdCBtYWlsaW5nIGxpc3QKcHR4ZGlzdEBwZW5ndXRyb25peC5kZQo=