Optionally include /etc/sysconfig/dracut-sshd ...

to provide a way for specifying early userspace specific sshd command line options. Closes #9
gsauthof · Sep 26, 2019 · 953e945 · 953e945
1 parent b534935
commit 953e945
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 2 deletions.
diff --git a/46sshd/module-setup.sh b/46sshd/module-setup.sh
@@ -52,7 +52,8 @@ install() {
             "$initdir/root/.ssh/authorized_keys"
 
     inst_simple /usr/sbin/sshd
-    inst_multiple -o /etc/sysconfig/ssh /etc/sysconfig/sshd
+    inst_multiple -o /etc/sysconfig/sshd /etc/sysconfig/ssh \
+            /etc/sysconfig/dracut-sshd
 
     # First entry for Fedora 28, second for Fedora 27
     inst_multiple -o /etc/crypto-policies/back-ends/opensshserver.config \

diff --git a/46sshd/sshd.service b/46sshd/sshd.service
@@ -14,8 +14,10 @@ Before=cryptsetup.target
 Type=notify
 
 EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config
+EnvironmentFile=-/etc/crypto-policies/back-ends/openssh-server.config
 EnvironmentFile=-/etc/sysconfig/sshd
 EnvironmentFile=-/etc/sysconfig/ssh
+EnvironmentFile=-/etc/sysconfig/dracut-sshd
 
 # Start command requires the `-e` option if and only if `Type=simple`
 # is configured, see above.

diff --git a/README.md b/README.md
@@ -272,7 +272,7 @@ The `grub2-editenv` call is only necessary on systems (such as
 RHEL 8) where the kernel parameters are stored in `/etc/grubenv`
 instead of in each menu entry (either in the main `grub2.cfg` or
 under `/boot/loader/entries` if the system follows the [boot
-loader specification (bls)[bls]).
+loader specification (bls)][bls]).
 
 
 ## Hardware Alternatives
@@ -292,6 +292,13 @@ device can help with early boot issues, however:
 Thus, as a general rule, one wants to avoid a BMC/KVM as much as
 possible.
 
+## FAQ
+
+- [How to make the early boot sshd listen on a non-standard port?]
+  A: If you really [want to do that][port] you can provide a
+  `/etc/sysconfig/dracut-sshd` that defines `SSHD_OPTS`
+  ([see also][port]).
+
 ## Related Work
 
 There is [dracut-crypt-ssh][cryptssh] module which aims to
@@ -387,3 +394,4 @@ Related ticket: [Bug 524727 - Dracut + encrypted root + networking (2009)][bug52
 [tpm]: https://en.wikipedia.org/wiki/Trusted_Platform_Module
 [addmod]: https://manpath.be/f30/5/dracut.conf#L29
 [dradd]: https://manpath.be/f30/8/dracut#L94
+[port]: https://github.com/gsauthof/dracut-sshd/issues/9#issuecomment-531308602