From 3f8d180aba4c77d6cf9609af1e5999e0db58107f Mon Sep 17 00:00:00 2001
From: Flatcar Buildbot <buildbot@flatcar-linux.org>
Date: Thu, 22 Jun 2023 16:05:53 +0200
Subject: [PATCH] overlay coreos/config: Start installing default openssh
 configs

The configs provided by the openssh and Gentoo projects usually keep
everything commented out, meaning that the default values will be
used. On top of that, they will also include snippets in the snippet
directory. As such, start installing the default configs. We only mask
a snippet that defines sftp subsystem, because we provide our own
config snippet from coreos-base/misc-files that defines it.
---
 .../coreos/config/env/net-misc/openssh              | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-misc/openssh b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-misc/openssh
index 75f2a0f81c6..879f94faee6 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-misc/openssh
+++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-misc/openssh
@@ -1,12 +1,9 @@
-# We install these with our chromeos-base package.
+# Do not install the setuid file in production images.
+#
+# Do not install the config snippet that defines a subsystem. We have
+# our own definition in coreos-init.
 if [[ $(cros_target) != "cros_host" ]] ; then
-	openssh_mask="
-		/etc/ssh/ssh_config
-		/etc/ssh/sshd_config
-		/etc/ssh/ssh_config.d
-		/etc/ssh/sshd_config.d
-		/usr/lib*/misc/ssh-keysign
-	"
+	openssh_mask="/usr/lib*/misc/ssh-keysign /etc/ssh/sshd_config.d/*gentoo-subsystem.conf"
 	PKG_INSTALL_MASK+=" ${openssh_mask}"
 	INSTALL_MASK+=" ${openssh_mask}"
 	unset openssh_mask