b317222 ipa-client-install: use sshd drop-in configuration

Authored and Committed by frenaud 3 years ago
    ipa-client-install: use sshd drop-in configuration
    
    sshd 8.2+ now supports the "Include" keyword in sshd_config and
    ships by default /etc/ssh/sshd_config with
    "Include /etc/ssh/sshd_config.d/*"
    
    As fedora 32 provides a config file in that directory (05-redhat.conf) with
    ChallengeResponseAuthentication no
    that is conflicting with IPA client config, ipa-client-install now needs
    to make its config changes in a drop-in file read before 05-redhat.conf
    (the files are read in lexicographic order and the first setting wins).
    
    There is no need to handle upgrades from sshd < 8.2: if openssh-server
    detects a customisation in /etc/ssh/sshd_config, it will not update
    the file but create /etc/ssh/sshd_config.rpmnew and ask the admin
    to manually handle the config upgrade.
    
    Fixes: https://pagure.io/freeipa/issue/8304
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    
        
file modified
+1 -0
file modified
+43 -5
file modified
+2 -0