Dead files.
This commit is contained in:
parent
761efaa70c
commit
62142b308a
@ -1,24 +0,0 @@
|
||||
ssh
|
||||
scp
|
||||
sshd
|
||||
ssh-add
|
||||
ssh-keygen
|
||||
ssh-keyscan
|
||||
ssh-keysign
|
||||
ssh-agent
|
||||
sftp-server
|
||||
sftp
|
||||
configure
|
||||
config.h.in
|
||||
config.h
|
||||
config.status
|
||||
config.cache
|
||||
config.log
|
||||
stamp-h.in
|
||||
Makefile
|
||||
ssh_prng_cmds
|
||||
*.out
|
||||
*.0
|
||||
buildit.sh
|
||||
autom4te.cache
|
||||
ssh-rand-helper
|
@ -1,458 +0,0 @@
|
||||
/* $Id: acconfig.h,v 1.183 2005/07/07 10:33:36 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef _CONFIG_H
|
||||
#define _CONFIG_H
|
||||
|
||||
/* Generated automatically from acconfig.h by autoheader. */
|
||||
/* Please make your changes there */
|
||||
|
||||
@TOP@
|
||||
|
||||
/* Define if your platform breaks doing a seteuid before a setuid */
|
||||
#undef SETEUID_BREAKS_SETUID
|
||||
|
||||
/* Define if your setreuid() is broken */
|
||||
#undef BROKEN_SETREUID
|
||||
|
||||
/* Define if your setregid() is broken */
|
||||
#undef BROKEN_SETREGID
|
||||
|
||||
/* Define if your setresuid() is broken */
|
||||
#undef BROKEN_SETRESUID
|
||||
|
||||
/* Define if your setresgid() is broken */
|
||||
#undef BROKEN_SETRESGID
|
||||
|
||||
/* Define to a Set Process Title type if your system is */
|
||||
/* supported by bsd-setproctitle.c */
|
||||
#undef SPT_TYPE
|
||||
#undef SPT_PADCHAR
|
||||
|
||||
/* SCO workaround */
|
||||
#undef BROKEN_SYS_TERMIO_H
|
||||
|
||||
/* Define if you have SecureWare-based protected password database */
|
||||
#undef HAVE_SECUREWARE
|
||||
|
||||
/* If your header files don't define LOGIN_PROGRAM, then use this (detected) */
|
||||
/* from environment and PATH */
|
||||
#undef LOGIN_PROGRAM_FALLBACK
|
||||
|
||||
/* Full path of your "passwd" program */
|
||||
#undef _PATH_PASSWD_PROG
|
||||
|
||||
/* Define if your password has a pw_class field */
|
||||
#undef HAVE_PW_CLASS_IN_PASSWD
|
||||
|
||||
/* Define if your password has a pw_expire field */
|
||||
#undef HAVE_PW_EXPIRE_IN_PASSWD
|
||||
|
||||
/* Define if your password has a pw_change field */
|
||||
#undef HAVE_PW_CHANGE_IN_PASSWD
|
||||
|
||||
/* Define if your system uses access rights style file descriptor passing */
|
||||
#undef HAVE_ACCRIGHTS_IN_MSGHDR
|
||||
|
||||
/* Define if your system uses ancillary data style file descriptor passing */
|
||||
#undef HAVE_CONTROL_IN_MSGHDR
|
||||
|
||||
/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */
|
||||
#undef BROKEN_INET_NTOA
|
||||
|
||||
/* Define if your system defines sys_errlist[] */
|
||||
#undef HAVE_SYS_ERRLIST
|
||||
|
||||
/* Define if your system defines sys_nerr */
|
||||
#undef HAVE_SYS_NERR
|
||||
|
||||
/* Define if your system choked on IP TOS setting */
|
||||
#undef IP_TOS_IS_BROKEN
|
||||
|
||||
/* Define if you have the getuserattr function. */
|
||||
#undef HAVE_GETUSERATTR
|
||||
|
||||
/* Define if you have the basename function. */
|
||||
#undef HAVE_BASENAME
|
||||
|
||||
/* Work around problematic Linux PAM modules handling of PAM_TTY */
|
||||
#undef PAM_TTY_KLUDGE
|
||||
|
||||
/* Define if pam_chauthtok wants real uid set to the unpriv'ed user */
|
||||
#undef SSHPAM_CHAUTHTOK_NEEDS_RUID
|
||||
|
||||
/* Use PIPES instead of a socketpair() */
|
||||
#undef USE_PIPES
|
||||
|
||||
/* Define if your snprintf is busted */
|
||||
#undef BROKEN_SNPRINTF
|
||||
|
||||
/* Define if you are on Cygwin */
|
||||
#undef HAVE_CYGWIN
|
||||
|
||||
/* Define if you have a broken realpath. */
|
||||
#undef BROKEN_REALPATH
|
||||
|
||||
/* Define if you are on NeXT */
|
||||
#undef HAVE_NEXT
|
||||
|
||||
/* Define if you want to enable PAM support */
|
||||
#undef USE_PAM
|
||||
|
||||
/* Define if you want to enable AIX4's authenticate function */
|
||||
#undef WITH_AIXAUTHENTICATE
|
||||
|
||||
/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */
|
||||
#undef AIX_LOGINFAILED_4ARG
|
||||
|
||||
/* Define if your skeychallenge() function takes 4 arguments (eg NetBSD) */
|
||||
#undef SKEYCHALLENGE_4ARG
|
||||
|
||||
/* Define if you have/want arrays (cluster-wide session managment, not C arrays) */
|
||||
#undef WITH_IRIX_ARRAY
|
||||
|
||||
/* Define if you want IRIX project management */
|
||||
#undef WITH_IRIX_PROJECT
|
||||
|
||||
/* Define if you want IRIX audit trails */
|
||||
#undef WITH_IRIX_AUDIT
|
||||
|
||||
/* Define if you want IRIX kernel jobs */
|
||||
#undef WITH_IRIX_JOBS
|
||||
|
||||
/* Location of PRNGD/EGD random number socket */
|
||||
#undef PRNGD_SOCKET
|
||||
|
||||
/* Port number of PRNGD/EGD random number socket */
|
||||
#undef PRNGD_PORT
|
||||
|
||||
/* Builtin PRNG command timeout */
|
||||
#undef ENTROPY_TIMEOUT_MSEC
|
||||
|
||||
/* non-privileged user for privilege separation */
|
||||
#undef SSH_PRIVSEP_USER
|
||||
|
||||
/* Define if you want to install preformatted manpages.*/
|
||||
#undef MANTYPE
|
||||
|
||||
/* Define if your ssl headers are included with #include <openssl/header.h> */
|
||||
#undef HAVE_OPENSSL
|
||||
|
||||
/* Define if you are linking against RSAref. Used only to print the right
|
||||
* message at run-time. */
|
||||
#undef RSAREF
|
||||
|
||||
/* struct timeval */
|
||||
#undef HAVE_STRUCT_TIMEVAL
|
||||
|
||||
/* struct utmp and struct utmpx fields */
|
||||
#undef HAVE_HOST_IN_UTMP
|
||||
#undef HAVE_HOST_IN_UTMPX
|
||||
#undef HAVE_ADDR_IN_UTMP
|
||||
#undef HAVE_ADDR_IN_UTMPX
|
||||
#undef HAVE_ADDR_V6_IN_UTMP
|
||||
#undef HAVE_ADDR_V6_IN_UTMPX
|
||||
#undef HAVE_SYSLEN_IN_UTMPX
|
||||
#undef HAVE_PID_IN_UTMP
|
||||
#undef HAVE_TYPE_IN_UTMP
|
||||
#undef HAVE_TYPE_IN_UTMPX
|
||||
#undef HAVE_TV_IN_UTMP
|
||||
#undef HAVE_TV_IN_UTMPX
|
||||
#undef HAVE_ID_IN_UTMP
|
||||
#undef HAVE_ID_IN_UTMPX
|
||||
#undef HAVE_EXIT_IN_UTMP
|
||||
#undef HAVE_TIME_IN_UTMP
|
||||
#undef HAVE_TIME_IN_UTMPX
|
||||
|
||||
/* Define if you don't want to use your system's login() call */
|
||||
#undef DISABLE_LOGIN
|
||||
|
||||
/* Define if you don't want to use pututline() etc. to write [uw]tmp */
|
||||
#undef DISABLE_PUTUTLINE
|
||||
|
||||
/* Define if you don't want to use pututxline() etc. to write [uw]tmpx */
|
||||
#undef DISABLE_PUTUTXLINE
|
||||
|
||||
/* Define if you don't want to use lastlog */
|
||||
#undef DISABLE_LASTLOG
|
||||
|
||||
/* Define if you don't want to use lastlog in session.c */
|
||||
#undef NO_SSH_LASTLOG
|
||||
|
||||
/* Define if you don't want to use utmp */
|
||||
#undef DISABLE_UTMP
|
||||
|
||||
/* Define if you don't want to use utmpx */
|
||||
#undef DISABLE_UTMPX
|
||||
|
||||
/* Define if you don't want to use wtmp */
|
||||
#undef DISABLE_WTMP
|
||||
|
||||
/* Define if you don't want to use wtmpx */
|
||||
#undef DISABLE_WTMPX
|
||||
|
||||
/* Some systems need a utmpx entry for /bin/login to work */
|
||||
#undef LOGIN_NEEDS_UTMPX
|
||||
|
||||
/* Some versions of /bin/login need the TERM supplied on the commandline */
|
||||
#undef LOGIN_NEEDS_TERM
|
||||
|
||||
/* Define if your login program cannot handle end of options ("--") */
|
||||
#undef LOGIN_NO_ENDOPT
|
||||
|
||||
/* Define if you want to specify the path to your lastlog file */
|
||||
#undef CONF_LASTLOG_FILE
|
||||
|
||||
/* Define if you want to specify the path to your utmp file */
|
||||
#undef CONF_UTMP_FILE
|
||||
|
||||
/* Define if you want to specify the path to your wtmp file */
|
||||
#undef CONF_WTMP_FILE
|
||||
|
||||
/* Define if you want to specify the path to your utmpx file */
|
||||
#undef CONF_UTMPX_FILE
|
||||
|
||||
/* Define if you want to specify the path to your wtmpx file */
|
||||
#undef CONF_WTMPX_FILE
|
||||
|
||||
/* Define if you want external askpass support */
|
||||
#undef USE_EXTERNAL_ASKPASS
|
||||
|
||||
/* Define if libc defines __progname */
|
||||
#undef HAVE___PROGNAME
|
||||
|
||||
/* Define if compiler implements __FUNCTION__ */
|
||||
#undef HAVE___FUNCTION__
|
||||
|
||||
/* Define if compiler implements __func__ */
|
||||
#undef HAVE___func__
|
||||
|
||||
/* Define this is you want GSSAPI support in the version 2 protocol */
|
||||
#undef GSSAPI
|
||||
|
||||
/* Define if you want Kerberos 5 support */
|
||||
#undef KRB5
|
||||
|
||||
/* Define this if you are using the Heimdal version of Kerberos V5 */
|
||||
#undef HEIMDAL
|
||||
|
||||
/* Define this if you want to use libkafs' AFS support */
|
||||
#undef USE_AFS
|
||||
|
||||
/* Define if you want S/Key support */
|
||||
#undef SKEY
|
||||
|
||||
/* Define if you want TCP Wrappers support */
|
||||
#undef LIBWRAP
|
||||
|
||||
/* Define if your libraries define login() */
|
||||
#undef HAVE_LOGIN
|
||||
|
||||
/* Define if your libraries define daemon() */
|
||||
#undef HAVE_DAEMON
|
||||
|
||||
/* Define if your libraries define getpagesize() */
|
||||
#undef HAVE_GETPAGESIZE
|
||||
|
||||
/* Define if xauth is found in your path */
|
||||
#undef XAUTH_PATH
|
||||
|
||||
/* Define if you want to allow MD5 passwords */
|
||||
#undef HAVE_MD5_PASSWORDS
|
||||
|
||||
/* Define if you want to disable shadow passwords */
|
||||
#undef DISABLE_SHADOW
|
||||
|
||||
/* Define if you want to use shadow password expire field */
|
||||
#undef HAS_SHADOW_EXPIRE
|
||||
|
||||
/* Define if you have Digital Unix Security Integration Architecture */
|
||||
#undef HAVE_OSF_SIA
|
||||
|
||||
/* Define if you have getpwanam(3) [SunOS 4.x] */
|
||||
#undef HAVE_GETPWANAM
|
||||
|
||||
/* Define if you have an old version of PAM which takes only one argument */
|
||||
/* to pam_strerror */
|
||||
#undef HAVE_OLD_PAM
|
||||
|
||||
/* Define if you are using Solaris-derived PAM which passes pam_messages */
|
||||
/* to the conversation function with an extra level of indirection */
|
||||
#undef PAM_SUN_CODEBASE
|
||||
|
||||
/* Set this to your mail directory if you don't have maillock.h */
|
||||
#undef MAIL_DIRECTORY
|
||||
|
||||
/* Data types */
|
||||
#undef HAVE_U_INT
|
||||
#undef HAVE_INTXX_T
|
||||
#undef HAVE_U_INTXX_T
|
||||
#undef HAVE_UINTXX_T
|
||||
#undef HAVE_INT64_T
|
||||
#undef HAVE_U_INT64_T
|
||||
#undef HAVE_U_CHAR
|
||||
#undef HAVE_SIZE_T
|
||||
#undef HAVE_SSIZE_T
|
||||
#undef HAVE_CLOCK_T
|
||||
#undef HAVE_MODE_T
|
||||
#undef HAVE_PID_T
|
||||
#undef HAVE_SA_FAMILY_T
|
||||
#undef HAVE_STRUCT_SOCKADDR_STORAGE
|
||||
#undef HAVE_STRUCT_ADDRINFO
|
||||
#undef HAVE_STRUCT_IN6_ADDR
|
||||
#undef HAVE_STRUCT_SOCKADDR_IN6
|
||||
|
||||
/* Fields in struct sockaddr_storage */
|
||||
#undef HAVE_SS_FAMILY_IN_SS
|
||||
#undef HAVE___SS_FAMILY_IN_SS
|
||||
|
||||
/* Define if you have /dev/ptmx */
|
||||
#undef HAVE_DEV_PTMX
|
||||
|
||||
/* Define if you have /dev/ptc */
|
||||
#undef HAVE_DEV_PTS_AND_PTC
|
||||
|
||||
/* Define if you need to use IP address instead of hostname in $DISPLAY */
|
||||
#undef IPADDR_IN_DISPLAY
|
||||
|
||||
/* Specify default $PATH */
|
||||
#undef USER_PATH
|
||||
|
||||
/* Specify location of ssh.pid */
|
||||
#undef _PATH_SSH_PIDDIR
|
||||
|
||||
/* getaddrinfo is broken (if present) */
|
||||
#undef BROKEN_GETADDRINFO
|
||||
|
||||
/* updwtmpx is broken (if present) */
|
||||
#undef BROKEN_UPDWTMPX
|
||||
|
||||
/* Workaround more Linux IPv6 quirks */
|
||||
#undef DONT_TRY_OTHER_AF
|
||||
|
||||
/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
|
||||
#undef IPV4_IN_IPV6
|
||||
|
||||
/* Define if you have BSD auth support */
|
||||
#undef BSD_AUTH
|
||||
|
||||
/* Define if X11 doesn't support AF_UNIX sockets on that system */
|
||||
#undef NO_X11_UNIX_SOCKETS
|
||||
|
||||
/* Define if the concept of ports only accessible to superusers isn't known */
|
||||
#undef NO_IPPORT_RESERVED_CONCEPT
|
||||
|
||||
/* Needed for SCO and NeXT */
|
||||
#undef BROKEN_SAVED_UIDS
|
||||
|
||||
/* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */
|
||||
#undef GLOB_HAS_ALTDIRFUNC
|
||||
|
||||
/* Define if your system glob() function has gl_matchc options in glob_t */
|
||||
#undef GLOB_HAS_GL_MATCHC
|
||||
|
||||
/* Define in your struct dirent expects you to allocate extra space for d_name */
|
||||
#undef BROKEN_ONE_BYTE_DIRENT_D_NAME
|
||||
|
||||
/* Define if your system has /etc/default/login */
|
||||
#undef HAVE_ETC_DEFAULT_LOGIN
|
||||
|
||||
/* Define if your getopt(3) defines and uses optreset */
|
||||
#undef HAVE_GETOPT_OPTRESET
|
||||
|
||||
/* Define on *nto-qnx systems */
|
||||
#undef MISSING_NFDBITS
|
||||
|
||||
/* Define on *nto-qnx systems */
|
||||
#undef MISSING_HOWMANY
|
||||
|
||||
/* Define on *nto-qnx systems */
|
||||
#undef MISSING_FD_MASK
|
||||
|
||||
/* Define if you want smartcard support */
|
||||
#undef SMARTCARD
|
||||
|
||||
/* Define if you want smartcard support using sectok */
|
||||
#undef USE_SECTOK
|
||||
|
||||
/* Define if you want smartcard support using OpenSC */
|
||||
#undef USE_OPENSC
|
||||
|
||||
/* Define if you want to use OpenSSL's internally seeded PRNG only */
|
||||
#undef OPENSSL_PRNG_ONLY
|
||||
|
||||
/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */
|
||||
#undef WITH_ABBREV_NO_TTY
|
||||
|
||||
/* Define if you want a different $PATH for the superuser */
|
||||
#undef SUPERUSER_PATH
|
||||
|
||||
/* Path that unprivileged child will chroot() to in privep mode */
|
||||
#undef PRIVSEP_PATH
|
||||
|
||||
/* Define if your platform needs to skip post auth file descriptor passing */
|
||||
#undef DISABLE_FD_PASSING
|
||||
|
||||
/* Silly mkstemp() */
|
||||
#undef HAVE_STRICT_MKSTEMP
|
||||
|
||||
/* Some systems put this outside of libc */
|
||||
#undef HAVE_NANOSLEEP
|
||||
|
||||
/* Define if sshd somehow reacquires a controlling TTY after setsid() */
|
||||
#undef SSHD_ACQUIRES_CTTY
|
||||
|
||||
/* Define if cmsg_type is not passed correctly */
|
||||
#undef BROKEN_CMSG_TYPE
|
||||
|
||||
/*
|
||||
* Define to whatever link() returns for "not supported" if it doesn't
|
||||
* return EOPNOTSUPP.
|
||||
*/
|
||||
#undef LINK_OPNOTSUPP_ERRNO
|
||||
|
||||
/* Strings used in /etc/passwd to denote locked account */
|
||||
#undef LOCKED_PASSWD_STRING
|
||||
#undef LOCKED_PASSWD_PREFIX
|
||||
#undef LOCKED_PASSWD_SUBSTR
|
||||
|
||||
/* Define if getrrsetbyname() exists */
|
||||
#undef HAVE_GETRRSETBYNAME
|
||||
|
||||
/* Define if HEADER.ad exists in arpa/nameser.h */
|
||||
#undef HAVE_HEADER_AD
|
||||
|
||||
/* Define if your resolver libs need this for getrrsetbyname */
|
||||
#undef BIND_8_COMPAT
|
||||
|
||||
/* Define if you have /proc/$pid/fd */
|
||||
#undef HAVE_PROC_PID
|
||||
|
||||
@BOTTOM@
|
||||
|
||||
/* ******************* Shouldn't need to edit below this line ************** */
|
||||
|
||||
#endif /* _CONFIG_H */
|
@ -1,15 +0,0 @@
|
||||
all:
|
||||
@echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2"
|
||||
|
||||
gnome-ssh-askpass1: gnome-ssh-askpass1.c
|
||||
$(CC) `gnome-config --cflags gnome gnomeui` \
|
||||
gnome-ssh-askpass1.c -o gnome-ssh-askpass1 \
|
||||
`gnome-config --libs gnome gnomeui`
|
||||
|
||||
gnome-ssh-askpass2: gnome-ssh-askpass2.c
|
||||
$(CC) `pkg-config --cflags gtk+-2.0` \
|
||||
gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \
|
||||
`pkg-config --libs gtk+-2.0`
|
||||
|
||||
clean:
|
||||
rm -f *.o gnome-ssh-askpass1 gnome-ssh-askpass2 gnome-ssh-askpass
|
@ -1,60 +0,0 @@
|
||||
Other patches and addons for OpenSSH. Please send submissions to
|
||||
djm@mindrot.org
|
||||
|
||||
Externally maintained
|
||||
---------------------
|
||||
|
||||
SSH Proxy Command -- connect.c
|
||||
|
||||
Shun-ichi GOTO <gotoh@imasy.or.jp> has written a very useful ProxyCommand
|
||||
which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or
|
||||
https CONNECT style proxy server. His page for connect.c has extensive
|
||||
documentation on its use as well as compiled versions for Win32.
|
||||
|
||||
http://www.taiyo.co.jp/~gotoh/ssh/connect.html
|
||||
|
||||
|
||||
X11 SSH Askpass:
|
||||
|
||||
Jim Knoble <jmknoble@pobox.com> has written an excellent X11
|
||||
passphrase requester. This is highly recommended:
|
||||
|
||||
http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html
|
||||
|
||||
|
||||
In this directory
|
||||
-----------------
|
||||
|
||||
ssh-copy-id:
|
||||
|
||||
Phil Hands' <phil@hands.com> shell script to automate the process of adding
|
||||
your public key to a remote machine's ~/.ssh/authorized_keys file.
|
||||
|
||||
gnome-ssh-askpass[12]:
|
||||
|
||||
A GNOME and Gtk2 passphrase requesters. Use "make gnome-ssh-askpass1" or
|
||||
"make gnome-ssh-askpass2" to build.
|
||||
|
||||
sshd.pam.generic:
|
||||
|
||||
A generic PAM config file which may be useful on your system. YMMV
|
||||
|
||||
sshd.pam.freebsd:
|
||||
|
||||
A PAM config file which works with FreeBSD's PAM port. Contributed by
|
||||
Dominik Brettnacher <domi@saargate.de>
|
||||
|
||||
mdoc2man.pl:
|
||||
|
||||
Converts mdoc formated manpages into normal manpages. This can be used
|
||||
on Solaris machines to provide manpages that are not preformated.
|
||||
Contributed by Mark D. Roth <roth@feep.net>
|
||||
|
||||
redhat:
|
||||
|
||||
RPM spec file and scripts for building Redhat packages
|
||||
|
||||
suse:
|
||||
|
||||
RPM spec file and scripts for building SuSE packages
|
||||
|
@ -1,50 +0,0 @@
|
||||
Overview:
|
||||
|
||||
This directory contains files to build an AIX native (installp or SMIT
|
||||
installable) openssh package.
|
||||
|
||||
|
||||
Directions:
|
||||
|
||||
(optional) create config.local in your build dir
|
||||
./configure [options]
|
||||
contrib/aix/buildbff.sh
|
||||
|
||||
The file config.local or the environment is read to set the following options
|
||||
(default first):
|
||||
PERMIT_ROOT_LOGIN=[no|yes]
|
||||
X11_FORWARDING=[no|yes]
|
||||
AIX_SRC=[no|yes]
|
||||
|
||||
Acknowledgements:
|
||||
|
||||
The contents of this directory are based on Ben Lindstrom's Solaris
|
||||
buildpkg.sh. Ben also supplied inventory.sh.
|
||||
|
||||
Jim Abbey's (GPL'ed) lppbuild-2.1 was used to learn how to build .bff's
|
||||
and for comparison with the output from this script, however no code
|
||||
from lppbuild is included and it is not required for operation.
|
||||
|
||||
SRC support based on examples provided by Sandor Sklar and Maarten Kreuger.
|
||||
PrivSep account handling fixes contributed by W. Earl Allen.
|
||||
|
||||
|
||||
Other notes:
|
||||
|
||||
The script treats all packages as USR packages (not ROOT+USR when
|
||||
appropriate). It seems to work, though......
|
||||
|
||||
If there are any patches to this that have not yet been integrated they
|
||||
may be found at http://www.zip.com.au/~dtucker/openssh/.
|
||||
|
||||
|
||||
Disclaimer:
|
||||
|
||||
It is hoped that it is useful but there is no warranty. If it breaks
|
||||
you get to keep both pieces.
|
||||
|
||||
|
||||
- Darren Tucker (dtucker at zip dot com dot au)
|
||||
2002/03/01
|
||||
|
||||
$Id: README,v 1.4 2003/08/25 05:01:04 dtucker Exp $
|
@ -1,383 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# buildbff.sh: Create AIX SMIT-installable OpenSSH packages
|
||||
# $Id: buildbff.sh,v 1.7 2003/11/21 12:48:56 djm Exp $
|
||||
#
|
||||
# Author: Darren Tucker (dtucker at zip dot com dot au)
|
||||
# This file is placed in the public domain and comes with absolutely
|
||||
# no warranty.
|
||||
#
|
||||
# Based originally on Ben Lindstrom's buildpkg.sh for Solaris
|
||||
#
|
||||
|
||||
#
|
||||
# Tunable configuration settings
|
||||
# create a "config.local" in your build directory or set
|
||||
# environment variables to override these.
|
||||
#
|
||||
[ -z "$PERMIT_ROOT_LOGIN" ] && PERMIT_ROOT_LOGIN=no
|
||||
[ -z "$X11_FORWARDING" ] && X11_FORWARDING=no
|
||||
[ -z "$AIX_SRC" ] && AIX_SRC=no
|
||||
|
||||
umask 022
|
||||
|
||||
startdir=`pwd`
|
||||
|
||||
# Path to inventory.sh: same place as buildbff.sh
|
||||
if echo $0 | egrep '^/'
|
||||
then
|
||||
inventory=`dirname $0`/inventory.sh # absolute path
|
||||
else
|
||||
inventory=`pwd`/`dirname $0`/inventory.sh # relative path
|
||||
fi
|
||||
|
||||
#
|
||||
# We still support running from contrib/aix, but this is deprecated
|
||||
#
|
||||
if pwd | egrep 'contrib/aix$'
|
||||
then
|
||||
echo "Changing directory to `pwd`/../.."
|
||||
echo "Please run buildbff.sh from your build directory in future."
|
||||
cd ../..
|
||||
contribaix=1
|
||||
fi
|
||||
|
||||
if [ ! -f Makefile ]
|
||||
then
|
||||
echo "Makefile not found (did you run configure?)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
#
|
||||
# Directories used during build:
|
||||
# current dir = $objdir directory you ran ./configure in.
|
||||
# $objdir/$PKGDIR/ directory package files are constructed in
|
||||
# $objdir/$PKGDIR/root/ package root ($FAKE_ROOT)
|
||||
#
|
||||
objdir=`pwd`
|
||||
PKGNAME=openssh
|
||||
PKGDIR=package
|
||||
|
||||
#
|
||||
# Collect local configuration settings to override defaults
|
||||
#
|
||||
if [ -s ./config.local ]
|
||||
then
|
||||
echo Reading local settings from config.local
|
||||
. ./config.local
|
||||
fi
|
||||
|
||||
#
|
||||
# Fill in some details from Makefile, like prefix and sysconfdir
|
||||
# the eval also expands variables like sysconfdir=${prefix}/etc
|
||||
# provided they are eval'ed in the correct order
|
||||
#
|
||||
for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir srcdir
|
||||
do
|
||||
eval $confvar=`grep "^$confvar=" $objdir/Makefile | cut -d = -f 2`
|
||||
done
|
||||
|
||||
#
|
||||
# Collect values of privsep user and privsep path
|
||||
# currently only found in config.h
|
||||
#
|
||||
for confvar in SSH_PRIVSEP_USER PRIVSEP_PATH
|
||||
do
|
||||
eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' $objdir/config.h`
|
||||
done
|
||||
|
||||
# Set privsep defaults if not defined
|
||||
if [ -z "$SSH_PRIVSEP_USER" ]
|
||||
then
|
||||
SSH_PRIVSEP_USER=sshd
|
||||
fi
|
||||
if [ -z "$PRIVSEP_PATH" ]
|
||||
then
|
||||
PRIVSEP_PATH=/var/empty
|
||||
fi
|
||||
|
||||
# Clean package build directory
|
||||
rm -rf $objdir/$PKGDIR
|
||||
FAKE_ROOT=$objdir/$PKGDIR/root
|
||||
mkdir -p $FAKE_ROOT
|
||||
|
||||
# Start by faking root install
|
||||
echo "Faking root install..."
|
||||
cd $objdir
|
||||
make install-nokeys DESTDIR=$FAKE_ROOT
|
||||
|
||||
if [ $? -gt 0 ]
|
||||
then
|
||||
echo "Fake root install failed, stopping."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
#
|
||||
# Copy informational files to include in package
|
||||
#
|
||||
cp $srcdir/LICENCE $objdir/$PKGDIR/
|
||||
cp $srcdir/README* $objdir/$PKGDIR/
|
||||
|
||||
#
|
||||
# Extract common info requires for the 'info' part of the package.
|
||||
# AIX requires 4-part version numbers
|
||||
#
|
||||
VERSION=`./ssh -V 2>&1 | cut -f 1 -d , | cut -f 2 -d _`
|
||||
MAJOR=`echo $VERSION | cut -f 1 -d p | cut -f 1 -d .`
|
||||
MINOR=`echo $VERSION | cut -f 1 -d p | cut -f 2 -d .`
|
||||
PATCH=`echo $VERSION | cut -f 1 -d p | cut -f 3 -d .`
|
||||
PORTABLE=`echo $VERSION | awk 'BEGIN{FS="p"}{print $2}'`
|
||||
[ "$PATCH" = "" ] && PATCH=0
|
||||
[ "$PORTABLE" = "" ] && PORTABLE=0
|
||||
BFFVERSION=`printf "%d.%d.%d.%d" $MAJOR $MINOR $PATCH $PORTABLE`
|
||||
|
||||
echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)"
|
||||
|
||||
#
|
||||
# Set ssh and sshd parameters as per config.local
|
||||
#
|
||||
if [ "${PERMIT_ROOT_LOGIN}" = no ]
|
||||
then
|
||||
perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
|
||||
$FAKE_ROOT/${sysconfdir}/sshd_config
|
||||
fi
|
||||
if [ "${X11_FORWARDING}" = yes ]
|
||||
then
|
||||
perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
|
||||
$FAKE_ROOT/${sysconfdir}/sshd_config
|
||||
fi
|
||||
|
||||
|
||||
# Rename config files; postinstall script will copy them if necessary
|
||||
for cfgfile in ssh_config sshd_config ssh_prng_cmds
|
||||
do
|
||||
mv $FAKE_ROOT/$sysconfdir/$cfgfile $FAKE_ROOT/$sysconfdir/$cfgfile.default
|
||||
done
|
||||
|
||||
#
|
||||
# Generate lpp control files.
|
||||
# working dir is $FAKE_ROOT but files are generated in dir above
|
||||
# and moved into place just before creation of .bff
|
||||
#
|
||||
cd $FAKE_ROOT
|
||||
echo Generating LPP control files
|
||||
find . ! -name . -print >../openssh.al
|
||||
$inventory >../openssh.inventory
|
||||
|
||||
cat <<EOD >../openssh.copyright
|
||||
This software is distributed under a BSD-style license.
|
||||
For the full text of the license, see /usr/lpp/openssh/LICENCE
|
||||
EOD
|
||||
|
||||
#
|
||||
# openssh.size file allows filesystem expansion as required
|
||||
# generate list of directories containing files
|
||||
# then calculate disk usage for each directory and store in openssh.size
|
||||
#
|
||||
files=`find . -type f -print`
|
||||
dirs=`for file in $files; do dirname $file; done | sort -u`
|
||||
for dir in $dirs
|
||||
do
|
||||
du $dir
|
||||
done > ../openssh.size
|
||||
|
||||
#
|
||||
# Create postinstall script
|
||||
#
|
||||
cat <<EOF >>../openssh.post_i
|
||||
#!/bin/sh
|
||||
|
||||
echo Creating configs from defaults if necessary.
|
||||
for cfgfile in ssh_config sshd_config ssh_prng_cmds
|
||||
do
|
||||
if [ ! -f $sysconfdir/\$cfgfile ]
|
||||
then
|
||||
echo "Creating \$cfgfile from default"
|
||||
cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile
|
||||
else
|
||||
echo "\$cfgfile already exists."
|
||||
fi
|
||||
done
|
||||
echo
|
||||
|
||||
# Create PrivSep user if PrivSep not disabled in config
|
||||
echo Creating PrivSep prereqs if required.
|
||||
if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
|
||||
then
|
||||
echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user,"
|
||||
echo "group or chroot directory."
|
||||
else
|
||||
echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
|
||||
|
||||
# create group if required
|
||||
if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
|
||||
then
|
||||
echo "PrivSep group $SSH_PRIVSEP_USER already exists."
|
||||
else
|
||||
echo "Creating PrivSep group $SSH_PRIVSEP_USER."
|
||||
mkgroup -A $SSH_PRIVSEP_USER
|
||||
fi
|
||||
|
||||
# Create user if required
|
||||
if lsuser ALL | cut -f1 -d: | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
|
||||
then
|
||||
echo "PrivSep user $SSH_PRIVSEP_USER already exists."
|
||||
else
|
||||
echo "Creating PrivSep user $SSH_PRIVSEP_USER."
|
||||
mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
|
||||
fi
|
||||
|
||||
# create chroot directory if required
|
||||
if [ -d $PRIVSEP_PATH ]
|
||||
then
|
||||
echo "PrivSep chroot directory $PRIVSEP_PATH already exists."
|
||||
else
|
||||
echo "Creating PrivSep chroot directory $PRIVSEP_PATH."
|
||||
mkdir $PRIVSEP_PATH
|
||||
chown 0 $PRIVSEP_PATH
|
||||
chgrp 0 $PRIVSEP_PATH
|
||||
chmod 755 $PRIVSEP_PATH
|
||||
fi
|
||||
fi
|
||||
echo
|
||||
|
||||
# Generate keys unless they already exist
|
||||
echo Creating host keys if required.
|
||||
if [ -f "$sysconfdir/ssh_host_key" ] ; then
|
||||
echo "$sysconfdir/ssh_host_key already exists, skipping."
|
||||
else
|
||||
$bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N ""
|
||||
fi
|
||||
if [ -f $sysconfdir/ssh_host_dsa_key ] ; then
|
||||
echo "$sysconfdir/ssh_host_dsa_key already exists, skipping."
|
||||
else
|
||||
$bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N ""
|
||||
fi
|
||||
if [ -f $sysconfdir/ssh_host_rsa_key ] ; then
|
||||
echo "$sysconfdir/ssh_host_rsa_key already exists, skipping."
|
||||
else
|
||||
$bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N ""
|
||||
fi
|
||||
echo
|
||||
|
||||
# Set startup command depending on SRC support
|
||||
if [ "$AIX_SRC" = "yes" ]
|
||||
then
|
||||
echo Creating SRC sshd subsystem.
|
||||
rmssys -s sshd 2>&1 >/dev/null
|
||||
mkssys -s sshd -p "$sbindir/sshd" -a '-D' -u 0 -S -n 15 -f 9 -R -G tcpip
|
||||
startupcmd="start $sbindir/sshd \\\"\\\$src_running\\\""
|
||||
oldstartcmd="$sbindir/sshd"
|
||||
else
|
||||
startupcmd="$sbindir/sshd"
|
||||
oldstartcmd="start $sbindir/sshd \\\"$src_running\\\""
|
||||
fi
|
||||
|
||||
# If migrating to or from SRC, change previous startup command
|
||||
# otherwise add to rc.tcpip
|
||||
if egrep "^\$oldstartcmd" /etc/rc.tcpip >/dev/null
|
||||
then
|
||||
if sed "s|^\$oldstartcmd|\$startupcmd|g" /etc/rc.tcpip >/etc/rc.tcpip.new
|
||||
then
|
||||
chmod 0755 /etc/rc.tcpip.new
|
||||
mv /etc/rc.tcpip /etc/rc.tcpip.old && \
|
||||
mv /etc/rc.tcpip.new /etc/rc.tcpip
|
||||
else
|
||||
echo "Updating /etc/rc.tcpip failed, please check."
|
||||
fi
|
||||
else
|
||||
# Add to system startup if required
|
||||
if grep "^\$startupcmd" /etc/rc.tcpip >/dev/null
|
||||
then
|
||||
echo "sshd found in rc.tcpip, not adding."
|
||||
else
|
||||
echo "Adding sshd to rc.tcpip"
|
||||
echo >>/etc/rc.tcpip
|
||||
echo "# Start sshd" >>/etc/rc.tcpip
|
||||
echo "\$startupcmd" >>/etc/rc.tcpip
|
||||
fi
|
||||
fi
|
||||
EOF
|
||||
|
||||
#
|
||||
# Create liblpp.a and move control files into it
|
||||
#
|
||||
echo Creating liblpp.a
|
||||
(
|
||||
cd ..
|
||||
for i in openssh.al openssh.copyright openssh.inventory openssh.post_i openssh.size LICENCE README*
|
||||
do
|
||||
ar -r liblpp.a $i
|
||||
rm $i
|
||||
done
|
||||
)
|
||||
|
||||
#
|
||||
# Create lpp_name
|
||||
#
|
||||
# This will end up looking something like:
|
||||
# 4 R I OpenSSH {
|
||||
# OpenSSH 3.0.2.1 1 N U en_US OpenSSH 3.0.2p1 Portable for AIX
|
||||
# [
|
||||
# %
|
||||
# /usr/local/bin 8073
|
||||
# /usr/local/etc 189
|
||||
# /usr/local/libexec 185
|
||||
# /usr/local/man/man1 145
|
||||
# /usr/local/man/man8 83
|
||||
# /usr/local/sbin 2105
|
||||
# /usr/local/share 3
|
||||
# %
|
||||
# ]
|
||||
# }
|
||||
|
||||
echo Creating lpp_name
|
||||
cat <<EOF >../lpp_name
|
||||
4 R I $PKGNAME {
|
||||
$PKGNAME $BFFVERSION 1 N U en_US OpenSSH $VERSION Portable for AIX
|
||||
[
|
||||
%
|
||||
EOF
|
||||
|
||||
for i in $bindir $sysconfdir $libexecdir $mandir/${mansubdir}1 $mandir/${mansubdir}8 $sbindir $datadir /usr/lpp/openssh
|
||||
do
|
||||
# get size in 512 byte blocks
|
||||
if [ -d $FAKE_ROOT/$i ]
|
||||
then
|
||||
size=`du $FAKE_ROOT/$i | awk '{print $1}'`
|
||||
echo "$i $size" >>../lpp_name
|
||||
fi
|
||||
done
|
||||
|
||||
echo '%' >>../lpp_name
|
||||
echo ']' >>../lpp_name
|
||||
echo '}' >>../lpp_name
|
||||
|
||||
#
|
||||
# Move pieces into place
|
||||
#
|
||||
mkdir -p usr/lpp/openssh
|
||||
mv ../liblpp.a usr/lpp/openssh
|
||||
mv ../lpp_name .
|
||||
|
||||
#
|
||||
# Now invoke backup to create .bff file
|
||||
# note: lpp_name needs to be the first file so we generate the
|
||||
# file list on the fly and feed it to backup using -i
|
||||
#
|
||||
echo Creating $PKGNAME-$VERSION.bff with backup...
|
||||
rm -f $PKGNAME-$VERSION.bff
|
||||
(
|
||||
echo "./lpp_name"
|
||||
find . ! -name lpp_name -a ! -name . -print
|
||||
) | backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist
|
||||
|
||||
#
|
||||
# Move package into final location and clean up
|
||||
#
|
||||
mv ../$PKGNAME-$VERSION.bff $startdir
|
||||
cd $startdir
|
||||
rm -rf $objdir/$PKGDIR
|
||||
|
||||
echo $0: done.
|
||||
|
@ -1,63 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# inventory.sh
|
||||
# $Id: inventory.sh,v 1.6 2003/11/21 12:48:56 djm Exp $
|
||||
#
|
||||
# Originally written by Ben Lindstrom, modified by Darren Tucker to use perl
|
||||
# This file is placed into the public domain.
|
||||
#
|
||||
# This will produce an AIX package inventory file, which looks like:
|
||||
#
|
||||
# /usr/local/bin:
|
||||
# class=apply,inventory,openssh
|
||||
# owner=root
|
||||
# group=system
|
||||
# mode=755
|
||||
# type=DIRECTORY
|
||||
# /usr/local/bin/slogin:
|
||||
# class=apply,inventory,openssh
|
||||
# owner=root
|
||||
# group=system
|
||||
# mode=777
|
||||
# type=SYMLINK
|
||||
# target=ssh
|
||||
# /usr/local/share/Ssh.bin:
|
||||
# class=apply,inventory,openssh
|
||||
# owner=root
|
||||
# group=system
|
||||
# mode=644
|
||||
# type=FILE
|
||||
# size=VOLATILE
|
||||
# checksum=VOLATILE
|
||||
|
||||
find . ! -name . -print | perl -ne '{
|
||||
chomp;
|
||||
if ( -l $_ ) {
|
||||
($dev,$ino,$mod,$nl,$uid,$gid,$rdev,$sz,$at,$mt,$ct,$bsz,$blk)=lstat;
|
||||
} else {
|
||||
($dev,$ino,$mod,$nl,$uid,$gid,$rdev,$sz,$at,$mt,$ct,$bsz,$blk)=stat;
|
||||
}
|
||||
|
||||
# Start to display inventory information
|
||||
$name = $_;
|
||||
$name =~ s|^.||; # Strip leading dot from path
|
||||
print "$name:\n";
|
||||
print "\tclass=apply,inventory,openssh\n";
|
||||
print "\towner=root\n";
|
||||
print "\tgroup=system\n";
|
||||
printf "\tmode=%lo\n", $mod & 07777; # Mask perm bits
|
||||
|
||||
if ( -l $_ ) {
|
||||
# Entry is SymLink
|
||||
print "\ttype=SYMLINK\n";
|
||||
printf "\ttarget=%s\n", readlink($_);
|
||||
} elsif ( -f $_ ) {
|
||||
# Entry is File
|
||||
print "\ttype=FILE\n";
|
||||
print "\tsize=$sz\n";
|
||||
print "\tchecksum=VOLATILE\n";
|
||||
} elsif ( -d $_ ) {
|
||||
# Entry is Directory
|
||||
print "\ttype=DIRECTORY\n";
|
||||
}
|
||||
}'
|
@ -1,20 +0,0 @@
|
||||
#
|
||||
# PAM configuration file /etc/pam.conf
|
||||
# Example for OpenSSH on AIX 5.2
|
||||
#
|
||||
|
||||
# Authentication Management
|
||||
sshd auth required /usr/lib/security/pam_aix
|
||||
OTHER auth required /usr/lib/security/pam_aix
|
||||
|
||||
# Account Management
|
||||
sshd account required /usr/lib/security/pam_aix
|
||||
OTHER account required /usr/lib/security/pam_aix
|
||||
|
||||
# Session Management
|
||||
sshd password required /usr/lib/security/pam_aix
|
||||
OTHER password required /usr/lib/security/pam_aix
|
||||
|
||||
# Password Management
|
||||
sshd session required /usr/lib/security/pam_aix
|
||||
OTHER session required /usr/lib/security/pam_aix
|
@ -1,366 +0,0 @@
|
||||
|
||||
# Some of this will need re-evaluation post-LSB. The SVIdir is there
|
||||
# because the link appeared broken. The rest is for easy compilation,
|
||||
# the tradeoff open to discussion. (LC957)
|
||||
|
||||
%define SVIdir /etc/rc.d/init.d
|
||||
%{!?_defaultdocdir:%define _defaultdocdir %{_prefix}/share/doc/packages}
|
||||
%{!?SVIcdir:%define SVIcdir /etc/sysconfig/daemons}
|
||||
|
||||
%define _mandir %{_prefix}/share/man/en
|
||||
%define _sysconfdir /etc/ssh
|
||||
%define _libexecdir %{_libdir}/ssh
|
||||
|
||||
# Do we want to disable root_login? (1=yes 0=no)
|
||||
%define no_root_login 0
|
||||
|
||||
#old cvs stuff. please update before use. may be deprecated.
|
||||
%define use_stable 1
|
||||
%if %{use_stable}
|
||||
%define version 3.8.1p1
|
||||
%define cvs %{nil}
|
||||
%define release 1
|
||||
%else
|
||||
%define version 3.8.1p1
|
||||
%define cvs cvs20011009
|
||||
%define release 0r1
|
||||
%endif
|
||||
%define xsa x11-ssh-askpass
|
||||
%define askpass %{xsa}-1.2.4.1
|
||||
|
||||
# OpenSSH privilege separation requires a user & group ID
|
||||
%define sshd_uid 67
|
||||
%define sshd_gid 67
|
||||
|
||||
Name : openssh
|
||||
Version : %{version}%{cvs}
|
||||
Release : %{release}
|
||||
Group : System/Network
|
||||
|
||||
Summary : OpenSSH free Secure Shell (SSH) implementation.
|
||||
Summary(de) : OpenSSH - freie Implementation der Secure Shell (SSH).
|
||||
Summary(es) : OpenSSH implementación libre de Secure Shell (SSH).
|
||||
Summary(fr) : Implémentation libre du shell sécurisé OpenSSH (SSH).
|
||||
Summary(it) : Implementazione gratuita OpenSSH della Secure Shell.
|
||||
Summary(pt) : Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH).
|
||||
Summary(pt_BR) : Implementação livre OpenSSH do protocolo Secure Shell (SSH).
|
||||
|
||||
Copyright : BSD
|
||||
Packager : Raymund Will <ray@caldera.de>
|
||||
URL : http://www.openssh.com/
|
||||
|
||||
Obsoletes : ssh, ssh-clients, openssh-clients
|
||||
|
||||
BuildRoot : /tmp/%{name}-%{version}
|
||||
BuildRequires : XFree86-imake
|
||||
|
||||
# %{use_stable}==1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
|
||||
# %{use_stable}==0: :pserver:cvs@bass.directhit.com:/cvs/openssh_cvs
|
||||
Source0: see-above:/.../openssh-%{version}.tar.gz
|
||||
%if %{use_stable}
|
||||
Source1: see-above:/.../openssh-%{version}.tar.gz.sig
|
||||
%endif
|
||||
Source2: http://www.ntrnet.net/~jmknoble/software/%{xsa}/%{askpass}.tar.gz
|
||||
Source3: http://www.openssh.com/faq.html
|
||||
|
||||
%Package server
|
||||
Group : System/Network
|
||||
Requires : openssh = %{version}
|
||||
Obsoletes : ssh-server
|
||||
|
||||
Summary : OpenSSH Secure Shell protocol server (sshd).
|
||||
Summary(de) : OpenSSH Secure Shell Protocol-Server (sshd).
|
||||
Summary(es) : Servidor del protocolo OpenSSH Secure Shell (sshd).
|
||||
Summary(fr) : Serveur de protocole du shell sécurisé OpenSSH (sshd).
|
||||
Summary(it) : Server OpenSSH per il protocollo Secure Shell (sshd).
|
||||
Summary(pt) : Servidor do protocolo 'Secure Shell' OpenSSH (sshd).
|
||||
Summary(pt_BR) : Servidor do protocolo Secure Shell OpenSSH (sshd).
|
||||
|
||||
|
||||
%Package askpass
|
||||
Group : System/Network
|
||||
Requires : openssh = %{version}
|
||||
URL : http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/
|
||||
Obsoletes : ssh-extras
|
||||
|
||||
Summary : OpenSSH X11 pass-phrase dialog.
|
||||
Summary(de) : OpenSSH X11 Passwort-Dialog.
|
||||
Summary(es) : Aplicación de petición de frase clave OpenSSH X11.
|
||||
Summary(fr) : Dialogue pass-phrase X11 d'OpenSSH.
|
||||
Summary(it) : Finestra di dialogo X11 per la frase segreta di OpenSSH.
|
||||
Summary(pt) : Diálogo de pedido de senha para X11 do OpenSSH.
|
||||
Summary(pt_BR) : Diálogo de pedido de senha para X11 do OpenSSH.
|
||||
|
||||
|
||||
%Description
|
||||
OpenSSH (Secure Shell) provides access to a remote system. It replaces
|
||||
telnet, rlogin, rexec, and rsh, and provides secure encrypted
|
||||
communications between two untrusted hosts over an insecure network.
|
||||
X11 connections and arbitrary TCP/IP ports can also be forwarded over
|
||||
the secure channel.
|
||||
|
||||
%Description -l de
|
||||
OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es ersetzt
|
||||
telnet, rlogin, rexec und rsh und stellt eine sichere, verschlüsselte
|
||||
Verbindung zwischen zwei nicht vertrauenswürdigen Hosts über eine unsicheres
|
||||
Netzwerk her. X11 Verbindungen und beliebige andere TCP/IP Ports können ebenso
|
||||
über den sicheren Channel weitergeleitet werden.
|
||||
|
||||
%Description -l es
|
||||
OpenSSH (Secure Shell) proporciona acceso a sistemas remotos. Reemplaza a
|
||||
telnet, rlogin, rexec, y rsh, y proporciona comunicaciones seguras encriptadas
|
||||
entre dos equipos entre los que no se ha establecido confianza a través de una
|
||||
red insegura. Las conexiones X11 y puertos TCP/IP arbitrarios también pueden
|
||||
ser canalizadas sobre el canal seguro.
|
||||
|
||||
%Description -l fr
|
||||
OpenSSH (Secure Shell) fournit un accès à un système distant. Il remplace
|
||||
telnet, rlogin, rexec et rsh, tout en assurant des communications cryptées
|
||||
securisées entre deux hôtes non fiabilisés sur un réseau non sécurisé. Des
|
||||
connexions X11 et des ports TCP/IP arbitraires peuvent également être
|
||||
transmis sur le canal sécurisé.
|
||||
|
||||
%Description -l it
|
||||
OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
|
||||
Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni sicure
|
||||
e crittate tra due host non fidati su una rete non sicura. Le connessioni
|
||||
X11 ad una porta TCP/IP arbitraria possono essere inoltrate attraverso
|
||||
un canale sicuro.
|
||||
|
||||
%Description -l pt
|
||||
OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
|
||||
telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e cifradas
|
||||
entre duas máquinas sem confiança mútua sobre uma rede insegura.
|
||||
Ligações X11 e portos TCP/IP arbitrários também poder ser reenviados
|
||||
pelo canal seguro.
|
||||
|
||||
%Description -l pt_BR
|
||||
O OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
|
||||
telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e criptografadas
|
||||
entre duas máquinas sem confiança mútua sobre uma rede insegura.
|
||||
Ligações X11 e portas TCP/IP arbitrárias também podem ser reenviadas
|
||||
pelo canal seguro.
|
||||
|
||||
%Description server
|
||||
This package installs the sshd, the server portion of OpenSSH.
|
||||
|
||||
%Description -l de server
|
||||
Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
|
||||
|
||||
%Description -l es server
|
||||
Este paquete instala sshd, la parte servidor de OpenSSH.
|
||||
|
||||
%Description -l fr server
|
||||
Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
|
||||
|
||||
%Description -l it server
|
||||
Questo pacchetto installa sshd, il server di OpenSSH.
|
||||
|
||||
%Description -l pt server
|
||||
Este pacote intala o sshd, o servidor do OpenSSH.
|
||||
|
||||
%Description -l pt_BR server
|
||||
Este pacote intala o sshd, o servidor do OpenSSH.
|
||||
|
||||
%Description askpass
|
||||
This package contains an X11-based pass-phrase dialog used per
|
||||
default by ssh-add(1). It is based on %{askpass}
|
||||
by Jim Knoble <jmknoble@pobox.com>.
|
||||
|
||||
|
||||
%Prep
|
||||
%setup %([ -z "%{cvs}" ] || echo "-n %{name}_cvs") -a2
|
||||
%if ! %{use_stable}
|
||||
autoreconf
|
||||
%endif
|
||||
|
||||
|
||||
%Build
|
||||
CFLAGS="$RPM_OPT_FLAGS" \
|
||||
%configure \
|
||||
--with-pam \
|
||||
--with-tcp-wrappers \
|
||||
--with-privsep-path=%{_var}/empty/sshd \
|
||||
#leave this line for easy edits.
|
||||
|
||||
%__make CFLAGS="$RPM_OPT_FLAGS"
|
||||
|
||||
cd %{askpass}
|
||||
%configure \
|
||||
#leave this line for easy edits.
|
||||
|
||||
xmkmf
|
||||
%__make includes
|
||||
%__make
|
||||
|
||||
|
||||
%Install
|
||||
[ %{buildroot} != "/" ] && rm -rf %{buildroot}
|
||||
|
||||
make install DESTDIR=%{buildroot}
|
||||
%makeinstall -C %{askpass} \
|
||||
BINDIR=%{_libexecdir} \
|
||||
MANPATH=%{_mandir} \
|
||||
DESTDIR=%{buildroot}
|
||||
|
||||
# OpenLinux specific configuration
|
||||
mkdir -p %{buildroot}{/etc/pam.d,%{SVIcdir},%{SVIdir}}
|
||||
mkdir -p %{buildroot}%{_var}/empty/sshd
|
||||
|
||||
# enabling X11 forwarding on the server is convenient and okay,
|
||||
# on the client side it's a potential security risk!
|
||||
%__perl -pi -e 's:#X11Forwarding no:X11Forwarding yes:g' \
|
||||
%{buildroot}%{_sysconfdir}/sshd_config
|
||||
|
||||
%if %{no_root_login}
|
||||
%__perl -pi -e 's:#PermitRootLogin yes:PermitRootLogin no:g' \
|
||||
%{buildroot}%{_sysconfdir}/sshd_config
|
||||
%endif
|
||||
|
||||
install -m644 contrib/caldera/sshd.pam %{buildroot}/etc/pam.d/sshd
|
||||
# FIXME: disabled, find out why this doesn't work with nis
|
||||
%__perl -pi -e 's:(.*pam_limits.*):#$1:' \
|
||||
%{buildroot}/etc/pam.d/sshd
|
||||
|
||||
install -m 0755 contrib/caldera/sshd.init %{buildroot}%{SVIdir}/sshd
|
||||
|
||||
# the last one is needless, but more future-proof
|
||||
find %{buildroot}%{SVIdir} -type f -exec \
|
||||
%__perl -pi -e 's:\@SVIdir\@:%{SVIdir}:g;\
|
||||
s:\@sysconfdir\@:%{_sysconfdir}:g; \
|
||||
s:/usr/sbin:%{_sbindir}:g'\
|
||||
\{\} \;
|
||||
|
||||
cat <<-EoD > %{buildroot}%{SVIcdir}/sshd
|
||||
IDENT=sshd
|
||||
DESCRIPTIVE="OpenSSH secure shell daemon"
|
||||
# This service will be marked as 'skipped' on boot if there
|
||||
# is no host key. Use ssh-host-keygen to generate one
|
||||
ONBOOT="yes"
|
||||
OPTIONS=""
|
||||
EoD
|
||||
|
||||
SKG=%{buildroot}%{_sbindir}/ssh-host-keygen
|
||||
install -m 0755 contrib/caldera/ssh-host-keygen $SKG
|
||||
# Fix up some path names in the keygen toy^Hol
|
||||
%__perl -pi -e 's:\@sysconfdir\@:%{_sysconfdir}:g; \
|
||||
s:\@sshkeygen\@:%{_bindir}/ssh-keygen:g' \
|
||||
%{buildroot}%{_sbindir}/ssh-host-keygen
|
||||
|
||||
# This looks terrible. Expect it to change.
|
||||
# install remaining docs
|
||||
DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}"
|
||||
mkdir -p $DocD/%{askpass}
|
||||
cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO $DocD
|
||||
install -p -m 0444 %{SOURCE3} $DocD/faq.html
|
||||
cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} $DocD/%{askpass}
|
||||
%if %{use_stable}
|
||||
cp -p %{askpass}/%{xsa}.man $DocD/%{askpass}/%{xsa}.1
|
||||
%else
|
||||
cp -p %{askpass}/%{xsa}.man %{buildroot}%{_mandir}man1/%{xsa}.1
|
||||
ln -s %{xsa}.1 %{buildroot}%{_mandir}man1/ssh-askpass.1
|
||||
%endif
|
||||
|
||||
find %{buildroot}%{_mandir} -type f -not -name '*.gz' -print0 | xargs -0r %__gzip -9nf
|
||||
rm %{buildroot}%{_mandir}/man1/slogin.1 && \
|
||||
ln -s %{_mandir}/man1/ssh.1.gz \
|
||||
%{buildroot}%{_mandir}/man1/slogin.1.gz
|
||||
|
||||
|
||||
%Clean
|
||||
#%{rmDESTDIR}
|
||||
[ %{buildroot} != "/" ] && rm -rf %{buildroot}
|
||||
|
||||
%Post
|
||||
# Generate host key when none is present to get up and running,
|
||||
# both client and server require this for host-based auth!
|
||||
# ssh-host-keygen checks for existing keys.
|
||||
/usr/sbin/ssh-host-keygen
|
||||
: # to protect the rpm database
|
||||
|
||||
%pre server
|
||||
%{_sbindir}/groupadd -g %{sshd_gid} sshd 2>/dev/null || :
|
||||
%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
|
||||
-c "SSH Daemon virtual user" -g sshd sshd 2>/dev/null || :
|
||||
: # to protect the rpm database
|
||||
|
||||
%Post server
|
||||
if [ -x %{LSBinit}-install ]; then
|
||||
%{LSBinit}-install sshd
|
||||
else
|
||||
lisa --SysV-init install sshd S55 2:3:4:5 K45 0:1:6
|
||||
fi
|
||||
|
||||
! %{SVIdir}/sshd status || %{SVIdir}/sshd restart
|
||||
: # to protect the rpm database
|
||||
|
||||
|
||||
%PreUn server
|
||||
[ "$1" = 0 ] || exit 0
|
||||
|
||||
! %{SVIdir}/sshd status || %{SVIdir}/sshd stop
|
||||
: # to protect the rpm database
|
||||
|
||||
|
||||
%PostUn server
|
||||
if [ -x %{LSBinit}-remove ]; then
|
||||
%{LSBinit}-remove sshd
|
||||
else
|
||||
lisa --SysV-init remove sshd $1
|
||||
fi
|
||||
: # to protect the rpm database
|
||||
|
||||
|
||||
%Files
|
||||
%defattr(-,root,root)
|
||||
%dir %{_sysconfdir}
|
||||
%config %{_sysconfdir}/ssh_config
|
||||
%{_bindir}/scp
|
||||
%{_bindir}/sftp
|
||||
%{_bindir}/ssh
|
||||
%{_bindir}/slogin
|
||||
%{_bindir}/ssh-add
|
||||
%attr(2755,root,nobody) %{_bindir}/ssh-agent
|
||||
%{_bindir}/ssh-keygen
|
||||
%{_bindir}/ssh-keyscan
|
||||
%dir %{_libexecdir}
|
||||
%attr(4711,root,root) %{_libexecdir}/ssh-keysign
|
||||
%{_sbindir}/ssh-host-keygen
|
||||
%dir %{_defaultdocdir}/%{name}-%{version}
|
||||
%{_defaultdocdir}/%{name}-%{version}/CREDITS
|
||||
%{_defaultdocdir}/%{name}-%{version}/ChangeLog
|
||||
%{_defaultdocdir}/%{name}-%{version}/LICENCE
|
||||
%{_defaultdocdir}/%{name}-%{version}/OVERVIEW
|
||||
%{_defaultdocdir}/%{name}-%{version}/README*
|
||||
%{_defaultdocdir}/%{name}-%{version}/TODO
|
||||
%{_defaultdocdir}/%{name}-%{version}/faq.html
|
||||
%{_mandir}/man1/*
|
||||
%{_mandir}/man8/ssh-keysign.8.gz
|
||||
%{_mandir}/man5/ssh_config.5.gz
|
||||
|
||||
%Files server
|
||||
%defattr(-,root,root)
|
||||
%dir %{_var}/empty/sshd
|
||||
%config %{SVIdir}/sshd
|
||||
%config /etc/pam.d/sshd
|
||||
%config %{_sysconfdir}/moduli
|
||||
%config %{_sysconfdir}/sshd_config
|
||||
%config %{SVIcdir}/sshd
|
||||
%{_libexecdir}/sftp-server
|
||||
%{_sbindir}/sshd
|
||||
%{_mandir}/man5/sshd_config.5.gz
|
||||
%{_mandir}/man8/sftp-server.8.gz
|
||||
%{_mandir}/man8/sshd.8.gz
|
||||
|
||||
%Files askpass
|
||||
%defattr(-,root,root)
|
||||
%{_libexecdir}/ssh-askpass
|
||||
%{_libexecdir}/x11-ssh-askpass
|
||||
%{_defaultdocdir}/%{name}-%{version}/%{askpass}
|
||||
|
||||
|
||||
%ChangeLog
|
||||
* Mon Jan 01 1998 ...
|
||||
Template Version: 1.31
|
||||
|
||||
$Id: openssh.spec,v 1.49 2004/03/21 22:40:04 djm Exp $
|
@ -1,36 +0,0 @@
|
||||
#! /bin/sh
|
||||
#
|
||||
# $Id: ssh-host-keygen,v 1.2 2003/11/21 12:48:57 djm Exp $
|
||||
#
|
||||
# This script is normally run only *once* for a given host
|
||||
# (in a given period of time) -- on updates/upgrades/recovery
|
||||
# the ssh_host_key* files _should_ be retained! Otherwise false
|
||||
# "man-in-the-middle-attack" alerts will frighten unsuspecting
|
||||
# clients...
|
||||
|
||||
keydir=@sysconfdir@
|
||||
keygen=@sshkeygen@
|
||||
|
||||
if [ -f $keydir/ssh_host_key -o \
|
||||
-f $keydir/ssh_host_key.pub ]; then
|
||||
echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key."
|
||||
else
|
||||
echo "Generating 1024 bit SSH1 RSA host key."
|
||||
$keygen -b 1024 -t rsa1 -f $keydir/ssh_host_key -C '' -N ''
|
||||
fi
|
||||
|
||||
if [ -f $keydir/ssh_host_rsa_key -o \
|
||||
-f $keydir/ssh_host_rsa_key.pub ]; then
|
||||
echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key."
|
||||
else
|
||||
echo "Generating 1024 bit SSH2 RSA host key."
|
||||
$keygen -b 1024 -t rsa -f $keydir/ssh_host_rsa_key -C '' -N ''
|
||||
fi
|
||||
|
||||
if [ -f $keydir/ssh_host_dsa_key -o \
|
||||
-f $keydir/ssh_host_dsa_key.pub ]; then
|
||||
echo "You already have an SSH2 DSA host key in $keydir/ssh_host_dsa_key."
|
||||
else
|
||||
echo "Generating SSH2 DSA host key."
|
||||
$keygen -t dsa -f $keydir/ssh_host_dsa_key -C '' -N ''
|
||||
fi
|
@ -1,125 +0,0 @@
|
||||
#! /bin/bash
|
||||
#
|
||||
# $Id: sshd.init,v 1.4 2003/11/21 12:48:57 djm Exp $
|
||||
#
|
||||
### BEGIN INIT INFO
|
||||
# Provides:
|
||||
# Required-Start: $network
|
||||
# Required-Stop:
|
||||
# Default-Start: 3 4 5
|
||||
# Default-Stop: 0 1 2 6
|
||||
# Description: sshd
|
||||
# Bring up/down the OpenSSH secure shell daemon.
|
||||
### END INIT INFO
|
||||
#
|
||||
# Written by Miquel van Smoorenburg <miquels@drinkel.ow.org>.
|
||||
# Modified for Debian GNU/Linux by Ian Murdock <imurdock@gnu.ai.mit.edu>.
|
||||
# Modified for OpenLinux by Raymund Will <ray@caldera.de>
|
||||
|
||||
NAME=sshd
|
||||
DAEMON=/usr/sbin/$NAME
|
||||
# Hack-Alert(TM)! This is necessary to get around the 'reload'-problem
|
||||
# created by recent OpenSSH daemon/ssd combinations. See Caldera internal
|
||||
# PR [linux/8278] for details...
|
||||
PIDF=/var/run/$NAME.pid
|
||||
NAME=$DAEMON
|
||||
|
||||
_status() {
|
||||
[ -z "$1" ] || local pidf="$1"
|
||||
local ret=-1
|
||||
local pid
|
||||
if [ -n "$pidf" ] && [ -r "$pidf" ]; then
|
||||
pid=$(head -1 $pidf)
|
||||
else
|
||||
pid=$(pidof $NAME)
|
||||
fi
|
||||
|
||||
if [ ! -e $SVIlock ]; then
|
||||
# no lock-file => not started == stopped?
|
||||
ret=3
|
||||
elif [ -n "$pidf" -a ! -f "$pidf" ] || [ -z "$pid" ]; then
|
||||
# pid-file given but not present or no pid => died, but was not stopped
|
||||
ret=2
|
||||
elif [ -r /proc/$pid/cmdline ] &&
|
||||
echo -ne $NAME'\000' | cmp -s - /proc/$pid/cmdline; then
|
||||
# pid-file given and present or pid found => check process...
|
||||
# but don't compare exe, as this will fail after an update!
|
||||
# compares OK => all's well, that ends well...
|
||||
ret=0
|
||||
else
|
||||
# no such process or exe does not match => stale pid-file or process died
|
||||
# just recently...
|
||||
ret=1
|
||||
fi
|
||||
return $ret
|
||||
}
|
||||
|
||||
# Source function library (and set vital variables).
|
||||
. @SVIdir@/functions
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
[ ! -e $SVIlock ] || exit 0
|
||||
[ -x $DAEMON ] || exit 5
|
||||
SVIemptyConfig @sysconfdir@/sshd_config && exit 6
|
||||
|
||||
if [ ! \( -f @sysconfdir@/ssh_host_key -a \
|
||||
-f @sysconfdir@/ssh_host_key.pub \) -a \
|
||||
! \( -f @sysconfdir@/ssh_host_rsa_key -a \
|
||||
-f @sysconfdir@/ssh_host_rsa_key.pub \) -a \
|
||||
! \( -f @sysconfdir@/ssh_host_dsa_key -a \
|
||||
-f @sysconfdir@/ssh_host_dsa_key.pub \) ]; then
|
||||
|
||||
echo "$SVIsubsys: host key not initialized: skipped!"
|
||||
echo "$SVIsubsys: use ssh-host-keygen to generate one!"
|
||||
exit 6
|
||||
fi
|
||||
|
||||
echo -n "Starting $SVIsubsys services: "
|
||||
ssd -S -x $DAEMON -n $NAME -- $OPTIONS
|
||||
ret=$?
|
||||
|
||||
echo "."
|
||||
touch $SVIlock
|
||||
;;
|
||||
|
||||
stop)
|
||||
[ -e $SVIlock ] || exit 0
|
||||
|
||||
echo -n "Stopping $SVIsubsys services: "
|
||||
ssd -K -p $PIDF -n $NAME
|
||||
ret=$?
|
||||
|
||||
echo "."
|
||||
rm -f $SVIlock
|
||||
;;
|
||||
|
||||
force-reload|reload)
|
||||
[ -e $SVIlock ] || exit 0
|
||||
|
||||
echo "Reloading $SVIsubsys configuration files: "
|
||||
ssd -K --signal 1 -q -p $PIDF -n $NAME
|
||||
ret=$?
|
||||
echo "done."
|
||||
;;
|
||||
|
||||
restart)
|
||||
$0 stop
|
||||
$0 start
|
||||
ret=$?
|
||||
;;
|
||||
|
||||
status)
|
||||
_status $PIDF
|
||||
ret=$?
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "Usage: $SVIscript {[re]start|stop|[force-]reload|status}"
|
||||
ret=2
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
exit $ret
|
||||
|
@ -1,8 +0,0 @@
|
||||
#%PAM-1.0
|
||||
auth required /lib/security/pam_pwdb.so shadow nodelay
|
||||
auth required /lib/security/pam_nologin.so
|
||||
account required /lib/security/pam_pwdb.so
|
||||
password required /lib/security/pam_cracklib.so
|
||||
password required /lib/security/pam_pwdb.so shadow nullok use_authtok
|
||||
session required /lib/security/pam_pwdb.so
|
||||
session required /lib/security/pam_limits.so
|
@ -1,56 +0,0 @@
|
||||
srcdir=../..
|
||||
prefix=/usr
|
||||
exec_prefix=$(prefix)
|
||||
bindir=$(prefix)/bin
|
||||
datadir=$(prefix)/share
|
||||
docdir=$(datadir)/doc
|
||||
sshdocdir=$(docdir)/openssh
|
||||
cygdocdir=$(docdir)/Cygwin
|
||||
sysconfdir=/etc
|
||||
defaultsdir=$(sysconfdir)/defaults/etc
|
||||
PRIVSEP_PATH=/var/empty
|
||||
INSTALL=/usr/bin/install -c
|
||||
|
||||
DESTDIR=
|
||||
|
||||
all:
|
||||
@echo
|
||||
@echo "Use \`make cygwin-postinstall DESTDIR=[package directory]'"
|
||||
@echo "Be sure having DESTDIR set correctly!"
|
||||
@echo
|
||||
|
||||
move-config-files: $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(sysconfdir)/sshd_config
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(defaultsdir)
|
||||
mv $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(defaultsdir)
|
||||
mv $(DESTDIR)$(sysconfdir)/sshd_config $(DESTDIR)$(defaultsdir)
|
||||
|
||||
remove-empty-dir:
|
||||
rm -rf $(DESTDIR)$(PRIVSEP_PATH)
|
||||
|
||||
install-sshdoc:
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(sshdocdir)
|
||||
$(INSTALL) -m 644 $(srcdir)/CREDITS $(DESTDIR)$(sshdocdir)/CREDITS
|
||||
$(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(sshdocdir)/ChangeLog
|
||||
$(INSTALL) -m 644 $(srcdir)/LICENCE $(DESTDIR)$(sshdocdir)/LICENCE
|
||||
$(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW
|
||||
$(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README
|
||||
$(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns
|
||||
$(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep
|
||||
$(INSTALL) -m 644 $(srcdir)/README.smartcard $(DESTDIR)$(sshdocdir)/README.smartcard
|
||||
$(INSTALL) -m 644 $(srcdir)/RFC.nroff $(DESTDIR)$(sshdocdir)/RFC.nroff
|
||||
$(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO
|
||||
$(INSTALL) -m 644 $(srcdir)/WARNING.RNG $(DESTDIR)$(sshdocdir)/WARNING.RNG
|
||||
|
||||
install-cygwindoc: README
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(cygdocdir)
|
||||
$(INSTALL) -m 644 README $(DESTDIR)$(cygdocdir)/openssh.README
|
||||
|
||||
install-doc: install-sshdoc install-cygwindoc
|
||||
|
||||
install-scripts: ssh-host-config ssh-user-config
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
|
||||
$(INSTALL) -m 755 ssh-host-config $(DESTDIR)$(bindir)/ssh-host-config
|
||||
$(INSTALL) -m 755 ssh-user-config $(DESTDIR)$(bindir)/ssh-user-config
|
||||
|
||||
cygwin-postinstall: move-config-files remove-empty-dir install-doc install-scripts
|
||||
@echo "Cygwin specific configuration finished."
|
@ -1,224 +0,0 @@
|
||||
This package describes important Cygwin specific stuff concerning OpenSSH.
|
||||
|
||||
The binary package is usually built for recent Cygwin versions and might
|
||||
not run on older versions. Please check http://cygwin.com/ for information
|
||||
about current Cygwin releases.
|
||||
|
||||
Build instructions are at the end of the file.
|
||||
|
||||
===========================================================================
|
||||
Important change since 3.7.1p2-2:
|
||||
|
||||
The ssh-host-config file doesn't create the /etc/ssh_config and
|
||||
/etc/sshd_config files from builtin here-scripts anymore, but it uses
|
||||
skeleton files installed in /etc/defaults/etc.
|
||||
|
||||
Also it now tries hard to create appropriate permissions on files.
|
||||
Same applies for ssh-user-config.
|
||||
|
||||
After creating the sshd service with ssh-host-config, it's advisable to
|
||||
call ssh-user-config for all affected users, also already exising user
|
||||
configurations. In the latter case, file and directory permissions are
|
||||
checked and changed, if requireed to match the host configuration.
|
||||
|
||||
Important note for Windows 2003 Server users:
|
||||
---------------------------------------------
|
||||
|
||||
2003 Server has a funny new feature. When starting services under SYSTEM
|
||||
account, these services have nearly all user rights which SYSTEM holds...
|
||||
except for the "Create a token object" right, which is needed to allow
|
||||
public key authentication :-(
|
||||
|
||||
There's no way around this, except for creating a substitute account which
|
||||
has the appropriate privileges. Basically, this account should be member
|
||||
of the administrators group, plus it should have the following user rights:
|
||||
|
||||
Create a token object
|
||||
Logon as a service
|
||||
Replace a process level token
|
||||
Increase Quota
|
||||
|
||||
The ssh-host-config script asks you, if it should create such an account,
|
||||
called "sshd_server". If you say "no" here, you're on your own. Please
|
||||
follow the instruction in ssh-host-config exactly if possible. Note that
|
||||
ssh-user-config sets the permissions on 2003 Server machines dependent of
|
||||
whether a sshd_server account exists or not.
|
||||
===========================================================================
|
||||
|
||||
===========================================================================
|
||||
Important change since 3.4p1-2:
|
||||
|
||||
This version adds privilege separation as default setting, see
|
||||
/usr/doc/openssh/README.privsep. According to that document the
|
||||
privsep feature requires a non-privileged account called 'sshd'.
|
||||
|
||||
The new ssh-host-config file which is part of this version asks
|
||||
to create 'sshd' as local user if you want to use privilege
|
||||
separation. If you confirm, it creates that NT user and adds
|
||||
the necessary entry to /etc/passwd.
|
||||
|
||||
On 9x/Me systems the script just sets UsePrivilegeSeparation to "no"
|
||||
since that feature doesn't make any sense on a system which doesn't
|
||||
differ between privileged and unprivileged users.
|
||||
|
||||
The new ssh-host-config script also adds the /var/empty directory
|
||||
needed by privilege separation. When creating the /var/empty directory
|
||||
by yourself, please note that in contrast to the README.privsep document
|
||||
the owner sshould not be "root" but the user which is running sshd. So,
|
||||
in the standard configuration this is SYSTEM. The ssh-host-config script
|
||||
chowns /var/empty accordingly.
|
||||
===========================================================================
|
||||
|
||||
===========================================================================
|
||||
Important change since 3.0.1p1-2:
|
||||
|
||||
This version introduces the ability to register sshd as service on
|
||||
Windows 9x/Me systems. This is done only when the options -D and/or
|
||||
-d are not given.
|
||||
===========================================================================
|
||||
|
||||
===========================================================================
|
||||
Important change since 2.9p2:
|
||||
|
||||
Since Cygwin is able to switch user context without password beginning
|
||||
with version 1.3.2, OpenSSH now allows to do so when it's running under
|
||||
a version >= 1.3.2. Keep in mind that `ntsec' has to be activated to
|
||||
allow that feature.
|
||||
===========================================================================
|
||||
|
||||
===========================================================================
|
||||
Important change since 2.3.0p1:
|
||||
|
||||
When using `ntea' or `ntsec' you now have to care for the ownership
|
||||
and permission bits of your host key files and your private key files.
|
||||
The host key files have to be owned by the NT account which starts
|
||||
sshd. The user key files have to be owned by the user. The permission
|
||||
bits of the private key files (host and user) have to be at least
|
||||
rw------- (0600)!
|
||||
|
||||
Note that this is forced under `ntsec' only if the files are on a NTFS
|
||||
filesystem (which is recommended) due to the lack of any basic security
|
||||
features of the FAT/FAT32 filesystems.
|
||||
===========================================================================
|
||||
|
||||
If you are installing OpenSSH the first time, you can generate global config
|
||||
files and server keys by running
|
||||
|
||||
/usr/bin/ssh-host-config
|
||||
|
||||
Note that this binary archive doesn't contain default config files in /etc.
|
||||
That files are only created if ssh-host-config is started.
|
||||
|
||||
If you are updating your installation you may run the above ssh-host-config
|
||||
as well to move your configuration files to the new location and to
|
||||
erase the files at the old location.
|
||||
|
||||
To support testing and unattended installation ssh-host-config got
|
||||
some options:
|
||||
|
||||
usage: ssh-host-config [OPTION]...
|
||||
Options:
|
||||
--debug -d Enable shell's debug output.
|
||||
--yes -y Answer all questions with "yes" automatically.
|
||||
--no -n Answer all questions with "no" automatically.
|
||||
--cygwin -c <options> Use "options" as value for CYGWIN environment var.
|
||||
--port -p <n> sshd listens on port n.
|
||||
--pwd -w <passwd> Use "pwd" as password for user 'sshd_server'.
|
||||
|
||||
Additionally ssh-host-config now asks if it should install sshd as a
|
||||
service when running under NT/W2K. This requires cygrunsrv installed.
|
||||
|
||||
You can create the private and public keys for a user now by running
|
||||
|
||||
/usr/bin/ssh-user-config
|
||||
|
||||
under the users account.
|
||||
|
||||
To support testing and unattended installation ssh-user-config got
|
||||
some options as well:
|
||||
|
||||
usage: ssh-user-config [OPTION]...
|
||||
Options:
|
||||
--debug -d Enable shell's debug output.
|
||||
--yes -y Answer all questions with "yes" automatically.
|
||||
--no -n Answer all questions with "no" automatically.
|
||||
--passphrase -p word Use "word" as passphrase automatically.
|
||||
|
||||
Install sshd as daemon via cygrunsrv.exe (recommended on NT/W2K), via inetd
|
||||
(results in very slow deamon startup!) or from the command line (recommended
|
||||
on 9X/ME).
|
||||
|
||||
If you start sshd as deamon via cygrunsrv.exe you MUST give the
|
||||
"-D" option to sshd. Otherwise the service can't get started at all.
|
||||
|
||||
If starting via inetd, copy sshd to eg. /usr/sbin/in.sshd and add the
|
||||
following line to your inetd.conf file:
|
||||
|
||||
ssh stream tcp nowait root /usr/sbin/in.sshd sshd -i
|
||||
|
||||
Moreover you'll have to add the following line to your
|
||||
${SYSTEMROOT}/system32/drivers/etc/services file:
|
||||
|
||||
ssh 22/tcp #SSH daemon
|
||||
|
||||
Please note that OpenSSH does never use the value of $HOME to
|
||||
search for the users configuration files! It always uses the
|
||||
value of the pw_dir field in /etc/passwd as the home directory.
|
||||
If no home diretory is set in /etc/passwd, the root directory
|
||||
is used instead!
|
||||
|
||||
You may use all features of the CYGWIN=ntsec setting the same
|
||||
way as they are used by Cygwin's login(1) port:
|
||||
|
||||
The pw_gecos field may contain an additional field, that begins
|
||||
with (upper case!) "U-", followed by the domain and the username
|
||||
separated by a backslash.
|
||||
CAUTION: The SID _must_ remain the _last_ field in pw_gecos!
|
||||
BTW: The field separator in pw_gecos is the comma.
|
||||
The username in pw_name itself may be any nice name:
|
||||
|
||||
domuser::1104:513:John Doe,U-domain\user,S-1-5-21-...
|
||||
|
||||
Now you may use `domuser' as your login name with telnet!
|
||||
This is possible additionally for local users, if you don't like
|
||||
your NT login name ;-) You only have to leave out the domain:
|
||||
|
||||
locuser::1104:513:John Doe,U-user,S-1-5-21-...
|
||||
|
||||
Note that the CYGWIN=ntsec setting is required for public key authentication.
|
||||
|
||||
SSH2 server and user keys are generated by the `ssh-*-config' scripts
|
||||
as well.
|
||||
|
||||
If you want to build from source, the following options to
|
||||
configure are used for the Cygwin binary distribution:
|
||||
|
||||
--prefix=/usr \
|
||||
--sysconfdir=/etc \
|
||||
--libexecdir='$(sbindir)' \
|
||||
--localstatedir=/var \
|
||||
--datadir='$(prefix)/share' \
|
||||
--mandir='$(datadir)/man' \
|
||||
--with-tcp-wrappers
|
||||
|
||||
If you want to create a Cygwin package, equivalent to the one
|
||||
in the Cygwin binary distribution, install like this:
|
||||
|
||||
mkdir /tmp/cygwin-ssh
|
||||
cd $(builddir)
|
||||
make install DESTDIR=/tmp/cygwin-ssh
|
||||
cd $(srcdir)/contrib/cygwin
|
||||
make cygwin-postinstall DESTDIR=/tmp/cygwin-ssh
|
||||
cd /tmp/cygwin-ssh
|
||||
find * \! -type d | tar cvjfT my-openssh.tar.bz2 -
|
||||
|
||||
You must have installed the zlib and openssl-devel packages to be able to
|
||||
build OpenSSH!
|
||||
|
||||
Please send requests, error reports etc. to cygwin@cygwin.com.
|
||||
|
||||
Have fun,
|
||||
|
||||
Corinna Vinschen
|
||||
Cygwin Developer
|
||||
Red Hat Inc.
|
@ -1,592 +0,0 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# ssh-host-config, Copyright 2000, 2001, 2002, 2003 Red Hat Inc.
|
||||
#
|
||||
# This file is part of the Cygwin port of OpenSSH.
|
||||
|
||||
# Subdirectory where the new package is being installed
|
||||
PREFIX=/usr
|
||||
|
||||
# Directory where the config files are stored
|
||||
SYSCONFDIR=/etc
|
||||
LOCALSTATEDIR=/var
|
||||
|
||||
progname=$0
|
||||
auto_answer=""
|
||||
port_number=22
|
||||
|
||||
privsep_configured=no
|
||||
privsep_used=yes
|
||||
sshd_in_passwd=no
|
||||
sshd_in_sam=no
|
||||
|
||||
request()
|
||||
{
|
||||
if [ "${auto_answer}" = "yes" ]
|
||||
then
|
||||
echo "$1 (yes/no) yes"
|
||||
return 0
|
||||
elif [ "${auto_answer}" = "no" ]
|
||||
then
|
||||
echo "$1 (yes/no) no"
|
||||
return 1
|
||||
fi
|
||||
|
||||
answer=""
|
||||
while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
|
||||
do
|
||||
echo -n "$1 (yes/no) "
|
||||
read -e answer
|
||||
done
|
||||
if [ "X${answer}" = "Xyes" ]
|
||||
then
|
||||
return 0
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
# Check options
|
||||
|
||||
while :
|
||||
do
|
||||
case $# in
|
||||
0)
|
||||
break
|
||||
;;
|
||||
esac
|
||||
|
||||
option=$1
|
||||
shift
|
||||
|
||||
case "${option}" in
|
||||
-d | --debug )
|
||||
set -x
|
||||
;;
|
||||
|
||||
-y | --yes )
|
||||
auto_answer=yes
|
||||
;;
|
||||
|
||||
-n | --no )
|
||||
auto_answer=no
|
||||
;;
|
||||
|
||||
-c | --cygwin )
|
||||
cygwin_value="$1"
|
||||
shift
|
||||
;;
|
||||
|
||||
-p | --port )
|
||||
port_number=$1
|
||||
shift
|
||||
;;
|
||||
|
||||
-w | --pwd )
|
||||
password_value="$1"
|
||||
shift
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "usage: ${progname} [OPTION]..."
|
||||
echo
|
||||
echo "This script creates an OpenSSH host configuration."
|
||||
echo
|
||||
echo "Options:"
|
||||
echo " --debug -d Enable shell's debug output."
|
||||
echo " --yes -y Answer all questions with \"yes\" automatically."
|
||||
echo " --no -n Answer all questions with \"no\" automatically."
|
||||
echo " --cygwin -c <options> Use \"options\" as value for CYGWIN environment var."
|
||||
echo " --port -p <n> sshd listens on port n."
|
||||
echo " --pwd -w <passwd> Use \"pwd\" as password for user 'sshd_server'."
|
||||
echo
|
||||
exit 1
|
||||
;;
|
||||
|
||||
esac
|
||||
done
|
||||
|
||||
# Check if running on NT
|
||||
_sys="`uname`"
|
||||
_nt=`expr "${_sys}" : "CYGWIN_NT"`
|
||||
# If running on NT, check if running under 2003 Server or later
|
||||
if [ ${_nt} -gt 0 ]
|
||||
then
|
||||
_nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'`
|
||||
fi
|
||||
|
||||
# Check for running ssh/sshd processes first. Refuse to do anything while
|
||||
# some ssh processes are still running
|
||||
|
||||
if ps -ef | grep -v grep | grep -q ssh
|
||||
then
|
||||
echo
|
||||
echo "There are still ssh processes running. Please shut them down first."
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Check for ${SYSCONFDIR} directory
|
||||
|
||||
if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ]
|
||||
then
|
||||
echo
|
||||
echo "${SYSCONFDIR} is existant but not a directory."
|
||||
echo "Cannot create global configuration files."
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Create it if necessary
|
||||
|
||||
if [ ! -e "${SYSCONFDIR}" ]
|
||||
then
|
||||
mkdir "${SYSCONFDIR}"
|
||||
if [ ! -e "${SYSCONFDIR}" ]
|
||||
then
|
||||
echo
|
||||
echo "Creating ${SYSCONFDIR} directory failed"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# Create /var/log and /var/log/lastlog if not already existing
|
||||
|
||||
if [ -f ${LOCALSTATEDIR}/log ]
|
||||
then
|
||||
echo "Creating ${LOCALSTATEDIR}/log failed!"
|
||||
else
|
||||
if [ ! -d ${LOCALSTATEDIR}/log ]
|
||||
then
|
||||
mkdir -p ${LOCALSTATEDIR}/log
|
||||
fi
|
||||
if [ -d ${LOCALSTATEDIR}/log/lastlog ]
|
||||
then
|
||||
chmod 777 ${LOCALSTATEDIR}/log/lastlog
|
||||
elif [ ! -f ${LOCALSTATEDIR}/log/lastlog ]
|
||||
then
|
||||
cat /dev/null > ${LOCALSTATEDIR}/log/lastlog
|
||||
chmod 666 ${LOCALSTATEDIR}/log/lastlog
|
||||
fi
|
||||
fi
|
||||
|
||||
# Create /var/empty file used as chroot jail for privilege separation
|
||||
if [ -f ${LOCALSTATEDIR}/empty ]
|
||||
then
|
||||
echo "Creating ${LOCALSTATEDIR}/empty failed!"
|
||||
else
|
||||
mkdir -p ${LOCALSTATEDIR}/empty
|
||||
if [ ${_nt} -gt 0 ]
|
||||
then
|
||||
chmod 755 ${LOCALSTATEDIR}/empty
|
||||
fi
|
||||
fi
|
||||
|
||||
# First generate host keys if not already existing
|
||||
|
||||
if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
|
||||
then
|
||||
echo "Generating ${SYSCONFDIR}/ssh_host_key"
|
||||
ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
|
||||
fi
|
||||
|
||||
if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
|
||||
then
|
||||
echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
|
||||
ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
|
||||
fi
|
||||
|
||||
if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
|
||||
then
|
||||
echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
|
||||
ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
|
||||
fi
|
||||
|
||||
# Check if ssh_config exists. If yes, ask for overwriting
|
||||
|
||||
if [ -f "${SYSCONFDIR}/ssh_config" ]
|
||||
then
|
||||
if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?"
|
||||
then
|
||||
rm -f "${SYSCONFDIR}/ssh_config"
|
||||
if [ -f "${SYSCONFDIR}/ssh_config" ]
|
||||
then
|
||||
echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected."
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
# Create default ssh_config from skeleton file in /etc/defaults/etc
|
||||
|
||||
if [ ! -f "${SYSCONFDIR}/ssh_config" ]
|
||||
then
|
||||
echo "Generating ${SYSCONFDIR}/ssh_config file"
|
||||
cp ${SYSCONFDIR}/defaults/etc/ssh_config ${SYSCONFDIR}/ssh_config
|
||||
if [ "${port_number}" != "22" ]
|
||||
then
|
||||
echo "Host localhost" >> ${SYSCONFDIR}/ssh_config
|
||||
echo " Port ${port_number}" >> ${SYSCONFDIR}/ssh_config
|
||||
fi
|
||||
fi
|
||||
|
||||
# Check if sshd_config exists. If yes, ask for overwriting
|
||||
|
||||
if [ -f "${SYSCONFDIR}/sshd_config" ]
|
||||
then
|
||||
if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?"
|
||||
then
|
||||
rm -f "${SYSCONFDIR}/sshd_config"
|
||||
if [ -f "${SYSCONFDIR}/sshd_config" ]
|
||||
then
|
||||
echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
|
||||
fi
|
||||
else
|
||||
grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes
|
||||
fi
|
||||
fi
|
||||
|
||||
# Prior to creating or modifying sshd_config, care for privilege separation
|
||||
|
||||
if [ "${privsep_configured}" != "yes" ]
|
||||
then
|
||||
if [ ${_nt} -gt 0 ]
|
||||
then
|
||||
echo "Privilege separation is set to yes by default since OpenSSH 3.3."
|
||||
echo "However, this requires a non-privileged account called 'sshd'."
|
||||
echo "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
|
||||
echo
|
||||
if request "Should privilege separation be used?"
|
||||
then
|
||||
privsep_used=yes
|
||||
grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes
|
||||
net user sshd >/dev/null 2>&1 && sshd_in_sam=yes
|
||||
if [ "${sshd_in_passwd}" != "yes" ]
|
||||
then
|
||||
if [ "${sshd_in_sam}" != "yes" ]
|
||||
then
|
||||
echo "Warning: The following function requires administrator privileges!"
|
||||
if request "Should this script create a local user 'sshd' on this machine?"
|
||||
then
|
||||
dos_var_empty=`cygpath -w ${LOCALSTATEDIR}/empty`
|
||||
net user sshd /add /fullname:"sshd privsep" "/homedir:${dos_var_empty}" /active:no > /dev/null 2>&1 && sshd_in_sam=yes
|
||||
if [ "${sshd_in_sam}" != "yes" ]
|
||||
then
|
||||
echo "Warning: Creating the user 'sshd' failed!"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
if [ "${sshd_in_sam}" != "yes" ]
|
||||
then
|
||||
echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!"
|
||||
echo " Privilege separation set to 'no' again!"
|
||||
echo " Check your ${SYSCONFDIR}/sshd_config file!"
|
||||
privsep_used=no
|
||||
else
|
||||
mkpasswd -l -u sshd | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd
|
||||
fi
|
||||
fi
|
||||
else
|
||||
privsep_used=no
|
||||
fi
|
||||
else
|
||||
# On 9x don't use privilege separation. Since security isn't
|
||||
# available it just adds useless additional processes.
|
||||
privsep_used=no
|
||||
fi
|
||||
fi
|
||||
|
||||
# Create default sshd_config from skeleton files in /etc/defaults/etc or
|
||||
# modify to add the missing privsep configuration option
|
||||
|
||||
if [ ! -f "${SYSCONFDIR}/sshd_config" ]
|
||||
then
|
||||
echo "Generating ${SYSCONFDIR}/sshd_config file"
|
||||
sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/
|
||||
s/^#Port 22/Port ${port_number}/
|
||||
s/^#StrictModes yes/StrictModes no/" \
|
||||
< ${SYSCONFDIR}/defaults/etc/sshd_config \
|
||||
> ${SYSCONFDIR}/sshd_config
|
||||
elif [ "${privsep_configured}" != "yes" ]
|
||||
then
|
||||
echo >> ${SYSCONFDIR}/sshd_config
|
||||
echo "UsePrivilegeSeparation ${privsep_used}" >> ${SYSCONFDIR}/sshd_config
|
||||
fi
|
||||
|
||||
# Care for services file
|
||||
_my_etcdir="/ssh-host-config.$$"
|
||||
if [ ${_nt} -gt 0 ]
|
||||
then
|
||||
_win_etcdir="${SYSTEMROOT}\\system32\\drivers\\etc"
|
||||
_services="${_my_etcdir}/services"
|
||||
# On NT, 27 spaces, no space after the hash
|
||||
_spaces=" #"
|
||||
else
|
||||
_win_etcdir="${WINDIR}"
|
||||
_services="${_my_etcdir}/SERVICES"
|
||||
# On 9x, 18 spaces (95 is very touchy), a space after the hash
|
||||
_spaces=" # "
|
||||
fi
|
||||
_serv_tmp="${_my_etcdir}/srv.out.$$"
|
||||
|
||||
mount -t -f "${_win_etcdir}" "${_my_etcdir}"
|
||||
|
||||
# Depends on the above mount
|
||||
_wservices=`cygpath -w "${_services}"`
|
||||
|
||||
# Remove sshd 22/port from services
|
||||
if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
|
||||
then
|
||||
grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
|
||||
if [ -f "${_serv_tmp}" ]
|
||||
then
|
||||
if mv "${_serv_tmp}" "${_services}"
|
||||
then
|
||||
echo "Removing sshd from ${_wservices}"
|
||||
else
|
||||
echo "Removing sshd from ${_wservices} failed!"
|
||||
fi
|
||||
rm -f "${_serv_tmp}"
|
||||
else
|
||||
echo "Removing sshd from ${_wservices} failed!"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Add ssh 22/tcp and ssh 22/udp to services
|
||||
if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
|
||||
then
|
||||
if awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp'"${_spaces}"'SSH Remote Login Protocol\nssh 22/udp'"${_spaces}"'SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
|
||||
then
|
||||
if mv "${_serv_tmp}" "${_services}"
|
||||
then
|
||||
echo "Added ssh to ${_wservices}"
|
||||
else
|
||||
echo "Adding ssh to ${_wservices} failed!"
|
||||
fi
|
||||
rm -f "${_serv_tmp}"
|
||||
else
|
||||
echo "WARNING: Adding ssh to ${_wservices} failed!"
|
||||
fi
|
||||
fi
|
||||
|
||||
umount "${_my_etcdir}"
|
||||
|
||||
# Care for inetd.conf file
|
||||
_inetcnf="${SYSCONFDIR}/inetd.conf"
|
||||
_inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$"
|
||||
|
||||
if [ -f "${_inetcnf}" ]
|
||||
then
|
||||
# Check if ssh service is already in use as sshd
|
||||
with_comment=1
|
||||
grep -q '^[ \t]*sshd' "${_inetcnf}" && with_comment=0
|
||||
# Remove sshd line from inetd.conf
|
||||
if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ]
|
||||
then
|
||||
grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
|
||||
if [ -f "${_inetcnf_tmp}" ]
|
||||
then
|
||||
if mv "${_inetcnf_tmp}" "${_inetcnf}"
|
||||
then
|
||||
echo "Removed sshd from ${_inetcnf}"
|
||||
else
|
||||
echo "Removing sshd from ${_inetcnf} failed!"
|
||||
fi
|
||||
rm -f "${_inetcnf_tmp}"
|
||||
else
|
||||
echo "Removing sshd from ${_inetcnf} failed!"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Add ssh line to inetd.conf
|
||||
if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
|
||||
then
|
||||
if [ "${with_comment}" -eq 0 ]
|
||||
then
|
||||
echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
|
||||
else
|
||||
echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
|
||||
fi
|
||||
echo "Added ssh to ${_inetcnf}"
|
||||
fi
|
||||
fi
|
||||
|
||||
# On NT ask if sshd should be installed as service
|
||||
if [ ${_nt} -gt 0 ]
|
||||
then
|
||||
# But only if it is not already installed
|
||||
if ! cygrunsrv -Q sshd > /dev/null 2>&1
|
||||
then
|
||||
echo
|
||||
echo
|
||||
echo "Warning: The following functions require administrator privileges!"
|
||||
echo
|
||||
echo "Do you want to install sshd as service?"
|
||||
if request "(Say \"no\" if it's already installed as service)"
|
||||
then
|
||||
if [ $_nt2003 -gt 0 ]
|
||||
then
|
||||
grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && sshd_server_in_passwd=yes
|
||||
if [ "${sshd_server_in_passwd}" = "yes" ]
|
||||
then
|
||||
# Drop sshd_server from passwd since it could have wrong settings
|
||||
grep -v '^sshd_server:' ${SYSCONFDIR}/passwd > ${SYSCONFDIR}/passwd.$$
|
||||
rm -f ${SYSCONFDIR}/passwd
|
||||
mv ${SYSCONFDIR}/passwd.$$ ${SYSCONFDIR}/passwd
|
||||
chmod g-w,o-w ${SYSCONFDIR}/passwd
|
||||
fi
|
||||
net user sshd_server >/dev/null 2>&1 && sshd_server_in_sam=yes
|
||||
if [ "${sshd_server_in_sam}" != "yes" ]
|
||||
then
|
||||
echo
|
||||
echo "You appear to be running Windows 2003 Server or later. On 2003 and"
|
||||
echo "later systems, it's not possible to use the LocalSystem account"
|
||||
echo "if sshd should allow passwordless logon (e. g. public key authentication)."
|
||||
echo "If you want to enable that functionality, it's required to create a new"
|
||||
echo "account 'sshd_server' with special privileges, which is then used to run"
|
||||
echo "the sshd service under."
|
||||
echo
|
||||
echo "Should this script create a new local account 'sshd_server' which has"
|
||||
if request "the required privileges?"
|
||||
then
|
||||
_admingroup=`awk -F: '{if ( $2 == "S-1-5-32-544" ) print $1;}' ${SYSCONFDIR}/group`
|
||||
if [ -z "${_admingroup}" ]
|
||||
then
|
||||
echo "There's no group with SID S-1-5-32-544 (Local administrators group) in"
|
||||
echo "your ${SYSCONFDIR}/group file. Please regenerate this entry using 'mkgroup -l'"
|
||||
echo "and restart this script."
|
||||
exit 1
|
||||
fi
|
||||
dos_var_empty=`cygpath -w ${LOCALSTATEDIR}/empty`
|
||||
while [ "${sshd_server_in_sam}" != "yes" ]
|
||||
do
|
||||
if [ -n "${password_value}" ]
|
||||
then
|
||||
_password="${password_value}"
|
||||
# Allow to ask for password if first try fails
|
||||
password_value=""
|
||||
else
|
||||
echo
|
||||
echo "Please enter a password for new user 'sshd_server'. Please be sure that"
|
||||
echo "this password matches the password rules given on your system."
|
||||
echo -n "Entering no password will exit the configuration. PASSWORD="
|
||||
read -e _password
|
||||
if [ -z "${_password}" ]
|
||||
then
|
||||
echo
|
||||
echo "Exiting configuration. No user sshd_server has been created,"
|
||||
echo "no sshd service installed."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
net user sshd_server "${_password}" /add /fullname:"sshd server account" "/homedir:${dos_var_empty}" /yes > /tmp/nu.$$ 2>&1 && sshd_server_in_sam=yes
|
||||
if [ "${sshd_server_in_sam}" != "yes" ]
|
||||
then
|
||||
echo "Creating the user 'sshd_server' failed! Reason:"
|
||||
cat /tmp/nu.$$
|
||||
rm /tmp/nu.$$
|
||||
fi
|
||||
done
|
||||
net localgroup "${_admingroup}" sshd_server /add > /dev/null 2>&1 && sshd_server_in_admingroup=yes
|
||||
if [ "${sshd_server_in_admingroup}" != "yes" ]
|
||||
then
|
||||
echo "WARNING: Adding user sshd_server to local group ${_admingroup} failed!"
|
||||
echo "Please add sshd_server to local group ${_admingroup} before"
|
||||
echo "starting the sshd service!"
|
||||
echo
|
||||
fi
|
||||
passwd_has_expiry_flags=`passwd -v | awk '/^passwd /{print ( $3 >= 1.5 ) ? "yes" : "no";}'`
|
||||
if [ "${passwd_has_expiry_flags}" != "yes" ]
|
||||
then
|
||||
echo
|
||||
echo "WARNING: User sshd_server has password expiry set to system default."
|
||||
echo "Please check that password never expires or set it to your needs."
|
||||
elif ! passwd -e sshd_server
|
||||
then
|
||||
echo
|
||||
echo "WARNING: Setting password expiry for user sshd_server failed!"
|
||||
echo "Please check that password never expires or set it to your needs."
|
||||
fi
|
||||
editrights -a SeAssignPrimaryTokenPrivilege -u sshd_server &&
|
||||
editrights -a SeCreateTokenPrivilege -u sshd_server &&
|
||||
editrights -a SeDenyInteractiveLogonRight -u sshd_server &&
|
||||
editrights -a SeDenyNetworkLogonRight -u sshd_server &&
|
||||
editrights -a SeDenyRemoteInteractiveLogonRight -u sshd_server &&
|
||||
editrights -a SeIncreaseQuotaPrivilege -u sshd_server &&
|
||||
editrights -a SeServiceLogonRight -u sshd_server &&
|
||||
sshd_server_got_all_rights="yes"
|
||||
if [ "${sshd_server_got_all_rights}" != "yes" ]
|
||||
then
|
||||
echo
|
||||
echo "Assigning the appropriate privileges to user 'sshd_server' failed!"
|
||||
echo "Can't create sshd service!"
|
||||
exit 1
|
||||
fi
|
||||
echo
|
||||
echo "User 'sshd_server' has been created with password '${_password}'."
|
||||
echo "If you change the password, please keep in mind to change the password"
|
||||
echo "for the sshd service, too."
|
||||
echo
|
||||
echo "Also keep in mind that the user sshd_server needs read permissions on all"
|
||||
echo "users' .ssh/authorized_keys file to allow public key authentication for"
|
||||
echo "these users!. (Re-)running ssh-user-config for each user will set the"
|
||||
echo "required permissions correctly."
|
||||
echo
|
||||
fi
|
||||
fi
|
||||
if [ "${sshd_server_in_sam}" = "yes" ]
|
||||
then
|
||||
mkpasswd -l -u sshd_server | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd
|
||||
fi
|
||||
fi
|
||||
if [ -n "${cygwin_value}" ]
|
||||
then
|
||||
_cygwin="${cygwin_value}"
|
||||
else
|
||||
echo
|
||||
echo "Which value should the environment variable CYGWIN have when"
|
||||
echo "sshd starts? It's recommended to set at least \"ntsec\" to be"
|
||||
echo "able to change user context without password."
|
||||
echo -n "Default is \"ntsec\". CYGWIN="
|
||||
read -e _cygwin
|
||||
fi
|
||||
[ -z "${_cygwin}" ] && _cygwin="ntsec"
|
||||
if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ]
|
||||
then
|
||||
if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -u sshd_server -w "${_password}" -e "CYGWIN=${_cygwin}"
|
||||
then
|
||||
echo
|
||||
echo "The service has been installed under sshd_server account."
|
||||
echo "To start the service, call \`net start sshd' or \`cygrunsrv -S sshd'."
|
||||
fi
|
||||
else
|
||||
if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
|
||||
then
|
||||
echo
|
||||
echo "The service has been installed under LocalSystem account."
|
||||
echo "To start the service, call \`net start sshd' or \`cygrunsrv -S sshd'."
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
# Now check if sshd has been successfully installed. This allows to
|
||||
# set the ownership of the affected files correctly.
|
||||
if cygrunsrv -Q sshd > /dev/null 2>&1
|
||||
then
|
||||
if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ]
|
||||
then
|
||||
_user="sshd_server"
|
||||
else
|
||||
_user="system"
|
||||
fi
|
||||
chown "${_user}" ${SYSCONFDIR}/ssh*
|
||||
chown "${_user}".544 ${LOCALSTATEDIR}/empty
|
||||
if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
|
||||
then
|
||||
chown "${_user}".544 ${LOCALSTATEDIR}/log/sshd.log
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
echo
|
||||
echo "Host configuration finished. Have fun!"
|
@ -1,250 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc.
|
||||
#
|
||||
# This file is part of the Cygwin port of OpenSSH.
|
||||
|
||||
# Directory where the config files are stored
|
||||
SYSCONFDIR=/etc
|
||||
|
||||
progname=$0
|
||||
auto_answer=""
|
||||
auto_passphrase="no"
|
||||
passphrase=""
|
||||
|
||||
request()
|
||||
{
|
||||
if [ "${auto_answer}" = "yes" ]
|
||||
then
|
||||
return 0
|
||||
elif [ "${auto_answer}" = "no" ]
|
||||
then
|
||||
return 1
|
||||
fi
|
||||
|
||||
answer=""
|
||||
while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
|
||||
do
|
||||
echo -n "$1 (yes/no) "
|
||||
read answer
|
||||
done
|
||||
if [ "X${answer}" = "Xyes" ]
|
||||
then
|
||||
return 0
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
# Check if running on NT
|
||||
_sys="`uname -a`"
|
||||
_nt=`expr "$_sys" : "CYGWIN_NT"`
|
||||
# If running on NT, check if running under 2003 Server or later
|
||||
if [ $_nt -gt 0 ]
|
||||
then
|
||||
_nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'`
|
||||
fi
|
||||
|
||||
# Check options
|
||||
|
||||
while :
|
||||
do
|
||||
case $# in
|
||||
0)
|
||||
break
|
||||
;;
|
||||
esac
|
||||
|
||||
option=$1
|
||||
shift
|
||||
|
||||
case "$option" in
|
||||
-d | --debug )
|
||||
set -x
|
||||
;;
|
||||
|
||||
-y | --yes )
|
||||
auto_answer=yes
|
||||
;;
|
||||
|
||||
-n | --no )
|
||||
auto_answer=no
|
||||
;;
|
||||
|
||||
-p | --passphrase )
|
||||
with_passphrase="yes"
|
||||
passphrase=$1
|
||||
shift
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "usage: ${progname} [OPTION]..."
|
||||
echo
|
||||
echo "This script creates an OpenSSH user configuration."
|
||||
echo
|
||||
echo "Options:"
|
||||
echo " --debug -d Enable shell's debug output."
|
||||
echo " --yes -y Answer all questions with \"yes\" automatically."
|
||||
echo " --no -n Answer all questions with \"no\" automatically."
|
||||
echo " --passphrase -p word Use \"word\" as passphrase automatically."
|
||||
echo
|
||||
exit 1
|
||||
;;
|
||||
|
||||
esac
|
||||
done
|
||||
|
||||
# Ask user if user identity should be generated
|
||||
|
||||
if [ ! -f ${SYSCONFDIR}/passwd ]
|
||||
then
|
||||
echo "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file"
|
||||
echo 'first using mkpasswd. Check if it contains an entry for you and'
|
||||
echo 'please care for the home directory in your entry as well.'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
uid=`id -u`
|
||||
pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd`
|
||||
|
||||
if [ "X${pwdhome}" = "X" ]
|
||||
then
|
||||
echo "There is no home directory set for you in ${SYSCONFDIR}/passwd."
|
||||
echo 'Setting $HOME is not sufficient!'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -d "${pwdhome}" ]
|
||||
then
|
||||
echo "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory"
|
||||
echo 'but it is not a valid directory. Cannot create user identity files.'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# If home is the root dir, set home to empty string to avoid error messages
|
||||
# in subsequent parts of that script.
|
||||
if [ "X${pwdhome}" = "X/" ]
|
||||
then
|
||||
# But first raise a warning!
|
||||
echo "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
|
||||
if request "Would you like to proceed anyway?"
|
||||
then
|
||||
pwdhome=''
|
||||
else
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -d "${pwdhome}" -a $_nt -gt 0 -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
|
||||
then
|
||||
echo
|
||||
echo 'WARNING: group and other have been revoked write permission to your home'
|
||||
echo " directory ${pwdhome}."
|
||||
echo ' This is required by OpenSSH to allow public key authentication using'
|
||||
echo ' the key files stored in your .ssh subdirectory.'
|
||||
echo ' Revert this change ONLY if you know what you are doing!'
|
||||
echo
|
||||
fi
|
||||
|
||||
if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
|
||||
then
|
||||
echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -e "${pwdhome}/.ssh" ]
|
||||
then
|
||||
mkdir "${pwdhome}/.ssh"
|
||||
if [ ! -e "${pwdhome}/.ssh" ]
|
||||
then
|
||||
echo "Creating users ${pwdhome}/.ssh directory failed"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ $_nt -gt 0 ]
|
||||
then
|
||||
_user="system"
|
||||
if [ $_nt2003 -gt 0 ]
|
||||
then
|
||||
grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && _user="sshd_server"
|
||||
fi
|
||||
if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh"
|
||||
then
|
||||
echo "${pwdhome}/.ssh couldn't be given the correct permissions."
|
||||
echo "Please try to solve this problem first."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -f "${pwdhome}/.ssh/identity" ]
|
||||
then
|
||||
if request "Shall I create an SSH1 RSA identity file for you?"
|
||||
then
|
||||
echo "Generating ${pwdhome}/.ssh/identity"
|
||||
if [ "${with_passphrase}" = "yes" ]
|
||||
then
|
||||
ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
|
||||
else
|
||||
ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
|
||||
fi
|
||||
if request "Do you want to use this identity to login to this machine?"
|
||||
then
|
||||
echo "Adding to ${pwdhome}/.ssh/authorized_keys"
|
||||
cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
|
||||
then
|
||||
if request "Shall I create an SSH2 RSA identity file for you? (yes/no) "
|
||||
then
|
||||
echo "Generating ${pwdhome}/.ssh/id_rsa"
|
||||
if [ "${with_passphrase}" = "yes" ]
|
||||
then
|
||||
ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
|
||||
else
|
||||
ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
|
||||
fi
|
||||
if request "Do you want to use this identity to login to this machine?"
|
||||
then
|
||||
echo "Adding to ${pwdhome}/.ssh/authorized_keys"
|
||||
cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
|
||||
then
|
||||
if request "Shall I create an SSH2 DSA identity file for you? (yes/no) "
|
||||
then
|
||||
echo "Generating ${pwdhome}/.ssh/id_dsa"
|
||||
if [ "${with_passphrase}" = "yes" ]
|
||||
then
|
||||
ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
|
||||
else
|
||||
ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
|
||||
fi
|
||||
if request "Do you want to use this identity to login to this machine?"
|
||||
then
|
||||
echo "Adding to ${pwdhome}/.ssh/authorized_keys"
|
||||
cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ $_nt -gt 0 -a -e "${pwdhome}/.ssh/authorized_keys" ]
|
||||
then
|
||||
if ! setfacl -m "u::rw-,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
|
||||
then
|
||||
echo
|
||||
echo "WARNING: Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
|
||||
echo "failed. Please care for the correct permissions. The minimum requirement"
|
||||
echo "is, the owner and ${_user} both need read permissions."
|
||||
echo
|
||||
fi
|
||||
fi
|
||||
|
||||
echo
|
||||
echo "Configuration finished. Have fun!"
|
@ -1,159 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# findssl.sh
|
||||
# Search for all instances of OpenSSL headers and libraries
|
||||
# and print their versions.
|
||||
# Intended to help diagnose OpenSSH's "OpenSSL headers do not
|
||||
# match your library" errors.
|
||||
#
|
||||
# Written by Darren Tucker (dtucker at zip dot com dot au)
|
||||
# This file is placed in the public domain.
|
||||
#
|
||||
# $Id: findssl.sh,v 1.2 2003/11/21 12:48:56 djm Exp $
|
||||
# 2002-07-27: Initial release.
|
||||
# 2002-08-04: Added public domain notice.
|
||||
# 2003-06-24: Incorporated readme, set library paths. First cvs version.
|
||||
#
|
||||
# "OpenSSL headers do not match your library" are usually caused by
|
||||
# OpenSSH's configure picking up an older version of OpenSSL headers
|
||||
# or libraries. You can use the following # procedure to help identify
|
||||
# the cause.
|
||||
#
|
||||
# The output of configure will tell you the versions of the OpenSSL
|
||||
# headers and libraries that were picked up, for example:
|
||||
#
|
||||
# checking OpenSSL header version... 90604f (OpenSSL 0.9.6d 9 May 2002)
|
||||
# checking OpenSSL library version... 90602f (OpenSSL 0.9.6b [engine] 9 Jul 2001)
|
||||
# checking whether OpenSSL's headers match the library... no
|
||||
# configure: error: Your OpenSSL headers do not match your library
|
||||
#
|
||||
# Now run findssl.sh. This should identify the headers and libraries
|
||||
# present and their versions. You should be able to identify the
|
||||
# libraries and headers used and adjust your CFLAGS or remove incorrect
|
||||
# versions. The output will show OpenSSL's internal version identifier
|
||||
# and should look something like:
|
||||
|
||||
# $ ./findssl.sh
|
||||
# Searching for OpenSSL header files.
|
||||
# 0x0090604fL /usr/include/openssl/opensslv.h
|
||||
# 0x0090604fL /usr/local/ssl/include/openssl/opensslv.h
|
||||
#
|
||||
# Searching for OpenSSL shared library files.
|
||||
# 0x0090602fL /lib/libcrypto.so.0.9.6b
|
||||
# 0x0090602fL /lib/libcrypto.so.2
|
||||
# 0x0090581fL /usr/lib/libcrypto.so.0
|
||||
# 0x0090602fL /usr/lib/libcrypto.so
|
||||
# 0x0090581fL /usr/lib/libcrypto.so.0.9.5a
|
||||
# 0x0090600fL /usr/lib/libcrypto.so.0.9.6
|
||||
# 0x0090600fL /usr/lib/libcrypto.so.1
|
||||
#
|
||||
# Searching for OpenSSL static library files.
|
||||
# 0x0090602fL /usr/lib/libcrypto.a
|
||||
# 0x0090604fL /usr/local/ssl/lib/libcrypto.a
|
||||
#
|
||||
# In this example, I gave configure no extra flags, so it's picking up
|
||||
# the OpenSSL header from /usr/include/openssl (90604f) and the library
|
||||
# from /usr/lib/ (90602f).
|
||||
|
||||
#
|
||||
# Adjust these to suit your compiler.
|
||||
# You may also need to set the *LIB*PATH environment variables if
|
||||
# DEFAULT_LIBPATH is not correct for your system.
|
||||
#
|
||||
CC=gcc
|
||||
STATIC=-static
|
||||
|
||||
#
|
||||
# Set up conftest C source
|
||||
#
|
||||
rm -f findssl.log
|
||||
cat >conftest.c <<EOD
|
||||
#include <stdio.h>
|
||||
int main(){printf("0x%08xL\n", SSLeay());}
|
||||
EOD
|
||||
|
||||
#
|
||||
# Set default library paths if not already set
|
||||
#
|
||||
DEFAULT_LIBPATH=/usr/lib:/usr/local/lib
|
||||
LIBPATH=${LIBPATH:=$DEFAULT_LIBPATH}
|
||||
LD_LIBRARY_PATH=${LD_LIBRARY_PATH:=$DEFAULT_LIBPATH}
|
||||
LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH}
|
||||
export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
|
||||
|
||||
#
|
||||
# Search for OpenSSL headers and print versions
|
||||
#
|
||||
echo Searching for OpenSSL header files.
|
||||
if [ -x "`which locate`" ]
|
||||
then
|
||||
headers=`locate opensslv.h`
|
||||
else
|
||||
headers=`find / -name opensslv.h -print 2>/dev/null`
|
||||
fi
|
||||
|
||||
for header in $headers
|
||||
do
|
||||
ver=`awk '/OPENSSL_VERSION_NUMBER/{printf \$3}' $header`
|
||||
echo "$ver $header"
|
||||
done
|
||||
echo
|
||||
|
||||
#
|
||||
# Search for shared libraries.
|
||||
# Relies on shared libraries looking like "libcrypto.s*"
|
||||
#
|
||||
echo Searching for OpenSSL shared library files.
|
||||
if [ -x "`which locate`" ]
|
||||
then
|
||||
libraries=`locate libcrypto.s`
|
||||
else
|
||||
libraries=`find / -name 'libcrypto.s*' -print 2>/dev/null`
|
||||
fi
|
||||
|
||||
for lib in $libraries
|
||||
do
|
||||
(echo "Trying libcrypto $lib" >>findssl.log
|
||||
dir=`dirname $lib`
|
||||
LIBPATH="$dir:$LIBPATH"
|
||||
LD_LIBRARY_PATH="$dir:$LIBPATH"
|
||||
LIBRARY_PATH="$dir:$LIBPATH"
|
||||
export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
|
||||
${CC} -o conftest conftest.c $lib 2>>findssl.log
|
||||
if [ -x ./conftest ]
|
||||
then
|
||||
ver=`./conftest 2>/dev/null`
|
||||
rm -f ./conftest
|
||||
echo "$ver $lib"
|
||||
fi)
|
||||
done
|
||||
echo
|
||||
|
||||
#
|
||||
# Search for static OpenSSL libraries and print versions
|
||||
#
|
||||
echo Searching for OpenSSL static library files.
|
||||
if [ -x "`which locate`" ]
|
||||
then
|
||||
libraries=`locate libcrypto.a`
|
||||
else
|
||||
libraries=`find / -name libcrypto.a -print 2>/dev/null`
|
||||
fi
|
||||
|
||||
for lib in $libraries
|
||||
do
|
||||
libdir=`dirname $lib`
|
||||
echo "Trying libcrypto $lib" >>findssl.log
|
||||
${CC} ${STATIC} -o conftest conftest.c -L${libdir} -lcrypto 2>>findssl.log
|
||||
if [ -x ./conftest ]
|
||||
then
|
||||
ver=`./conftest 2>/dev/null`
|
||||
rm -f ./conftest
|
||||
echo "$ver $lib"
|
||||
fi
|
||||
done
|
||||
|
||||
#
|
||||
# Clean up
|
||||
#
|
||||
rm -f conftest.c
|
@ -1,171 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2000-2002 Damien Miller. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/*
|
||||
* This is a simple GNOME SSH passphrase grabber. To use it, set the
|
||||
* environment variable SSH_ASKPASS to point to the location of
|
||||
* gnome-ssh-askpass before calling "ssh-add < /dev/null".
|
||||
*
|
||||
* There is only two run-time options: if you set the environment variable
|
||||
* "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
|
||||
* the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the
|
||||
* pointer will be grabbed too. These may have some benefit to security if
|
||||
* you don't trust your X server. We grab the keyboard always.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Compile with:
|
||||
*
|
||||
* cc `gnome-config --cflags gnome gnomeui` \
|
||||
* gnome-ssh-askpass1.c -o gnome-ssh-askpass \
|
||||
* `gnome-config --libs gnome gnomeui`
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <gnome.h>
|
||||
#include <X11/Xlib.h>
|
||||
#include <gdk/gdkx.h>
|
||||
|
||||
void
|
||||
report_failed_grab (void)
|
||||
{
|
||||
GtkWidget *err;
|
||||
|
||||
err = gnome_message_box_new("Could not grab keyboard or mouse.\n"
|
||||
"A malicious client may be eavesdropping on your session.",
|
||||
GNOME_MESSAGE_BOX_ERROR, "EXIT", NULL);
|
||||
gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
|
||||
gtk_object_set(GTK_OBJECT(err), "type", GTK_WINDOW_POPUP, NULL);
|
||||
|
||||
gnome_dialog_run_and_close(GNOME_DIALOG(err));
|
||||
}
|
||||
|
||||
int
|
||||
passphrase_dialog(char *message)
|
||||
{
|
||||
char *passphrase;
|
||||
char **messages;
|
||||
int result, i, grab_server, grab_pointer;
|
||||
GtkWidget *dialog, *entry, *label;
|
||||
|
||||
grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
|
||||
grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
|
||||
|
||||
dialog = gnome_dialog_new("OpenSSH", GNOME_STOCK_BUTTON_OK,
|
||||
GNOME_STOCK_BUTTON_CANCEL, NULL);
|
||||
|
||||
messages = g_strsplit(message, "\\n", 0);
|
||||
if (messages)
|
||||
for(i = 0; messages[i]; i++) {
|
||||
label = gtk_label_new(messages[i]);
|
||||
gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox),
|
||||
label, FALSE, FALSE, 0);
|
||||
}
|
||||
|
||||
entry = gtk_entry_new();
|
||||
gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), entry, FALSE,
|
||||
FALSE, 0);
|
||||
gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
|
||||
gtk_widget_grab_focus(entry);
|
||||
|
||||
/* Center window and prepare for grab */
|
||||
gtk_object_set(GTK_OBJECT(dialog), "type", GTK_WINDOW_POPUP, NULL);
|
||||
gnome_dialog_set_default(GNOME_DIALOG(dialog), 0);
|
||||
gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
|
||||
gtk_window_set_policy(GTK_WINDOW(dialog), FALSE, FALSE, TRUE);
|
||||
gnome_dialog_close_hides(GNOME_DIALOG(dialog), TRUE);
|
||||
gtk_container_set_border_width(GTK_CONTAINER(GNOME_DIALOG(dialog)->vbox),
|
||||
GNOME_PAD);
|
||||
gtk_widget_show_all(dialog);
|
||||
|
||||
/* Grab focus */
|
||||
if (grab_server)
|
||||
XGrabServer(GDK_DISPLAY());
|
||||
if (grab_pointer && gdk_pointer_grab(dialog->window, TRUE, 0,
|
||||
NULL, NULL, GDK_CURRENT_TIME))
|
||||
goto nograb;
|
||||
if (gdk_keyboard_grab(dialog->window, FALSE, GDK_CURRENT_TIME))
|
||||
goto nograbkb;
|
||||
|
||||
/* Make <enter> close dialog */
|
||||
gnome_dialog_editable_enters(GNOME_DIALOG(dialog), GTK_EDITABLE(entry));
|
||||
|
||||
/* Run dialog */
|
||||
result = gnome_dialog_run(GNOME_DIALOG(dialog));
|
||||
|
||||
/* Ungrab */
|
||||
if (grab_server)
|
||||
XUngrabServer(GDK_DISPLAY());
|
||||
if (grab_pointer)
|
||||
gdk_pointer_ungrab(GDK_CURRENT_TIME);
|
||||
gdk_keyboard_ungrab(GDK_CURRENT_TIME);
|
||||
gdk_flush();
|
||||
|
||||
/* Report passphrase if user selected OK */
|
||||
passphrase = gtk_entry_get_text(GTK_ENTRY(entry));
|
||||
if (result == 0)
|
||||
puts(passphrase);
|
||||
|
||||
/* Zero passphrase in memory */
|
||||
memset(passphrase, '\0', strlen(passphrase));
|
||||
gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
|
||||
|
||||
gnome_dialog_close(GNOME_DIALOG(dialog));
|
||||
return (result == 0 ? 0 : -1);
|
||||
|
||||
/* At least one grab failed - ungrab what we got, and report
|
||||
the failure to the user. Note that XGrabServer() cannot
|
||||
fail. */
|
||||
nograbkb:
|
||||
gdk_pointer_ungrab(GDK_CURRENT_TIME);
|
||||
nograb:
|
||||
if (grab_server)
|
||||
XUngrabServer(GDK_DISPLAY());
|
||||
gnome_dialog_close(GNOME_DIALOG(dialog));
|
||||
|
||||
report_failed_grab();
|
||||
return (-1);
|
||||
}
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
char *message;
|
||||
int result;
|
||||
|
||||
gnome_init("GNOME ssh-askpass", "0.1", argc, argv);
|
||||
|
||||
if (argc == 2)
|
||||
message = argv[1];
|
||||
else
|
||||
message = "Enter your OpenSSH passphrase:";
|
||||
|
||||
setvbuf(stdout, 0, _IONBF, 0);
|
||||
result = passphrase_dialog(message);
|
||||
|
||||
return (result);
|
||||
}
|
@ -1,220 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2000-2002 Damien Miller. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* GTK2 support by Nalin Dahyabhai <nalin@redhat.com> */
|
||||
|
||||
/*
|
||||
* This is a simple GNOME SSH passphrase grabber. To use it, set the
|
||||
* environment variable SSH_ASKPASS to point to the location of
|
||||
* gnome-ssh-askpass before calling "ssh-add < /dev/null".
|
||||
*
|
||||
* There is only two run-time options: if you set the environment variable
|
||||
* "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
|
||||
* the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the
|
||||
* pointer will be grabbed too. These may have some benefit to security if
|
||||
* you don't trust your X server. We grab the keyboard always.
|
||||
*/
|
||||
|
||||
#define GRAB_TRIES 16
|
||||
#define GRAB_WAIT 250 /* milliseconds */
|
||||
|
||||
/*
|
||||
* Compile with:
|
||||
*
|
||||
* cc -Wall `pkg-config --cflags gtk+-2.0` \
|
||||
* gnome-ssh-askpass2.c -o gnome-ssh-askpass \
|
||||
* `pkg-config --libs gtk+-2.0`
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <X11/Xlib.h>
|
||||
#include <gtk/gtk.h>
|
||||
#include <gdk/gdkx.h>
|
||||
|
||||
static void
|
||||
report_failed_grab (const char *what)
|
||||
{
|
||||
GtkWidget *err;
|
||||
|
||||
err = gtk_message_dialog_new(NULL, 0,
|
||||
GTK_MESSAGE_ERROR,
|
||||
GTK_BUTTONS_CLOSE,
|
||||
"Could not grab %s. "
|
||||
"A malicious client may be eavesdropping "
|
||||
"on your session.", what);
|
||||
gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
|
||||
gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(err))->label),
|
||||
TRUE);
|
||||
|
||||
gtk_dialog_run(GTK_DIALOG(err));
|
||||
|
||||
gtk_widget_destroy(err);
|
||||
}
|
||||
|
||||
static void
|
||||
ok_dialog(GtkWidget *entry, gpointer dialog)
|
||||
{
|
||||
g_return_if_fail(GTK_IS_DIALOG(dialog));
|
||||
gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
|
||||
}
|
||||
|
||||
static int
|
||||
passphrase_dialog(char *message)
|
||||
{
|
||||
const char *failed;
|
||||
char *passphrase, *local;
|
||||
int result, grab_tries, grab_server, grab_pointer;
|
||||
GtkWidget *dialog, *entry;
|
||||
GdkGrabStatus status;
|
||||
|
||||
grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
|
||||
grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
|
||||
grab_tries = 0;
|
||||
|
||||
dialog = gtk_message_dialog_new(NULL, 0,
|
||||
GTK_MESSAGE_QUESTION,
|
||||
GTK_BUTTONS_OK_CANCEL,
|
||||
"%s",
|
||||
message);
|
||||
|
||||
entry = gtk_entry_new();
|
||||
gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE,
|
||||
FALSE, 0);
|
||||
gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
|
||||
gtk_widget_grab_focus(entry);
|
||||
gtk_widget_show(entry);
|
||||
|
||||
gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH");
|
||||
gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
|
||||
gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(dialog))->label),
|
||||
TRUE);
|
||||
|
||||
/* Make <enter> close dialog */
|
||||
gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
|
||||
g_signal_connect(G_OBJECT(entry), "activate",
|
||||
G_CALLBACK(ok_dialog), dialog);
|
||||
|
||||
/* Grab focus */
|
||||
gtk_widget_show_now(dialog);
|
||||
if (grab_pointer) {
|
||||
for(;;) {
|
||||
status = gdk_pointer_grab(
|
||||
(GTK_WIDGET(dialog))->window, TRUE, 0, NULL,
|
||||
NULL, GDK_CURRENT_TIME);
|
||||
if (status == GDK_GRAB_SUCCESS)
|
||||
break;
|
||||
usleep(GRAB_WAIT * 1000);
|
||||
if (++grab_tries > GRAB_TRIES) {
|
||||
failed = "mouse";
|
||||
goto nograb;
|
||||
}
|
||||
}
|
||||
}
|
||||
for(;;) {
|
||||
status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window,
|
||||
FALSE, GDK_CURRENT_TIME);
|
||||
if (status == GDK_GRAB_SUCCESS)
|
||||
break;
|
||||
usleep(GRAB_WAIT * 1000);
|
||||
if (++grab_tries > GRAB_TRIES) {
|
||||
failed = "keyboard";
|
||||
goto nograbkb;
|
||||
}
|
||||
}
|
||||
if (grab_server) {
|
||||
gdk_x11_grab_server();
|
||||
}
|
||||
|
||||
result = gtk_dialog_run(GTK_DIALOG(dialog));
|
||||
|
||||
/* Ungrab */
|
||||
if (grab_server)
|
||||
XUngrabServer(GDK_DISPLAY());
|
||||
if (grab_pointer)
|
||||
gdk_pointer_ungrab(GDK_CURRENT_TIME);
|
||||
gdk_keyboard_ungrab(GDK_CURRENT_TIME);
|
||||
gdk_flush();
|
||||
|
||||
/* Report passphrase if user selected OK */
|
||||
passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
|
||||
if (result == GTK_RESPONSE_OK) {
|
||||
local = g_locale_from_utf8(passphrase, strlen(passphrase),
|
||||
NULL, NULL, NULL);
|
||||
if (local != NULL) {
|
||||
puts(local);
|
||||
memset(local, '\0', strlen(local));
|
||||
g_free(local);
|
||||
} else {
|
||||
puts(passphrase);
|
||||
}
|
||||
}
|
||||
|
||||
/* Zero passphrase in memory */
|
||||
memset(passphrase, '\b', strlen(passphrase));
|
||||
gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
|
||||
memset(passphrase, '\0', strlen(passphrase));
|
||||
g_free(passphrase);
|
||||
|
||||
gtk_widget_destroy(dialog);
|
||||
return (result == GTK_RESPONSE_OK ? 0 : -1);
|
||||
|
||||
/* At least one grab failed - ungrab what we got, and report
|
||||
the failure to the user. Note that XGrabServer() cannot
|
||||
fail. */
|
||||
nograbkb:
|
||||
gdk_pointer_ungrab(GDK_CURRENT_TIME);
|
||||
nograb:
|
||||
if (grab_server)
|
||||
XUngrabServer(GDK_DISPLAY());
|
||||
gtk_widget_destroy(dialog);
|
||||
|
||||
report_failed_grab(failed);
|
||||
|
||||
return (-1);
|
||||
}
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
char *message;
|
||||
int result;
|
||||
|
||||
gtk_init(&argc, &argv);
|
||||
|
||||
if (argc > 1) {
|
||||
message = g_strjoinv(" ", argv + 1);
|
||||
} else {
|
||||
message = g_strdup("Enter your OpenSSH passphrase:");
|
||||
}
|
||||
|
||||
setvbuf(stdout, 0, _IONBF, 0);
|
||||
result = passphrase_dialog(message);
|
||||
g_free(message);
|
||||
|
||||
return (result);
|
||||
}
|
@ -1,45 +0,0 @@
|
||||
README for OpenSSH HP-UX contrib files
|
||||
Kevin Steves <stevesk@pobox.com>
|
||||
|
||||
sshd: configuration file for sshd.rc
|
||||
sshd.rc: SSH startup script
|
||||
egd: configuration file for egd.rc
|
||||
egd.rc: EGD (entropy gathering daemon) startup script
|
||||
|
||||
To install:
|
||||
|
||||
sshd.rc:
|
||||
|
||||
o Verify paths in sshd.rc match your local installation
|
||||
(WHAT_PATH and WHAT_PID)
|
||||
o Customize sshd if needed (SSHD_ARGS)
|
||||
o Install:
|
||||
|
||||
# cp sshd /etc/rc.config.d
|
||||
# chmod 444 /etc/rc.config.d/sshd
|
||||
# cp sshd.rc /sbin/init.d
|
||||
# chmod 555 /sbin/init.d/sshd.rc
|
||||
# ln -s /sbin/init.d/sshd.rc /sbin/rc1.d/K100sshd
|
||||
# ln -s /sbin/init.d/sshd.rc /sbin/rc2.d/S900sshd
|
||||
|
||||
egd.rc:
|
||||
|
||||
o Verify egd.pl path in egd.rc matches your local installation
|
||||
(WHAT_PATH)
|
||||
o Customize egd if needed (EGD_ARGS and EGD_LOG)
|
||||
o Add pseudo account:
|
||||
|
||||
# groupadd egd
|
||||
# useradd -g egd egd
|
||||
# mkdir -p /etc/opt/egd
|
||||
# chown egd:egd /etc/opt/egd
|
||||
# chmod 711 /etc/opt/egd
|
||||
|
||||
o Install:
|
||||
|
||||
# cp egd /etc/rc.config.d
|
||||
# chmod 444 /etc/rc.config.d/egd
|
||||
# cp egd.rc /sbin/init.d
|
||||
# chmod 555 /sbin/init.d/egd.rc
|
||||
# ln -s /sbin/init.d/egd.rc /sbin/rc1.d/K600egd
|
||||
# ln -s /sbin/init.d/egd.rc /sbin/rc2.d/S400egd
|
@ -1,15 +0,0 @@
|
||||
# EGD_START: Set to 1 to start entropy gathering daemon
|
||||
# EGD_ARGS: Command line arguments to pass to egd
|
||||
# EGD_LOG: EGD stdout and stderr log file (default /etc/opt/egd/egd.log)
|
||||
#
|
||||
# To configure the egd environment:
|
||||
|
||||
# groupadd egd
|
||||
# useradd -g egd egd
|
||||
# mkdir -p /etc/opt/egd
|
||||
# chown egd:egd /etc/opt/egd
|
||||
# chmod 711 /etc/opt/egd
|
||||
|
||||
EGD_START=1
|
||||
EGD_ARGS='/etc/opt/egd/entropy'
|
||||
EGD_LOG=
|
@ -1,98 +0,0 @@
|
||||
#!/sbin/sh
|
||||
|
||||
#
|
||||
# egd.rc: EGD start-up and shutdown script
|
||||
#
|
||||
|
||||
# Allowed exit values:
|
||||
# 0 = success; causes "OK" to show up in checklist.
|
||||
# 1 = failure; causes "FAIL" to show up in checklist.
|
||||
# 2 = skip; causes "N/A" to show up in the checklist.
|
||||
# Use this value if execution of this script is overridden
|
||||
# by the use of a control variable, or if this script is not
|
||||
# appropriate to execute for some other reason.
|
||||
# 3 = reboot; causes the system to be rebooted after execution.
|
||||
|
||||
# Input and output:
|
||||
# stdin is redirected from /dev/null
|
||||
#
|
||||
# stdout and stderr are redirected to the /etc/rc.log file
|
||||
# during checklist mode, or to the console in raw mode.
|
||||
|
||||
umask 022
|
||||
|
||||
PATH=/usr/sbin:/usr/bin:/sbin
|
||||
export PATH
|
||||
|
||||
WHAT='EGD (entropy gathering daemon)'
|
||||
WHAT_PATH=/opt/perl/bin/egd.pl
|
||||
WHAT_CONFIG=/etc/rc.config.d/egd
|
||||
WHAT_LOG=/etc/opt/egd/egd.log
|
||||
|
||||
# NOTE: If your script executes in run state 0 or state 1, then /usr might
|
||||
# not be available. Do not attempt to access commands or files in
|
||||
# /usr unless your script executes in run state 2 or greater. Other
|
||||
# file systems typically not mounted until run state 2 include /var
|
||||
# and /opt.
|
||||
|
||||
rval=0
|
||||
|
||||
# Check the exit value of a command run by this script. If non-zero, the
|
||||
# exit code is echoed to the log file and the return value of this script
|
||||
# is set to indicate failure.
|
||||
|
||||
set_return() {
|
||||
x=$?
|
||||
if [ $x -ne 0 ]; then
|
||||
echo "EXIT CODE: $x"
|
||||
rval=1 # script FAILed
|
||||
fi
|
||||
}
|
||||
|
||||
case $1 in
|
||||
'start_msg')
|
||||
echo "Starting $WHAT"
|
||||
;;
|
||||
|
||||
'stop_msg')
|
||||
echo "Stopping $WHAT"
|
||||
;;
|
||||
|
||||
'start')
|
||||
if [ -f $WHAT_CONFIG ] ; then
|
||||
. $WHAT_CONFIG
|
||||
else
|
||||
echo "ERROR: $WHAT_CONFIG defaults file MISSING"
|
||||
fi
|
||||
|
||||
|
||||
if [ "$EGD_START" -eq 1 -a -x $WHAT_PATH ]; then
|
||||
EGD_LOG=${EGD_LOG:-$WHAT_LOG}
|
||||
su egd -c "nohup $WHAT_PATH $EGD_ARGS >$EGD_LOG 2>&1" &&
|
||||
echo $WHAT started
|
||||
set_return
|
||||
else
|
||||
rval=2
|
||||
fi
|
||||
;;
|
||||
|
||||
'stop')
|
||||
pid=`ps -fuegd | awk '$1 == "egd" { print $2 }'`
|
||||
if [ "X$pid" != "X" ]; then
|
||||
if kill "$pid"; then
|
||||
echo "$WHAT stopped"
|
||||
else
|
||||
rval=1
|
||||
echo "Unable to stop $WHAT"
|
||||
fi
|
||||
fi
|
||||
set_return
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "usage: $0 {start|stop|start_msg|stop_msg}"
|
||||
rval=1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit $rval
|
@ -1,5 +0,0 @@
|
||||
# SSHD_START: Set to 1 to start SSH daemon
|
||||
# SSHD_ARGS: Command line arguments to pass to sshd
|
||||
#
|
||||
SSHD_START=1
|
||||
SSHD_ARGS=
|
@ -1,90 +0,0 @@
|
||||
#!/sbin/sh
|
||||
|
||||
#
|
||||
# sshd.rc: SSH daemon start-up and shutdown script
|
||||
#
|
||||
|
||||
# Allowed exit values:
|
||||
# 0 = success; causes "OK" to show up in checklist.
|
||||
# 1 = failure; causes "FAIL" to show up in checklist.
|
||||
# 2 = skip; causes "N/A" to show up in the checklist.
|
||||
# Use this value if execution of this script is overridden
|
||||
# by the use of a control variable, or if this script is not
|
||||
# appropriate to execute for some other reason.
|
||||
# 3 = reboot; causes the system to be rebooted after execution.
|
||||
|
||||
# Input and output:
|
||||
# stdin is redirected from /dev/null
|
||||
#
|
||||
# stdout and stderr are redirected to the /etc/rc.log file
|
||||
# during checklist mode, or to the console in raw mode.
|
||||
|
||||
PATH=/usr/sbin:/usr/bin:/sbin
|
||||
export PATH
|
||||
|
||||
WHAT='OpenSSH'
|
||||
WHAT_PATH=/opt/openssh/sbin/sshd
|
||||
WHAT_PID=/var/run/sshd.pid
|
||||
WHAT_CONFIG=/etc/rc.config.d/sshd
|
||||
|
||||
# NOTE: If your script executes in run state 0 or state 1, then /usr might
|
||||
# not be available. Do not attempt to access commands or files in
|
||||
# /usr unless your script executes in run state 2 or greater. Other
|
||||
# file systems typically not mounted until run state 2 include /var
|
||||
# and /opt.
|
||||
|
||||
rval=0
|
||||
|
||||
# Check the exit value of a command run by this script. If non-zero, the
|
||||
# exit code is echoed to the log file and the return value of this script
|
||||
# is set to indicate failure.
|
||||
|
||||
set_return() {
|
||||
x=$?
|
||||
if [ $x -ne 0 ]; then
|
||||
echo "EXIT CODE: $x"
|
||||
rval=1 # script FAILed
|
||||
fi
|
||||
}
|
||||
|
||||
case $1 in
|
||||
'start_msg')
|
||||
echo "Starting $WHAT"
|
||||
;;
|
||||
|
||||
'stop_msg')
|
||||
echo "Stopping $WHAT"
|
||||
;;
|
||||
|
||||
'start')
|
||||
if [ -f $WHAT_CONFIG ] ; then
|
||||
. $WHAT_CONFIG
|
||||
else
|
||||
echo "ERROR: $WHAT_CONFIG defaults file MISSING"
|
||||
fi
|
||||
|
||||
if [ "$SSHD_START" -eq 1 -a -x "$WHAT_PATH" ]; then
|
||||
$WHAT_PATH $SSHD_ARGS && echo "$WHAT started"
|
||||
set_return
|
||||
else
|
||||
rval=2
|
||||
fi
|
||||
;;
|
||||
|
||||
'stop')
|
||||
if kill `cat $WHAT_PID`; then
|
||||
echo "$WHAT stopped"
|
||||
else
|
||||
rval=1
|
||||
echo "Unable to stop $WHAT"
|
||||
fi
|
||||
set_return
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "usage: $0 {start|stop|start_msg|stop_msg}"
|
||||
rval=1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit $rval
|
@ -1 +0,0 @@
|
||||
setenv SSH_ASKPASS /usr/libexec/openssh/gnome-ssh-askpass
|
@ -1,2 +0,0 @@
|
||||
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
|
||||
export SSH_ASKPASS
|
@ -1,804 +0,0 @@
|
||||
%define ver 3.8.1p1
|
||||
%define rel 1
|
||||
|
||||
# OpenSSH privilege separation requires a user & group ID
|
||||
%define sshd_uid 74
|
||||
%define sshd_gid 74
|
||||
|
||||
# Version of ssh-askpass
|
||||
%define aversion 1.2.4.1
|
||||
|
||||
# Do we want to disable building of x11-askpass? (1=yes 0=no)
|
||||
%define no_x11_askpass 0
|
||||
|
||||
# Do we want to disable building of gnome-askpass? (1=yes 0=no)
|
||||
%define no_gnome_askpass 0
|
||||
|
||||
# Do we want to link against a static libcrypto? (1=yes 0=no)
|
||||
%define static_libcrypto 0
|
||||
|
||||
# Do we want smartcard support (1=yes 0=no)
|
||||
%define scard 0
|
||||
|
||||
# Use GTK2 instead of GNOME in gnome-ssh-askpass
|
||||
%define gtk2 1
|
||||
|
||||
# Is this build for RHL 6.x?
|
||||
%define build6x 0
|
||||
|
||||
# Do we want kerberos5 support (1=yes 0=no)
|
||||
%define kerberos5 1
|
||||
|
||||
# Reserve options to override askpass settings with:
|
||||
# rpm -ba|--rebuild --define 'skip_xxx 1'
|
||||
%{?skip_x11_askpass:%define no_x11_askpass 1}
|
||||
%{?skip_gnome_askpass:%define no_gnome_askpass 1}
|
||||
|
||||
# Add option to build without GTK2 for older platforms with only GTK+.
|
||||
# RedHat <= 7.2 and Red Hat Advanced Server 2.1 are examples.
|
||||
# rpm -ba|--rebuild --define 'no_gtk2 1'
|
||||
%{?no_gtk2:%define gtk2 0}
|
||||
|
||||
# Is this a build for RHL 6.x or earlier?
|
||||
%{?build_6x:%define build6x 1}
|
||||
|
||||
# If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc.
|
||||
%if %{build6x}
|
||||
%define _sysconfdir /etc
|
||||
%endif
|
||||
|
||||
# Options for static OpenSSL link:
|
||||
# rpm -ba|--rebuild --define "static_openssl 1"
|
||||
%{?static_openssl:%define static_libcrypto 1}
|
||||
|
||||
# Options for Smartcard support: (needs libsectok and openssl-engine)
|
||||
# rpm -ba|--rebuild --define "smartcard 1"
|
||||
%{?smartcard:%define scard 1}
|
||||
|
||||
# Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)
|
||||
%define rescue 0
|
||||
%{?build_rescue:%define rescue 1}
|
||||
|
||||
# Turn off some stuff for resuce builds
|
||||
%if %{rescue}
|
||||
%define kerberos5 0
|
||||
%endif
|
||||
|
||||
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
|
||||
Name: openssh
|
||||
Version: %{ver}
|
||||
%if %{rescue}
|
||||
Release: %{rel}rescue
|
||||
%else
|
||||
Release: %{rel}
|
||||
%endif
|
||||
URL: http://www.openssh.com/portable.html
|
||||
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
||||
Source1: http://www.pobox.com/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
|
||||
License: BSD
|
||||
Group: Applications/Internet
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
|
||||
Obsoletes: ssh
|
||||
%if %{build6x}
|
||||
PreReq: initscripts >= 5.00
|
||||
%else
|
||||
PreReq: initscripts >= 5.20
|
||||
%endif
|
||||
BuildPreReq: perl, openssl-devel, tcp_wrappers
|
||||
BuildPreReq: /bin/login
|
||||
%if ! %{build6x}
|
||||
BuildPreReq: glibc-devel, pam
|
||||
%else
|
||||
BuildPreReq: /usr/include/security/pam_appl.h
|
||||
%endif
|
||||
%if ! %{no_x11_askpass}
|
||||
BuildPreReq: XFree86-devel
|
||||
%endif
|
||||
%if ! %{no_gnome_askpass}
|
||||
BuildPreReq: pkgconfig
|
||||
%endif
|
||||
%if %{kerberos5}
|
||||
BuildPreReq: krb5-devel
|
||||
BuildPreReq: krb5-libs
|
||||
%endif
|
||||
|
||||
%package clients
|
||||
Summary: OpenSSH clients.
|
||||
Requires: openssh = %{version}-%{release}
|
||||
Group: Applications/Internet
|
||||
Obsoletes: ssh-clients
|
||||
|
||||
%package server
|
||||
Summary: The OpenSSH server daemon.
|
||||
Group: System Environment/Daemons
|
||||
Obsoletes: ssh-server
|
||||
PreReq: openssh = %{version}-%{release}, chkconfig >= 0.9
|
||||
%if ! %{build6x}
|
||||
Requires: /etc/pam.d/system-auth
|
||||
%endif
|
||||
|
||||
%package askpass
|
||||
Summary: A passphrase dialog for OpenSSH and X.
|
||||
Group: Applications/Internet
|
||||
Requires: openssh = %{version}-%{release}
|
||||
Obsoletes: ssh-extras
|
||||
|
||||
%package askpass-gnome
|
||||
Summary: A passphrase dialog for OpenSSH, X, and GNOME.
|
||||
Group: Applications/Internet
|
||||
Requires: openssh = %{version}-%{release}
|
||||
Obsoletes: ssh-extras
|
||||
|
||||
%description
|
||||
SSH (Secure SHell) is a program for logging into and executing
|
||||
commands on a remote machine. SSH is intended to replace rlogin and
|
||||
rsh, and to provide secure encrypted communications between two
|
||||
untrusted hosts over an insecure network. X11 connections and
|
||||
arbitrary TCP/IP ports can also be forwarded over the secure channel.
|
||||
|
||||
OpenSSH is OpenBSD's version of the last free version of SSH, bringing
|
||||
it up to date in terms of security and features, as well as removing
|
||||
all patented algorithms to separate libraries.
|
||||
|
||||
This package includes the core files necessary for both the OpenSSH
|
||||
client and server. To make this package useful, you should also
|
||||
install openssh-clients, openssh-server, or both.
|
||||
|
||||
%description clients
|
||||
OpenSSH is a free version of SSH (Secure SHell), a program for logging
|
||||
into and executing commands on a remote machine. This package includes
|
||||
the clients necessary to make encrypted connections to SSH servers.
|
||||
You'll also need to install the openssh package on OpenSSH clients.
|
||||
|
||||
%description server
|
||||
OpenSSH is a free version of SSH (Secure SHell), a program for logging
|
||||
into and executing commands on a remote machine. This package contains
|
||||
the secure shell daemon (sshd). The sshd daemon allows SSH clients to
|
||||
securely connect to your SSH server. You also need to have the openssh
|
||||
package installed.
|
||||
|
||||
%description askpass
|
||||
OpenSSH is a free version of SSH (Secure SHell), a program for logging
|
||||
into and executing commands on a remote machine. This package contains
|
||||
an X11 passphrase dialog for OpenSSH.
|
||||
|
||||
%description askpass-gnome
|
||||
OpenSSH is a free version of SSH (Secure SHell), a program for logging
|
||||
into and executing commands on a remote machine. This package contains
|
||||
an X11 passphrase dialog for OpenSSH and the GNOME GUI desktop
|
||||
environment.
|
||||
|
||||
%prep
|
||||
|
||||
%if ! %{no_x11_askpass}
|
||||
%setup -q -a 1
|
||||
%else
|
||||
%setup -q
|
||||
%endif
|
||||
|
||||
%build
|
||||
%if %{rescue}
|
||||
CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
|
||||
%endif
|
||||
|
||||
%if %{kerberos5}
|
||||
K5DIR=`rpm -ql krb5-devel | grep include/krb5.h | sed 's,\/include\/krb5.h,,'`
|
||||
echo K5DIR=$K5DIR
|
||||
%endif
|
||||
|
||||
%configure \
|
||||
--sysconfdir=%{_sysconfdir}/ssh \
|
||||
--libexecdir=%{_libexecdir}/openssh \
|
||||
--datadir=%{_datadir}/openssh \
|
||||
--with-tcp-wrappers \
|
||||
--with-rsh=%{_bindir}/rsh \
|
||||
--with-default-path=/usr/local/bin:/bin:/usr/bin \
|
||||
--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
|
||||
--with-privsep-path=%{_var}/empty/sshd \
|
||||
--with-md5-passwords \
|
||||
%if %{scard}
|
||||
--with-smartcard \
|
||||
%endif
|
||||
%if %{rescue}
|
||||
--without-pam \
|
||||
%else
|
||||
--with-pam \
|
||||
%endif
|
||||
%if %{kerberos5}
|
||||
--with-kerberos5=$K5DIR \
|
||||
%endif
|
||||
|
||||
|
||||
%if %{static_libcrypto}
|
||||
perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile
|
||||
%endif
|
||||
|
||||
make
|
||||
|
||||
%if ! %{no_x11_askpass}
|
||||
pushd x11-ssh-askpass-%{aversion}
|
||||
%configure --libexecdir=%{_libexecdir}/openssh
|
||||
xmkmf -a
|
||||
make
|
||||
popd
|
||||
%endif
|
||||
|
||||
# Define a variable to toggle gnome1/gtk2 building. This is necessary
|
||||
# because RPM doesn't handle nested %if statements.
|
||||
%if %{gtk2}
|
||||
gtk2=yes
|
||||
%else
|
||||
gtk2=no
|
||||
%endif
|
||||
|
||||
%if ! %{no_gnome_askpass}
|
||||
pushd contrib
|
||||
if [ $gtk2 = yes ] ; then
|
||||
make gnome-ssh-askpass2
|
||||
mv gnome-ssh-askpass2 gnome-ssh-askpass
|
||||
else
|
||||
make gnome-ssh-askpass1
|
||||
mv gnome-ssh-askpass1 gnome-ssh-askpass
|
||||
fi
|
||||
popd
|
||||
%endif
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
|
||||
mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
|
||||
mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd
|
||||
|
||||
make install DESTDIR=$RPM_BUILD_ROOT
|
||||
|
||||
install -d $RPM_BUILD_ROOT/etc/pam.d/
|
||||
install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
|
||||
install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
|
||||
%if %{build6x}
|
||||
install -m644 contrib/redhat/sshd.pam.old $RPM_BUILD_ROOT/etc/pam.d/sshd
|
||||
%else
|
||||
install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
|
||||
%endif
|
||||
install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
|
||||
|
||||
%if ! %{no_x11_askpass}
|
||||
install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass
|
||||
ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
|
||||
%endif
|
||||
|
||||
%if ! %{no_gnome_askpass}
|
||||
install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
|
||||
%endif
|
||||
|
||||
%if ! %{scard}
|
||||
rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin
|
||||
%endif
|
||||
|
||||
%if ! %{no_gnome_askpass}
|
||||
install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
|
||||
install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
|
||||
install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
|
||||
%endif
|
||||
|
||||
perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%triggerun server -- ssh-server
|
||||
if [ "$1" != 0 -a -r /var/run/sshd.pid ] ; then
|
||||
touch /var/run/sshd.restart
|
||||
fi
|
||||
|
||||
%triggerun server -- openssh-server < 2.5.0p1
|
||||
# Count the number of HostKey and HostDsaKey statements we have.
|
||||
gawk 'BEGIN {IGNORECASE=1}
|
||||
/^hostkey/ || /^hostdsakey/ {sawhostkey = sawhostkey + 1}
|
||||
END {exit sawhostkey}' /etc/ssh/sshd_config
|
||||
# And if we only found one, we know the client was relying on the old default
|
||||
# behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasn't
|
||||
# specified. Now that HostKey is used for both SSH1 and SSH2 keys, specifying
|
||||
# one nullifies the default, which would have loaded both.
|
||||
if [ $? -eq 1 ] ; then
|
||||
echo HostKey /etc/ssh/ssh_host_rsa_key >> /etc/ssh/sshd_config
|
||||
echo HostKey /etc/ssh/ssh_host_dsa_key >> /etc/ssh/sshd_config
|
||||
fi
|
||||
|
||||
%triggerpostun server -- ssh-server
|
||||
if [ "$1" != 0 ] ; then
|
||||
/sbin/chkconfig --add sshd
|
||||
if test -f /var/run/sshd.restart ; then
|
||||
rm -f /var/run/sshd.restart
|
||||
/sbin/service sshd start > /dev/null 2>&1 || :
|
||||
fi
|
||||
fi
|
||||
|
||||
%pre server
|
||||
%{_sbindir}/groupadd -r -g %{sshd_gid} sshd 2>/dev/null || :
|
||||
%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
|
||||
-g sshd -M -r sshd 2>/dev/null || :
|
||||
|
||||
%post server
|
||||
/sbin/chkconfig --add sshd
|
||||
|
||||
%postun server
|
||||
/sbin/service sshd condrestart > /dev/null 2>&1 || :
|
||||
|
||||
%preun server
|
||||
if [ "$1" = 0 ]
|
||||
then
|
||||
/sbin/service sshd stop > /dev/null 2>&1 || :
|
||||
/sbin/chkconfig --del sshd
|
||||
fi
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* RFC* TODO WARNING*
|
||||
%attr(0755,root,root) %{_bindir}/scp
|
||||
%attr(0644,root,root) %{_mandir}/man1/scp.1*
|
||||
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
|
||||
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
|
||||
%if ! %{rescue}
|
||||
%attr(0755,root,root) %{_bindir}/ssh-keygen
|
||||
%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
|
||||
%attr(0755,root,root) %dir %{_libexecdir}/openssh
|
||||
%attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
|
||||
%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
|
||||
%endif
|
||||
%if %{scard}
|
||||
%attr(0755,root,root) %dir %{_datadir}/openssh
|
||||
%attr(0644,root,root) %{_datadir}/openssh/Ssh.bin
|
||||
%endif
|
||||
|
||||
%files clients
|
||||
%defattr(-,root,root)
|
||||
%attr(0755,root,root) %{_bindir}/ssh
|
||||
%attr(0644,root,root) %{_mandir}/man1/ssh.1*
|
||||
%attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
|
||||
%attr(-,root,root) %{_bindir}/slogin
|
||||
%attr(-,root,root) %{_mandir}/man1/slogin.1*
|
||||
%if ! %{rescue}
|
||||
%attr(2755,root,nobody) %{_bindir}/ssh-agent
|
||||
%attr(0755,root,root) %{_bindir}/ssh-add
|
||||
%attr(0755,root,root) %{_bindir}/ssh-keyscan
|
||||
%attr(0755,root,root) %{_bindir}/sftp
|
||||
%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
|
||||
%attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
|
||||
%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
|
||||
%attr(0644,root,root) %{_mandir}/man1/sftp.1*
|
||||
%endif
|
||||
|
||||
%if ! %{rescue}
|
||||
%files server
|
||||
%defattr(-,root,root)
|
||||
%dir %attr(0111,root,root) %{_var}/empty/sshd
|
||||
%attr(0755,root,root) %{_sbindir}/sshd
|
||||
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
|
||||
%attr(0644,root,root) %{_mandir}/man8/sshd.8*
|
||||
%attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
|
||||
%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
|
||||
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
|
||||
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
|
||||
%attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd
|
||||
%attr(0755,root,root) %config /etc/rc.d/init.d/sshd
|
||||
%endif
|
||||
|
||||
%if ! %{no_x11_askpass}
|
||||
%files askpass
|
||||
%defattr(-,root,root)
|
||||
%doc x11-ssh-askpass-%{aversion}/README
|
||||
%doc x11-ssh-askpass-%{aversion}/ChangeLog
|
||||
%doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
|
||||
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass
|
||||
%attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass
|
||||
%endif
|
||||
|
||||
%if ! %{no_gnome_askpass}
|
||||
%files askpass-gnome
|
||||
%defattr(-,root,root)
|
||||
%attr(0755,root,root) %config %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
|
||||
%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Jun 2 2003 Damien Miller <djm@mindrot.org>
|
||||
- Remove noip6 option. This may be controlled at run-time in client config
|
||||
file using new AddressFamily directive
|
||||
|
||||
* Mon May 12 2003 Damien Miller <djm@mindrot.org>
|
||||
- Don't install profile.d scripts when not building with GNOME/GTK askpass
|
||||
(patch from bet@rahul.net)
|
||||
|
||||
* Wed Oct 01 2002 Damien Miller <djm@mindrot.org>
|
||||
- Install ssh-agent setgid nobody to prevent ptrace() key theft attacks
|
||||
|
||||
* Mon Sep 30 2002 Damien Miller <djm@mindrot.org>
|
||||
- Use contrib/ Makefile for building askpass programs
|
||||
|
||||
* Fri Jun 21 2002 Damien Miller <djm@mindrot.org>
|
||||
- Merge in spec changes from seba@iq.pl (Sebastian Pachuta)
|
||||
- Add new {ssh,sshd}_config.5 manpages
|
||||
- Add new ssh-keysign program and remove setuid from ssh client
|
||||
|
||||
* Fri May 10 2002 Damien Miller <djm@mindrot.org>
|
||||
- Merge in spec changes from RedHat, reorgansie a little
|
||||
- Add Privsep user, group and directory
|
||||
|
||||
* Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2
|
||||
- bump and grind (through the build system)
|
||||
|
||||
* Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-1
|
||||
- require sharutils for building (mindrot #137)
|
||||
- require db1-devel only when building for 6.x (#55105), which probably won't
|
||||
work anyway (3.1 requires OpenSSL 0.9.6 to build), but what the heck
|
||||
- require pam-devel by file (not by package name) again
|
||||
- add Markus's patch to compile with OpenSSL 0.9.5a (from
|
||||
http://bugzilla.mindrot.org/show_bug.cgi?id=141) and apply it if we're
|
||||
building for 6.x
|
||||
|
||||
* Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-0
|
||||
- update to 3.1p1
|
||||
|
||||
* Tue Mar 5 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020305
|
||||
- update to SNAP-20020305
|
||||
- drop debug patch, fixed upstream
|
||||
|
||||
* Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020220
|
||||
- update to SNAP-20020220 for testing purposes (you've been warned, if there's
|
||||
anything to be warned about, gss patches won't apply, I don't mind)
|
||||
|
||||
* Wed Feb 13 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-3
|
||||
- add patches from Simon Wilkinson and Nicolas Williams for GSSAPI key
|
||||
exchange, authentication, and named key support
|
||||
|
||||
* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-2
|
||||
- remove dependency on db1-devel, which has just been swallowed up whole
|
||||
by gnome-libs-devel
|
||||
|
||||
* Sun Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- adjust build dependencies so that build6x actually works right (fix
|
||||
from Hugo van der Kooij)
|
||||
|
||||
* Tue Dec 4 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-1
|
||||
- update to 3.0.2p1
|
||||
|
||||
* Fri Nov 16 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.1p1-1
|
||||
- update to 3.0.1p1
|
||||
|
||||
* Tue Nov 13 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- update to current CVS (not for use in distribution)
|
||||
|
||||
* Thu Nov 8 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0p1-1
|
||||
- merge some of Damien Miller <djm@mindrot.org> changes from the upstream
|
||||
3.0p1 spec file and init script
|
||||
|
||||
* Wed Nov 7 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- update to 3.0p1
|
||||
- update to x11-ssh-askpass 1.2.4.1
|
||||
- change build dependency on a file from pam-devel to the pam-devel package
|
||||
- replace primes with moduli
|
||||
|
||||
* Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-9
|
||||
- incorporate fix from Markus Friedl's advisory for IP-based authorization bugs
|
||||
|
||||
* Thu Sep 13 2001 Bernhard Rosenkraenzer <bero@redhat.com> 2.9p2-8
|
||||
- Merge changes to rescue build from current sysadmin survival cd
|
||||
|
||||
* Thu Sep 6 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-7
|
||||
- fix scp's server's reporting of file sizes, and build with the proper
|
||||
preprocessor define to get large-file capable open(), stat(), etc.
|
||||
(sftp has been doing this correctly all along) (#51827)
|
||||
- configure without --with-ipv4-default on RHL 7.x and newer (#45987,#52247)
|
||||
- pull cvs patch to fix support for /etc/nologin for non-PAM logins (#47298)
|
||||
- mark profile.d scriptlets as config files (#42337)
|
||||
- refer to Jason Stone's mail for zsh workaround for exit-hanging quasi-bug
|
||||
- change a couple of log() statements to debug() statements (#50751)
|
||||
- pull cvs patch to add -t flag to sshd (#28611)
|
||||
- clear fd_sets correctly (one bit per FD, not one byte per FD) (#43221)
|
||||
|
||||
* Mon Aug 20 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-6
|
||||
- add db1-devel as a BuildPrerequisite (noted by Hans Ecke)
|
||||
|
||||
* Thu Aug 16 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- pull cvs patch to fix remote port forwarding with protocol 2
|
||||
|
||||
* Thu Aug 9 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- pull cvs patch to add session initialization to no-pty sessions
|
||||
- pull cvs patch to not cut off challengeresponse auth needlessly
|
||||
- refuse to do X11 forwarding if xauth isn't there, handy if you enable
|
||||
it by default on a system that doesn't have X installed (#49263)
|
||||
|
||||
* Wed Aug 8 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- don't apply patches to code we don't intend to build (spotted by Matt Galgoci)
|
||||
|
||||
* Mon Aug 6 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- pass OPTIONS correctly to initlog (#50151)
|
||||
|
||||
* Wed Jul 25 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- switch to x11-ssh-askpass 1.2.2
|
||||
|
||||
* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- rebuild in new environment
|
||||
|
||||
* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- disable the gssapi patch
|
||||
|
||||
* Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- update to 2.9p2
|
||||
- refresh to a new version of the gssapi patch
|
||||
|
||||
* Thu Jun 7 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- change Copyright: BSD to License: BSD
|
||||
- add Markus Friedl's unverified patch for the cookie file deletion problem
|
||||
so that we can verify it
|
||||
- drop patch to check if xauth is present (was folded into cookie patch)
|
||||
- don't apply gssapi patches for the errata candidate
|
||||
- clear supplemental groups list at startup
|
||||
|
||||
* Fri May 25 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- fix an error parsing the new default sshd_config
|
||||
- add a fix from Markus Friedl (via openssh-unix-dev) for ssh-keygen not
|
||||
dealing with comments right
|
||||
|
||||
* Thu May 24 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- add in Simon Wilkinson's GSSAPI patch to give it some testing in-house,
|
||||
to be removed before the next beta cycle because it's a big departure
|
||||
from the upstream version
|
||||
|
||||
* Thu May 3 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- finish marking strings in the init script for translation
|
||||
- modify init script to source /etc/sysconfig/sshd and pass $OPTIONS to sshd
|
||||
at startup (change merged from openssh.com init script, originally by
|
||||
Pekka Savola)
|
||||
- refuse to do X11 forwarding if xauth isn't there, handy if you enable
|
||||
it by default on a system that doesn't have X installed
|
||||
|
||||
* Wed May 2 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- update to 2.9
|
||||
- drop various patches that came from or went upstream or to or from CVS
|
||||
|
||||
* Wed Apr 18 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- only require initscripts 5.00 on 6.2 (reported by Peter Bieringer)
|
||||
|
||||
* Sun Apr 8 2001 Preston Brown <pbrown@redhat.com>
|
||||
- remove explicit openssl requirement, fixes builddistro issue
|
||||
- make initscript stop() function wait until sshd really dead to avoid
|
||||
races in condrestart
|
||||
|
||||
* Mon Apr 2 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- mention that challengereponse supports PAM, so disabling password doesn't
|
||||
limit users to pubkey and rsa auth (#34378)
|
||||
- bypass the daemon() function in the init script and call initlog directly,
|
||||
because daemon() won't start a daemon it detects is already running (like
|
||||
open connections)
|
||||
- require the version of openssl we had when we were built
|
||||
|
||||
* Fri Mar 23 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- make do_pam_setcred() smart enough to know when to establish creds and
|
||||
when to reinitialize them
|
||||
- add in a couple of other fixes from Damien for inclusion in the errata
|
||||
|
||||
* Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- update to 2.5.2p2
|
||||
- call setcred() again after initgroups, because the "creds" could actually
|
||||
be group memberships
|
||||
|
||||
* Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- update to 2.5.2p1 (includes endianness fixes in the rijndael implementation)
|
||||
- don't enable challenge-response by default until we find a way to not
|
||||
have too many userauth requests (we may make up to six pubkey and up to
|
||||
three password attempts as it is)
|
||||
- remove build dependency on rsh to match openssh.com's packages more closely
|
||||
|
||||
* Sat Mar 3 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- remove dependency on openssl -- would need to be too precise
|
||||
|
||||
* Fri Mar 2 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- rebuild in new environment
|
||||
|
||||
* Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Revert the patch to move pam_open_session.
|
||||
- Init script and spec file changes from Pekka Savola. (#28750)
|
||||
- Patch sftp to recognize '-o protocol' arguments. (#29540)
|
||||
|
||||
* Thu Feb 22 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Chuck the closing patch.
|
||||
- Add a trigger to add host keys for protocol 2 to the config file, now that
|
||||
configuration file syntax requires us to specify it with HostKey if we
|
||||
specify any other HostKey values, which we do.
|
||||
|
||||
* Tue Feb 20 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Redo patch to move pam_open_session after the server setuid()s to the user.
|
||||
- Rework the nopam patch to use be picked up by autoconf.
|
||||
|
||||
* Mon Feb 19 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update for 2.5.1p1.
|
||||
- Add init script mods from Pekka Savola.
|
||||
- Tweak the init script to match the CVS contrib script more closely.
|
||||
- Redo patch to ssh-add to try to adding both identity and id_dsa to also try
|
||||
adding id_rsa.
|
||||
|
||||
* Fri Feb 16 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update for 2.5.0p1.
|
||||
- Use $RPM_OPT_FLAGS instead of -O when building gnome-ssh-askpass
|
||||
- Resync with parts of Damien Miller's openssh.spec from CVS, including
|
||||
update of x11 askpass to 1.2.0.
|
||||
- Only require openssl (don't prereq) because we generate keys in the init
|
||||
script now.
|
||||
|
||||
* Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Don't open a PAM session until we've forked and become the user (#25690).
|
||||
- Apply Andrew Bartlett's patch for letting pam_authenticate() know which
|
||||
host the user is attempting a login from.
|
||||
- Resync with parts of Damien Miller's openssh.spec from CVS.
|
||||
- Don't expose KbdInt responses in debug messages (from CVS).
|
||||
- Detect and handle errors in rsa_{public,private}_decrypt (from CVS).
|
||||
|
||||
* Wed Feb 7 2001 Trond Eivind Glomsrxd <teg@redhat.com>
|
||||
- i18n-tweak to initscript.
|
||||
|
||||
* Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- More gettextizing.
|
||||
- Close all files after going into daemon mode (needs more testing).
|
||||
- Extract patch from CVS to handle auth banners (in the client).
|
||||
- Extract patch from CVS to handle compat weirdness.
|
||||
|
||||
* Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Finish with the gettextizing.
|
||||
|
||||
* Thu Jan 18 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Fix a bug in auth2-pam.c (#23877)
|
||||
- Gettextize the init script.
|
||||
|
||||
* Wed Dec 20 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Incorporate a switch for using PAM configs for 6.x, just in case.
|
||||
|
||||
* Tue Dec 5 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Incorporate Bero's changes for a build specifically for rescue CDs.
|
||||
|
||||
* Wed Nov 29 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Don't treat pam_setcred() failure as fatal unless pam_authenticate() has
|
||||
succeeded, to allow public-key authentication after a failure with "none"
|
||||
authentication. (#21268)
|
||||
|
||||
* Tue Nov 28 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update to x11-askpass 1.1.1. (#21301)
|
||||
- Don't second-guess fixpaths, which causes paths to get fixed twice. (#21290)
|
||||
|
||||
* Mon Nov 27 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Merge multiple PAM text messages into subsequent prompts when possible when
|
||||
doing keyboard-interactive authentication.
|
||||
|
||||
* Sun Nov 26 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Disable the built-in MD5 password support. We're using PAM.
|
||||
- Take a crack at doing keyboard-interactive authentication with PAM, and
|
||||
enable use of it in the default client configuration so that the client
|
||||
will try it when the server disallows password authentication.
|
||||
- Build with debugging flags. Build root policies strip all binaries anyway.
|
||||
|
||||
* Tue Nov 21 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Use DESTDIR instead of %%makeinstall.
|
||||
- Remove /usr/X11R6/bin from the path-fixing patch.
|
||||
|
||||
* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Add the primes file from the latest snapshot to the main package (#20884).
|
||||
- Add the dev package to the prereq list (#19984).
|
||||
- Remove the default path and mimic login's behavior in the server itself.
|
||||
|
||||
* Fri Nov 17 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Resync with conditional options in Damien Miller's .spec file for an errata.
|
||||
- Change libexecdir from %%{_libexecdir}/ssh to %%{_libexecdir}/openssh.
|
||||
|
||||
* Tue Nov 7 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update to OpenSSH 2.3.0p1.
|
||||
- Update to x11-askpass 1.1.0.
|
||||
- Enable keyboard-interactive authentication.
|
||||
|
||||
* Mon Oct 30 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update to ssh-askpass-x11 1.0.3.
|
||||
- Change authentication related messages to be private (#19966).
|
||||
|
||||
* Tue Oct 10 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Patch ssh-keygen to be able to list signatures for DSA public key files
|
||||
it generates.
|
||||
|
||||
* Thu Oct 5 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Add BuildPreReq on /usr/include/security/pam_appl.h to be sure we always
|
||||
build PAM authentication in.
|
||||
- Try setting SSH_ASKPASS if gnome-ssh-askpass is installed.
|
||||
- Clean out no-longer-used patches.
|
||||
- Patch ssh-add to try to add both identity and id_dsa, and to error only
|
||||
when neither exists.
|
||||
|
||||
* Mon Oct 2 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update x11-askpass to 1.0.2. (#17835)
|
||||
- Add BuildPreReqs for /bin/login and /usr/bin/rsh so that configure will
|
||||
always find them in the right place. (#17909)
|
||||
- Set the default path to be the same as the one supplied by /bin/login, but
|
||||
add /usr/X11R6/bin. (#17909)
|
||||
- Try to handle obsoletion of ssh-server more cleanly. Package names
|
||||
are different, but init script name isn't. (#17865)
|
||||
|
||||
* Wed Sep 6 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update to 2.2.0p1. (#17835)
|
||||
- Tweak the init script to allow proper restarting. (#18023)
|
||||
|
||||
* Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update to 20000823 snapshot.
|
||||
- Change subpackage requirements from %%{version} to %%{version}-%%{release}
|
||||
- Back out the pipe patch.
|
||||
|
||||
* Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update to 2.1.1p4, which includes fixes for config file parsing problems.
|
||||
- Move the init script back.
|
||||
- Add Damien's quick fix for wackiness.
|
||||
|
||||
* Wed Jul 12 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update to 2.1.1p3, which includes fixes for X11 forwarding and strtok().
|
||||
|
||||
* Thu Jul 6 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Move condrestart to server postun.
|
||||
- Move key generation to init script.
|
||||
- Actually use the right patch for moving the key generation to the init script.
|
||||
- Clean up the init script a bit.
|
||||
|
||||
* Wed Jul 5 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Fix X11 forwarding, from mail post by Chan Shih-Ping Richard.
|
||||
|
||||
* Sun Jul 2 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update to 2.1.1p2.
|
||||
- Use of strtok() considered harmful.
|
||||
|
||||
* Sat Jul 1 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Get the build root out of the man pages.
|
||||
|
||||
* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Add and use condrestart support in the init script.
|
||||
- Add newer initscripts as a prereq.
|
||||
|
||||
* Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Build in new environment (release 2)
|
||||
- Move -clients subpackage to Applications/Internet group
|
||||
|
||||
* Fri Jun 9 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update to 2.2.1p1
|
||||
|
||||
* Sat Jun 3 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Patch to build with neither RSA nor RSAref.
|
||||
- Miscellaneous FHS-compliance tweaks.
|
||||
- Fix for possibly-compressed man pages.
|
||||
|
||||
* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
|
||||
- Updated for new location
|
||||
- Updated for new gnome-ssh-askpass build
|
||||
|
||||
* Sun Dec 26 1999 Damien Miller <djm@mindrot.org>
|
||||
- Added Jim Knoble's <jmknoble@pobox.com> askpass
|
||||
|
||||
* Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
|
||||
- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
|
||||
|
||||
* Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
|
||||
- Added 'Obsoletes' directives
|
||||
|
||||
* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
|
||||
- Use make install
|
||||
- Subpackages
|
||||
|
||||
* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
|
||||
- Added links for slogin
|
||||
- Fixed perms on manpages
|
||||
|
||||
* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
|
||||
- Renamed init script
|
||||
|
||||
* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
|
||||
- Back to old binary names
|
||||
|
||||
* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
|
||||
- Use autoconf
|
||||
- New binary names
|
||||
|
||||
* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
|
||||
- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.
|
@ -1,154 +0,0 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Init file for OpenSSH server daemon
|
||||
#
|
||||
# chkconfig: 2345 55 25
|
||||
# description: OpenSSH server daemon
|
||||
#
|
||||
# processname: sshd
|
||||
# config: /etc/ssh/ssh_host_key
|
||||
# config: /etc/ssh/ssh_host_key.pub
|
||||
# config: /etc/ssh/ssh_random_seed
|
||||
# config: /etc/ssh/sshd_config
|
||||
# pidfile: /var/run/sshd.pid
|
||||
|
||||
# source function library
|
||||
. /etc/rc.d/init.d/functions
|
||||
|
||||
# pull in sysconfig settings
|
||||
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
|
||||
|
||||
RETVAL=0
|
||||
prog="sshd"
|
||||
|
||||
# Some functions to make the below more readable
|
||||
KEYGEN=/usr/bin/ssh-keygen
|
||||
SSHD=/usr/sbin/sshd
|
||||
RSA1_KEY=/etc/ssh/ssh_host_key
|
||||
RSA_KEY=/etc/ssh/ssh_host_rsa_key
|
||||
DSA_KEY=/etc/ssh/ssh_host_dsa_key
|
||||
PID_FILE=/var/run/sshd.pid
|
||||
|
||||
do_rsa1_keygen() {
|
||||
if [ ! -s $RSA1_KEY ]; then
|
||||
echo -n $"Generating SSH1 RSA host key: "
|
||||
if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
|
||||
chmod 600 $RSA1_KEY
|
||||
chmod 644 $RSA1_KEY.pub
|
||||
success $"RSA1 key generation"
|
||||
echo
|
||||
else
|
||||
failure $"RSA1 key generation"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
do_rsa_keygen() {
|
||||
if [ ! -s $RSA_KEY ]; then
|
||||
echo -n $"Generating SSH2 RSA host key: "
|
||||
if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
|
||||
chmod 600 $RSA_KEY
|
||||
chmod 644 $RSA_KEY.pub
|
||||
success $"RSA key generation"
|
||||
echo
|
||||
else
|
||||
failure $"RSA key generation"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
do_dsa_keygen() {
|
||||
if [ ! -s $DSA_KEY ]; then
|
||||
echo -n $"Generating SSH2 DSA host key: "
|
||||
if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
|
||||
chmod 600 $DSA_KEY
|
||||
chmod 644 $DSA_KEY.pub
|
||||
success $"DSA key generation"
|
||||
echo
|
||||
else
|
||||
failure $"DSA key generation"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
do_restart_sanity_check()
|
||||
{
|
||||
$SSHD -t
|
||||
RETVAL=$?
|
||||
if [ ! "$RETVAL" = 0 ]; then
|
||||
failure $"Configuration file or keys are invalid"
|
||||
echo
|
||||
fi
|
||||
}
|
||||
|
||||
start()
|
||||
{
|
||||
# Create keys if necessary
|
||||
do_rsa1_keygen
|
||||
do_rsa_keygen
|
||||
do_dsa_keygen
|
||||
|
||||
echo -n $"Starting $prog:"
|
||||
initlog -c "$SSHD $OPTIONS" && success || failure
|
||||
RETVAL=$?
|
||||
[ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
|
||||
echo
|
||||
}
|
||||
|
||||
stop()
|
||||
{
|
||||
echo -n $"Stopping $prog:"
|
||||
killproc $SSHD -TERM
|
||||
RETVAL=$?
|
||||
[ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd
|
||||
echo
|
||||
}
|
||||
|
||||
reload()
|
||||
{
|
||||
echo -n $"Reloading $prog:"
|
||||
killproc $SSHD -HUP
|
||||
RETVAL=$?
|
||||
echo
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
start
|
||||
;;
|
||||
stop)
|
||||
stop
|
||||
;;
|
||||
restart)
|
||||
stop
|
||||
start
|
||||
;;
|
||||
reload)
|
||||
reload
|
||||
;;
|
||||
condrestart)
|
||||
if [ -f /var/lock/subsys/sshd ] ; then
|
||||
do_restart_sanity_check
|
||||
if [ "$RETVAL" = 0 ] ; then
|
||||
stop
|
||||
# avoid race
|
||||
sleep 3
|
||||
start
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
status)
|
||||
status $SSHD
|
||||
RETVAL=$?
|
||||
;;
|
||||
*)
|
||||
echo $"Usage: $0 {start|stop|restart|reload|condrestart|status}"
|
||||
RETVAL=1
|
||||
esac
|
||||
exit $RETVAL
|
@ -1,8 +0,0 @@
|
||||
#%PAM-1.0
|
||||
auth required pam_stack.so service=system-auth
|
||||
auth required pam_nologin.so
|
||||
account required pam_stack.so service=system-auth
|
||||
password required pam_stack.so service=system-auth
|
||||
session required pam_stack.so service=system-auth
|
||||
session required pam_limits.so
|
||||
session optional pam_console.so
|
@ -1,24 +0,0 @@
|
||||
The following is a new package build script for Solaris. This is being
|
||||
introduced into OpenSSH 3.0 and above in hopes of simplifying the build
|
||||
process. As of 3.1p2 the script should work on all platforms that have
|
||||
SVR4 style package tools.
|
||||
|
||||
The build process is called a 'dummy install'.. Which means the software does
|
||||
a "make install-nokeys DESTDIR=[fakeroot]". This way all manpages should
|
||||
be handled correctly and key are defered until the first time the sshd
|
||||
is started.
|
||||
|
||||
Directions:
|
||||
|
||||
1. make -F Makefile.in distprep (Only if you are getting from the CVS tree)
|
||||
2. ./configure --with-pam [..any other options you want..]
|
||||
3. look at the top of contrib/solaris/buildpkg.sh for the configurable options.
|
||||
4. ./contrib/solaris/buildpkg.sh
|
||||
|
||||
If all goes well you should have a solaris package ready to be installed.
|
||||
|
||||
If you have any problems with this script please post them to
|
||||
openssh-unix-dev@mindrot.org and I will try to assist you as best as I can.
|
||||
|
||||
- Ben Lindstrom
|
||||
|
@ -1,386 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Fake Root Solaris/SVR4/SVR5 Build System - Prototype
|
||||
#
|
||||
# The following code has been provide under Public Domain License. I really
|
||||
# don't care what you use it for. Just as long as you don't complain to me
|
||||
# nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org)
|
||||
#
|
||||
umask 022
|
||||
#
|
||||
# Options for building the package
|
||||
# You can create a config.local with your customized options
|
||||
#
|
||||
# uncommenting TEST_DIR and using
|
||||
# configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty
|
||||
# and
|
||||
# PKGNAME=tOpenSSH should allow testing a package without interfering
|
||||
# with a real OpenSSH package on a system. This is not needed on systems
|
||||
# that support the -R option to pkgadd.
|
||||
#TEST_DIR=/var/tmp # leave commented out for production build
|
||||
PKGNAME=OpenSSH
|
||||
SYSVINIT_NAME=opensshd
|
||||
MAKE=${MAKE:="make"}
|
||||
SSHDUID=67 # Default privsep uid
|
||||
SSHDGID=67 # Default privsep gid
|
||||
# uncomment these next three as needed
|
||||
#PERMIT_ROOT_LOGIN=no
|
||||
#X11_FORWARDING=yes
|
||||
#USR_LOCAL_IS_SYMLINK=yes
|
||||
# list of system directories we do NOT want to change owner/group/perms
|
||||
# when installing our package
|
||||
SYSTEM_DIR="/etc \
|
||||
/etc/init.d \
|
||||
/etc/rcS.d \
|
||||
/etc/rc0.d \
|
||||
/etc/rc1.d \
|
||||
/etc/rc2.d \
|
||||
/etc/opt \
|
||||
/opt \
|
||||
/opt/bin \
|
||||
/usr \
|
||||
/usr/bin \
|
||||
/usr/lib \
|
||||
/usr/sbin \
|
||||
/usr/share \
|
||||
/usr/share/man \
|
||||
/usr/share/man/man1 \
|
||||
/usr/share/man/man8 \
|
||||
/usr/local \
|
||||
/usr/local/bin \
|
||||
/usr/local/etc \
|
||||
/usr/local/libexec \
|
||||
/usr/local/man \
|
||||
/usr/local/man/man1 \
|
||||
/usr/local/man/man8 \
|
||||
/usr/local/sbin \
|
||||
/usr/local/share \
|
||||
/var \
|
||||
/var/opt \
|
||||
/var/run \
|
||||
/var/tmp \
|
||||
/tmp"
|
||||
|
||||
# We may need to build as root so we make sure PATH is set up
|
||||
# only set the path if it's not set already
|
||||
[ -d /usr/local/bin ] && {
|
||||
echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1
|
||||
[ $? -ne 0 ] && PATH=$PATH:/usr/local/bin
|
||||
}
|
||||
[ -d /usr/ccs/bin ] && {
|
||||
echo $PATH | grep ":/usr/ccs/bin" > /dev/null 2>&1
|
||||
[ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin
|
||||
}
|
||||
export PATH
|
||||
#
|
||||
|
||||
[ -f Makefile ] || {
|
||||
echo "Please run this script from your build directory"
|
||||
exit 1
|
||||
}
|
||||
|
||||
# we will look for config.local to override the above options
|
||||
[ -s ./config.local ] && . ./config.local
|
||||
|
||||
## Start by faking root install
|
||||
echo "Faking root install..."
|
||||
START=`pwd`
|
||||
OPENSSHD_IN=`dirname $0`/opensshd.in
|
||||
FAKE_ROOT=$START/package
|
||||
[ -d $FAKE_ROOT ] && rm -fr $FAKE_ROOT
|
||||
mkdir $FAKE_ROOT
|
||||
${MAKE} install-nokeys DESTDIR=$FAKE_ROOT
|
||||
if [ $? -gt 0 ]
|
||||
then
|
||||
echo "Fake root install failed, stopping."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
## Fill in some details, like prefix and sysconfdir
|
||||
for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir
|
||||
do
|
||||
eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
|
||||
done
|
||||
|
||||
|
||||
## Collect value of privsep user
|
||||
for confvar in SSH_PRIVSEP_USER
|
||||
do
|
||||
eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
|
||||
done
|
||||
|
||||
## Set privsep defaults if not defined
|
||||
if [ -z "$SSH_PRIVSEP_USER" ]
|
||||
then
|
||||
SSH_PRIVSEP_USER=sshd
|
||||
fi
|
||||
|
||||
## Extract common info requires for the 'info' part of the package.
|
||||
VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'`
|
||||
|
||||
UNAME_S=`uname -s`
|
||||
case ${UNAME_S} in
|
||||
SunOS) UNAME_S=Solaris
|
||||
ARCH=`uname -p`
|
||||
RCS_D=yes
|
||||
DEF_MSG="(default: n)"
|
||||
;;
|
||||
*) ARCH=`uname -m`
|
||||
DEF_MSG="\n" ;;
|
||||
esac
|
||||
|
||||
## Setup our run level stuff while we are at it.
|
||||
mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
|
||||
|
||||
## setup our initscript correctly
|
||||
sed -e "s#%%configDir%%#${sysconfdir}#g" \
|
||||
-e "s#%%openSSHDir%%#$prefix#g" \
|
||||
-e "s#%%pidDir%%#${piddir}#g" \
|
||||
${OPENSSHD_IN} > $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
|
||||
chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
|
||||
|
||||
[ "${PERMIT_ROOT_LOGIN}" = no ] && \
|
||||
perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
|
||||
$FAKE_ROOT/${sysconfdir}/sshd_config
|
||||
[ "${X11_FORWARDING}" = yes ] && \
|
||||
perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
|
||||
$FAKE_ROOT/${sysconfdir}/sshd_config
|
||||
# fix PrintMotd
|
||||
perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \
|
||||
$FAKE_ROOT/${sysconfdir}/sshd_config
|
||||
|
||||
# We don't want to overwrite config files on multiple installs
|
||||
mv $FAKE_ROOT/${sysconfdir}/ssh_config $FAKE_ROOT/${sysconfdir}/ssh_config.default
|
||||
mv $FAKE_ROOT/${sysconfdir}/sshd_config $FAKE_ROOT/${sysconfdir}/sshd_config.default
|
||||
[ -f $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds ] && \
|
||||
mv $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds.default
|
||||
|
||||
cd $FAKE_ROOT
|
||||
|
||||
## Ok, this is outright wrong, but it will work. I'm tired of pkgmk
|
||||
## whining.
|
||||
for i in *; do
|
||||
PROTO_ARGS="$PROTO_ARGS $i=/$i";
|
||||
done
|
||||
|
||||
## Build info file
|
||||
echo "Building pkginfo file..."
|
||||
cat > pkginfo << _EOF
|
||||
PKG=$PKGNAME
|
||||
NAME="OpenSSH Portable for ${UNAME_S}"
|
||||
DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh."
|
||||
VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html"
|
||||
ARCH=$ARCH
|
||||
VERSION=$VERSION
|
||||
CATEGORY="Security,application"
|
||||
BASEDIR=/
|
||||
CLASSES="none"
|
||||
_EOF
|
||||
|
||||
## Build preinstall file
|
||||
echo "Building preinstall file..."
|
||||
cat > preinstall << _EOF
|
||||
#! /sbin/sh
|
||||
#
|
||||
[ "\${PRE_INS_STOP}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
|
||||
exit 0
|
||||
_EOF
|
||||
|
||||
## Build postinstall file
|
||||
echo "Building postinstall file..."
|
||||
cat > postinstall << _EOF
|
||||
#! /sbin/sh
|
||||
#
|
||||
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] || \\
|
||||
cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\
|
||||
\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config
|
||||
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\
|
||||
cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\
|
||||
\${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config
|
||||
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && {
|
||||
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\
|
||||
cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\
|
||||
\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds
|
||||
}
|
||||
|
||||
# make rc?.d dirs only if we are doing a test install
|
||||
[ -n "${TEST_DIR}" ] && {
|
||||
[ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d
|
||||
mkdir -p ${TEST_DIR}/etc/rc0.d
|
||||
mkdir -p ${TEST_DIR}/etc/rc1.d
|
||||
mkdir -p ${TEST_DIR}/etc/rc2.d
|
||||
}
|
||||
|
||||
if [ "\${USE_SYM_LINKS}" = yes ]
|
||||
then
|
||||
[ "$RCS_D" = yes ] && \
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
|
||||
else
|
||||
[ "$RCS_D" = yes ] && \
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||
fi
|
||||
|
||||
# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
|
||||
[ -d $piddir ] || installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 755 root sys
|
||||
|
||||
installf -f ${PKGNAME}
|
||||
|
||||
# Use chroot to handle PKG_INSTALL_ROOT
|
||||
if [ ! -z "\${PKG_INSTALL_ROOT}" ]
|
||||
then
|
||||
chroot="chroot \${PKG_INSTALL_ROOT}"
|
||||
fi
|
||||
# If this is a test build, we will skip the groupadd/useradd/passwd commands
|
||||
if [ ! -z "${TEST_DIR}" ]
|
||||
then
|
||||
chroot=echo
|
||||
fi
|
||||
|
||||
if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null
|
||||
then
|
||||
echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
|
||||
echo "or group."
|
||||
else
|
||||
echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
|
||||
|
||||
# create group if required
|
||||
if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
|
||||
then
|
||||
echo "PrivSep group $SSH_PRIVSEP_USER already exists."
|
||||
else
|
||||
# Use gid of 67 if possible
|
||||
if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null
|
||||
then
|
||||
:
|
||||
else
|
||||
sshdgid="-g $SSHDGID"
|
||||
fi
|
||||
echo "Creating PrivSep group $SSH_PRIVSEP_USER."
|
||||
\$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER
|
||||
fi
|
||||
|
||||
# Create user if required
|
||||
if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
|
||||
then
|
||||
echo "PrivSep user $SSH_PRIVSEP_USER already exists."
|
||||
else
|
||||
# Use uid of 67 if possible
|
||||
if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null
|
||||
then
|
||||
:
|
||||
else
|
||||
sshduid="-u $SSHDUID"
|
||||
fi
|
||||
echo "Creating PrivSep user $SSH_PRIVSEP_USER."
|
||||
\$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
|
||||
\$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER
|
||||
fi
|
||||
fi
|
||||
|
||||
[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
|
||||
exit 0
|
||||
_EOF
|
||||
|
||||
## Build preremove file
|
||||
echo "Building preremove file..."
|
||||
cat > preremove << _EOF
|
||||
#! /sbin/sh
|
||||
#
|
||||
${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
|
||||
exit 0
|
||||
_EOF
|
||||
|
||||
## Build request file
|
||||
echo "Building request file..."
|
||||
cat > request << _EOF
|
||||
trap 'exit 3' 15
|
||||
USE_SYM_LINKS=no
|
||||
PRE_INS_STOP=no
|
||||
POST_INS_START=no
|
||||
# Use symbolic links?
|
||||
ans=\`ckyorn -d n \
|
||||
-p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` || exit \$?
|
||||
case \$ans in
|
||||
[y,Y]*) USE_SYM_LINKS=yes ;;
|
||||
esac
|
||||
|
||||
# determine if should restart the daemon
|
||||
if [ -s ${piddir}/sshd.pid -a -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ]
|
||||
then
|
||||
ans=\`ckyorn -d n \
|
||||
-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
|
||||
case \$ans in
|
||||
[y,Y]*) PRE_INS_STOP=yes
|
||||
POST_INS_START=yes
|
||||
;;
|
||||
esac
|
||||
|
||||
else
|
||||
|
||||
# determine if we should start sshd
|
||||
ans=\`ckyorn -d n \
|
||||
-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$?
|
||||
case \$ans in
|
||||
[y,Y]*) POST_INS_START=yes ;;
|
||||
esac
|
||||
fi
|
||||
|
||||
# make parameters available to installation service,
|
||||
# and so to any other packaging scripts
|
||||
cat >\$1 <<!
|
||||
USE_SYM_LINKS='\$USE_SYM_LINKS'
|
||||
PRE_INS_STOP='\$PRE_INS_STOP'
|
||||
POST_INS_START='\$POST_INS_START'
|
||||
!
|
||||
exit 0
|
||||
|
||||
_EOF
|
||||
|
||||
## Build space file
|
||||
echo "Building space file..."
|
||||
cat > space << _EOF
|
||||
# extra space required by start/stop links added by installf in postinstall
|
||||
$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME} 0 1
|
||||
$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME} 0 1
|
||||
$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME} 0 1
|
||||
_EOF
|
||||
[ "$RCS_D" = yes ] && \
|
||||
echo "$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME} 0 1" >> space
|
||||
|
||||
## Next Build our prototype
|
||||
echo "Building prototype file..."
|
||||
cat >mk-proto.awk << _EOF
|
||||
BEGIN { print "i pkginfo"; print "i preinstall"; \\
|
||||
print "i postinstall"; print "i preremove"; \\
|
||||
print "i request"; print "i space"; \\
|
||||
split("$SYSTEM_DIR",sys_files); }
|
||||
{
|
||||
for (dir in sys_files) { if ( \$3 != sys_files[dir] )
|
||||
{ \$5="root"; \$6="sys"; }
|
||||
else
|
||||
{ \$4="?"; \$5="?"; \$6="?"; break;}
|
||||
} }
|
||||
{ print; }
|
||||
_EOF
|
||||
find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \
|
||||
pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype
|
||||
|
||||
# /usr/local is a symlink on some systems
|
||||
[ "${USR_LOCAL_IS_SYMLINK}" = yes ] && {
|
||||
grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new
|
||||
mv prototype.new prototype
|
||||
}
|
||||
|
||||
## Step back a directory and now build the package.
|
||||
echo "Building package.."
|
||||
cd ..
|
||||
pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
|
||||
echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$UNAME_S-$ARCH-$VERSION.pkg
|
||||
rm -rf $FAKE_ROOT
|
||||
|
@ -1,82 +0,0 @@
|
||||
#!/sbin/sh
|
||||
# Donated code that was put under PD license.
|
||||
#
|
||||
# Stripped PRNGd out of it for the time being.
|
||||
|
||||
umask 022
|
||||
|
||||
CAT=/usr/bin/cat
|
||||
KILL=/usr/bin/kill
|
||||
|
||||
prefix=%%openSSHDir%%
|
||||
etcdir=%%configDir%%
|
||||
piddir=%%pidDir%%
|
||||
|
||||
SSHD=$prefix/sbin/sshd
|
||||
PIDFILE=$piddir/sshd.pid
|
||||
SSH_KEYGEN=$prefix/bin/ssh-keygen
|
||||
HOST_KEY_RSA1=$etcdir/ssh_host_key
|
||||
HOST_KEY_DSA=$etcdir/ssh_host_dsa_key
|
||||
HOST_KEY_RSA=$etcdir/ssh_host_rsa_key
|
||||
|
||||
|
||||
checkkeys() {
|
||||
if [ ! -f $HOST_KEY_RSA1 ]; then
|
||||
${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
|
||||
fi
|
||||
if [ ! -f $HOST_KEY_DSA ]; then
|
||||
${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
|
||||
fi
|
||||
if [ ! -f $HOST_KEY_RSA ]; then
|
||||
${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N ""
|
||||
fi
|
||||
}
|
||||
|
||||
stop_service() {
|
||||
if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then
|
||||
PID=`${CAT} ${PIDFILE}`
|
||||
fi
|
||||
if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then
|
||||
${KILL} ${PID}
|
||||
else
|
||||
echo "Unable to read PID file"
|
||||
fi
|
||||
}
|
||||
|
||||
start_service() {
|
||||
# XXX We really should check if the service is already going, but
|
||||
# XXX we will opt out at this time. - Bal
|
||||
|
||||
# Check to see if we have keys that need to be made
|
||||
checkkeys
|
||||
|
||||
# Start SSHD
|
||||
echo "starting $SSHD... \c" ; $SSHD
|
||||
|
||||
sshd_rc=$?
|
||||
if [ $sshd_rc -ne 0 ]; then
|
||||
echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing."
|
||||
exit $sshd_rc
|
||||
fi
|
||||
echo done.
|
||||
}
|
||||
|
||||
case $1 in
|
||||
|
||||
'start')
|
||||
start_service
|
||||
;;
|
||||
|
||||
'stop')
|
||||
stop_service
|
||||
;;
|
||||
|
||||
'restart')
|
||||
stop_service
|
||||
start_service
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "$0: usage: $0 {start|stop|restart}"
|
||||
;;
|
||||
esac
|
@ -1,50 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Shell script to install your identity.pub on a remote machine
|
||||
# Takes the remote machine name as an argument.
|
||||
# Obviously, the remote machine must accept password authentication,
|
||||
# or one of the other keys in your ssh-agent, for this to work.
|
||||
|
||||
ID_FILE="${HOME}/.ssh/identity.pub"
|
||||
|
||||
if [ "-i" = "$1" ]; then
|
||||
shift
|
||||
# check if we have 2 parameters left, if so the first is the new ID file
|
||||
if [ -n "$2" ]; then
|
||||
if expr "$1" : ".*\.pub" ; then
|
||||
ID_FILE="$1"
|
||||
else
|
||||
ID_FILE="$1.pub"
|
||||
fi
|
||||
shift # and this should leave $1 as the target name
|
||||
fi
|
||||
else
|
||||
if [ x$SSH_AUTH_SOCK != x ] ; then
|
||||
GET_ID="$GET_ID ssh-add -L"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -z "`eval $GET_ID`" -a -r "${ID_FILE}" ] ; then
|
||||
GET_ID="cat ${ID_FILE}"
|
||||
fi
|
||||
|
||||
if [ -z "`eval $GET_ID`" ]; then
|
||||
echo "$0: ERROR: No identities found" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
|
||||
echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1
|
||||
|
||||
cat <<EOF
|
||||
Now try logging into the machine, with "ssh '$1'", and check in:
|
||||
|
||||
.ssh/authorized_keys
|
||||
|
||||
to make sure we haven't added extra keys that you weren't expecting.
|
||||
|
||||
EOF
|
@ -1,67 +0,0 @@
|
||||
.ig \" -*- nroff -*-
|
||||
Copyright (c) 1999 Philip Hands Computing <http://www.hands.com/>
|
||||
|
||||
Permission is granted to make and distribute verbatim copies of
|
||||
this manual provided the copyright notice and this permission notice
|
||||
are preserved on all copies.
|
||||
|
||||
Permission is granted to copy and distribute modified versions of this
|
||||
manual under the conditions for verbatim copying, provided that the
|
||||
entire resulting derived work is distributed under the terms of a
|
||||
permission notice identical to this one.
|
||||
|
||||
Permission is granted to copy and distribute translations of this
|
||||
manual into another language, under the above conditions for modified
|
||||
versions, except that this permission notice may be included in
|
||||
translations approved by the Free Software Foundation instead of in
|
||||
the original English.
|
||||
..
|
||||
.TH SSH-COPY-ID 1 "14 November 1999" "OpenSSH"
|
||||
.SH NAME
|
||||
ssh-copy-id \- install your identity.pub in a remote machine's authorized_keys
|
||||
.SH SYNOPSIS
|
||||
.B ssh-copy-id [-i [identity_file]]
|
||||
.I "[user@]machine"
|
||||
.br
|
||||
.SH DESCRIPTION
|
||||
.BR ssh-copy-id
|
||||
is a script that uses ssh to log into a remote machine (presumably
|
||||
using a login password, so password authentication should be enabled,
|
||||
unless you've done some clever use of multiple identities)
|
||||
.PP
|
||||
It also changes the permissions of the remote user's home,
|
||||
.BR ~/.ssh ,
|
||||
and
|
||||
.B ~/.ssh/authorized_keys
|
||||
to remove group writability (which would otherwise prevent you from logging in, if the remote
|
||||
.B sshd
|
||||
has
|
||||
.B StrictModes
|
||||
set in its configuration).
|
||||
.PP
|
||||
If the
|
||||
.B -i
|
||||
option is given then the identity file (defaults to
|
||||
.BR ~/.ssh/identity.pub )
|
||||
is used, regardless of whether there are any keys in your
|
||||
.BR ssh-agent .
|
||||
Otherwise, if this:
|
||||
.PP
|
||||
.B " ssh-add -L"
|
||||
.PP
|
||||
provides any output, it uses that in preference to the identity file.
|
||||
.PP
|
||||
If the
|
||||
.B -i
|
||||
option is used, or the
|
||||
.B ssh-add
|
||||
produced no output, then it uses the contents of the identity
|
||||
file. Once it has one or more fingerprints (by whatever means) it
|
||||
uses ssh to append them to
|
||||
.B ~/.ssh/authorized_keys
|
||||
on the remote machine (creating the file, and directory, if necessary)
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.BR ssh (1),
|
||||
.BR ssh-agent (1),
|
||||
.BR sshd (8)
|
@ -1,5 +0,0 @@
|
||||
sshd auth required pam_unix.so try_first_pass
|
||||
sshd account required pam_unix.so
|
||||
sshd password required pam_permit.so
|
||||
sshd session required pam_permit.so
|
||||
|
@ -1,8 +0,0 @@
|
||||
#%PAM-1.0
|
||||
auth required /lib/security/pam_unix.so shadow nodelay
|
||||
auth required /lib/security/pam_nologin.so
|
||||
account required /lib/security/pam_unix.so
|
||||
password required /lib/security/pam_cracklib.so
|
||||
password required /lib/security/pam_unix.so shadow nullok use_authtok
|
||||
session required /lib/security/pam_unix.so
|
||||
session required /lib/security/pam_limits.so
|
@ -1,199 +0,0 @@
|
||||
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
|
||||
Name: openssh
|
||||
Version: 3.8.1p1
|
||||
URL: http://www.openssh.com/
|
||||
Release: 1
|
||||
Source0: openssh-%{version}.tar.gz
|
||||
Copyright: BSD
|
||||
Group: Applications/Internet
|
||||
BuildRoot: /tmp/openssh-%{version}-buildroot
|
||||
PreReq: openssl
|
||||
Obsoletes: ssh
|
||||
#
|
||||
# (Build[ing] Prereq[uisites] only work for RPM 2.95 and newer.)
|
||||
# building prerequisites -- stuff for
|
||||
# OpenSSL (openssl-devel),
|
||||
# TCP Wrappers (nkitb),
|
||||
# and Gnome (glibdev, gtkdev, and gnlibsd)
|
||||
#
|
||||
BuildPrereq: openssl
|
||||
BuildPrereq: nkitb
|
||||
BuildPrereq: glibdev
|
||||
BuildPrereq: gtkdev
|
||||
BuildPrereq: gnlibsd
|
||||
|
||||
%description
|
||||
Ssh (Secure Shell) a program for logging into a remote machine and for
|
||||
executing commands in a remote machine. It is intended to replace
|
||||
rlogin and rsh, and provide secure encrypted communications between
|
||||
two untrusted hosts over an insecure network. X11 connections and
|
||||
arbitrary TCP/IP ports can also be forwarded over the secure channel.
|
||||
|
||||
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
|
||||
up to date in terms of security and features, as well as removing all
|
||||
patented algorithms to seperate libraries (OpenSSL).
|
||||
|
||||
This package includes all files necessary for both the OpenSSH
|
||||
client and server. Additionally, this package contains the GNOME
|
||||
passphrase dialog.
|
||||
|
||||
%changelog
|
||||
* Mon Jun 12 2000 Damien Miller <djm@mindrot.org>
|
||||
- Glob manpages to catch compressed files
|
||||
* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
|
||||
- Updated for new location
|
||||
- Updated for new gnome-ssh-askpass build
|
||||
* Sun Dec 26 1999 Chris Saia <csaia@wtower.com>
|
||||
- Made symlink to gnome-ssh-askpass called ssh-askpass
|
||||
* Wed Nov 24 1999 Chris Saia <csaia@wtower.com>
|
||||
- Removed patches that included /etc/pam.d/sshd, /sbin/init.d/rc.sshd, and
|
||||
/var/adm/fillup-templates/rc.config.sshd, since Damien merged these into
|
||||
his released tarfile
|
||||
- Changed permissions on ssh_config in the install procedure to 644 from 600
|
||||
even though it was correct in the %files section and thus right in the RPMs
|
||||
- Postinstall script for the server now only prints "Generating SSH host
|
||||
key..." if we need to actually do this, in order to eliminate a confusing
|
||||
message if an SSH host key is already in place
|
||||
- Marked all manual pages as %doc(umentation)
|
||||
* Mon Nov 22 1999 Chris Saia <csaia@wtower.com>
|
||||
- Added flag to configure daemon with TCP Wrappers support
|
||||
- Added building prerequisites (works in RPM 3.0 and newer)
|
||||
* Thu Nov 18 1999 Chris Saia <csaia@wtower.com>
|
||||
- Made this package correct for SuSE.
|
||||
- Changed instances of pam_pwdb.so to pam_unix.so, since it works more properly
|
||||
with SuSE, and lib_pwdb.so isn't installed by default.
|
||||
* Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
|
||||
- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
|
||||
* Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
|
||||
- Added 'Obsoletes' directives
|
||||
* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
|
||||
- Use make install
|
||||
- Subpackages
|
||||
* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
|
||||
- Added links for slogin
|
||||
- Fixed perms on manpages
|
||||
* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
|
||||
- Renamed init script
|
||||
* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
|
||||
- Back to old binary names
|
||||
* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
|
||||
- Use autoconf
|
||||
- New binary names
|
||||
* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
|
||||
- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.
|
||||
|
||||
%prep
|
||||
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
CFLAGS="$RPM_OPT_FLAGS" \
|
||||
./configure --prefix=/usr \
|
||||
--sysconfdir=/etc/ssh \
|
||||
--datadir=/usr/share/openssh \
|
||||
--with-pam \
|
||||
--with-gnome-askpass \
|
||||
--with-tcp-wrappers \
|
||||
--with-ipv4-default \
|
||||
--libexecdir=/usr/lib/ssh
|
||||
make
|
||||
|
||||
cd contrib
|
||||
gcc -O -g `gnome-config --cflags gnome gnomeui` \
|
||||
gnome-ssh-askpass.c -o gnome-ssh-askpass \
|
||||
`gnome-config --libs gnome gnomeui`
|
||||
cd ..
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
make install DESTDIR=$RPM_BUILD_ROOT/
|
||||
install -d $RPM_BUILD_ROOT/etc/ssh/
|
||||
install -d $RPM_BUILD_ROOT/etc/pam.d/
|
||||
install -d $RPM_BUILD_ROOT/sbin/init.d/
|
||||
install -d $RPM_BUILD_ROOT/var/adm/fillup-templates
|
||||
install -d $RPM_BUILD_ROOT/usr/lib/ssh
|
||||
install -m644 contrib/sshd.pam.generic $RPM_BUILD_ROOT/etc/pam.d/sshd
|
||||
install -m744 contrib/suse/rc.sshd $RPM_BUILD_ROOT/sbin/init.d/sshd
|
||||
ln -s ../../sbin/init.d/sshd $RPM_BUILD_ROOT/usr/sbin/rcsshd
|
||||
install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT/usr/lib/ssh/gnome-ssh-askpass
|
||||
ln -s gnome-ssh-askpass $RPM_BUILD_ROOT/usr/lib/ssh/ssh-askpass
|
||||
install -m744 contrib/suse/rc.config.sshd \
|
||||
$RPM_BUILD_ROOT/var/adm/fillup-templates
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%post
|
||||
if [ "$1" = 1 ]; then
|
||||
echo "Creating SSH stop/start scripts in the rc directories..."
|
||||
ln -s ../sshd /sbin/init.d/rc2.d/K20sshd
|
||||
ln -s ../sshd /sbin/init.d/rc2.d/S20sshd
|
||||
ln -s ../sshd /sbin/init.d/rc3.d/K20sshd
|
||||
ln -s ../sshd /sbin/init.d/rc3.d/S20sshd
|
||||
fi
|
||||
echo "Updating /etc/rc.config..."
|
||||
if [ -x /bin/fillup ] ; then
|
||||
/bin/fillup -q -d = etc/rc.config var/adm/fillup-templates/rc.config.sshd
|
||||
else
|
||||
echo "ERROR: fillup not found. This should NOT happen in SuSE Linux."
|
||||
echo "Update /etc/rc.config by hand from the following template file:"
|
||||
echo " /var/adm/fillup-templates/rc.config.sshd"
|
||||
fi
|
||||
if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
|
||||
echo "Generating SSH host key..."
|
||||
/usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' >&2
|
||||
fi
|
||||
if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
|
||||
echo "Generating SSH DSA host key..."
|
||||
/usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' >&2
|
||||
fi
|
||||
if test -r /var/run/sshd.pid
|
||||
then
|
||||
echo "Restarting the running SSH daemon..."
|
||||
/usr/sbin/rcsshd restart >&2
|
||||
fi
|
||||
|
||||
%preun
|
||||
if [ "$1" = 0 ]
|
||||
then
|
||||
echo "Stopping the SSH daemon..."
|
||||
/usr/sbin/rcsshd stop >&2
|
||||
echo "Removing SSH stop/start scripts from the rc directories..."
|
||||
rm /sbin/init.d/rc2.d/K20sshd
|
||||
rm /sbin/init.d/rc2.d/S20sshd
|
||||
rm /sbin/init.d/rc3.d/K20sshd
|
||||
rm /sbin/init.d/rc3.d/S20sshd
|
||||
fi
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc ChangeLog OVERVIEW README*
|
||||
%doc RFC.nroff TODO CREDITS LICENCE
|
||||
%attr(0755,root,root) %dir /etc/ssh
|
||||
%attr(0644,root,root) %config /etc/ssh/ssh_config
|
||||
%attr(0600,root,root) %config /etc/ssh/sshd_config
|
||||
%attr(0600,root,root) %config /etc/ssh/moduli
|
||||
%attr(0644,root,root) %config /etc/pam.d/sshd
|
||||
%attr(0755,root,root) %config /sbin/init.d/sshd
|
||||
%attr(0755,root,root) /usr/bin/ssh-keygen
|
||||
%attr(0755,root,root) /usr/bin/scp
|
||||
%attr(4755,root,root) /usr/bin/ssh
|
||||
%attr(-,root,root) /usr/bin/slogin
|
||||
%attr(0755,root,root) /usr/bin/ssh-agent
|
||||
%attr(0755,root,root) /usr/bin/ssh-add
|
||||
%attr(0755,root,root) /usr/bin/ssh-keyscan
|
||||
%attr(0755,root,root) /usr/bin/sftp
|
||||
%attr(0755,root,root) /usr/sbin/sshd
|
||||
%attr(-,root,root) /usr/sbin/rcsshd
|
||||
%attr(0755,root,root) %dir /usr/lib/ssh
|
||||
%attr(0755,root,root) /usr/lib/ssh/ssh-askpass
|
||||
%attr(0755,root,root) /usr/lib/ssh/gnome-ssh-askpass
|
||||
%attr(0644,root,root) %doc /usr/man/man1/scp.1*
|
||||
%attr(0644,root,root) %doc /usr/man/man1/ssh.1*
|
||||
%attr(-,root,root) %doc /usr/man/man1/slogin.1*
|
||||
%attr(0644,root,root) %doc /usr/man/man1/ssh-agent.1*
|
||||
%attr(0644,root,root) %doc /usr/man/man1/ssh-add.1*
|
||||
%attr(0644,root,root) %doc /usr/man/man1/ssh-keygen.1*
|
||||
%attr(0644,root,root) %doc /usr/man/man8/sshd.8*
|
||||
%attr(0644,root,root) /var/adm/fillup-templates/rc.config.sshd
|
||||
|
@ -1,5 +0,0 @@
|
||||
#
|
||||
# Start the Secure Shell (SSH) Daemon?
|
||||
#
|
||||
START_SSHD="yes"
|
||||
|
@ -1,80 +0,0 @@
|
||||
#! /bin/sh
|
||||
# Copyright (c) 1995-1998 SuSE GmbH Nuernberg, Germany.
|
||||
#
|
||||
# Author: Chris Saia <csaia@wtower.com>
|
||||
#
|
||||
# /sbin/init.d/sshd
|
||||
#
|
||||
# and symbolic its link
|
||||
#
|
||||
# /sbin/rcsshd
|
||||
#
|
||||
|
||||
. /etc/rc.config
|
||||
|
||||
# Determine the base and follow a runlevel link name.
|
||||
base=${0##*/}
|
||||
link=${base#*[SK][0-9][0-9]}
|
||||
|
||||
# Force execution if not called by a runlevel directory.
|
||||
test $link = $base && START_SSHD=yes
|
||||
test "$START_SSHD" = yes || exit 0
|
||||
|
||||
# The echo return value for success (defined in /etc/rc.config).
|
||||
return=$rc_done
|
||||
case "$1" in
|
||||
start)
|
||||
echo -n "Starting service sshd"
|
||||
## Start daemon with startproc(8). If this fails
|
||||
## the echo return value is set appropriate.
|
||||
|
||||
startproc /usr/sbin/sshd || return=$rc_failed
|
||||
|
||||
echo -e "$return"
|
||||
;;
|
||||
stop)
|
||||
echo -n "Stopping service sshd"
|
||||
## Stop daemon with killproc(8) and if this fails
|
||||
## set echo the echo return value.
|
||||
|
||||
killproc -TERM /usr/sbin/sshd || return=$rc_failed
|
||||
|
||||
echo -e "$return"
|
||||
;;
|
||||
restart)
|
||||
## If first returns OK call the second, if first or
|
||||
## second command fails, set echo return value.
|
||||
$0 stop && $0 start || return=$rc_failed
|
||||
;;
|
||||
reload)
|
||||
## Choose ONE of the following two cases:
|
||||
|
||||
## First possibility: A few services accepts a signal
|
||||
## to reread the (changed) configuration.
|
||||
|
||||
echo -n "Reload service sshd"
|
||||
killproc -HUP /usr/sbin/sshd || return=$rc_failed
|
||||
echo -e "$return"
|
||||
;;
|
||||
status)
|
||||
echo -n "Checking for service sshd"
|
||||
## Check status with checkproc(8), if process is running
|
||||
## checkproc will return with exit status 0.
|
||||
|
||||
checkproc /usr/sbin/sshd && echo OK || echo No process
|
||||
;;
|
||||
probe)
|
||||
## Optional: Probe for the necessity of a reload,
|
||||
## give out the argument which is required for a reload.
|
||||
|
||||
test /etc/ssh/sshd_config -nt /var/run/sshd.pid && echo reload
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|status|restart|reload[|probe]}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
# Inform the caller not only verbosely and set an exit status.
|
||||
test "$return" = "$rc_done" || exit 1
|
||||
exit 0
|
@ -1,44 +0,0 @@
|
||||
# $OpenBSD: envpass.sh,v 1.1 2004/04/27 09:47:30 djm Exp $
|
||||
# Placed in the Public Domain.
|
||||
|
||||
tid="environment passing"
|
||||
|
||||
# NB accepted env vars are in test-exec.sh (_XXX_TEST_* and _XXX_TEST)
|
||||
|
||||
trace "pass env, don't accept"
|
||||
verbose "test $tid: pass env, don't accept"
|
||||
_TEST_ENV=blah ${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy otherhost \
|
||||
'[ -z "$_TEST_ENV" ]'
|
||||
r=$?
|
||||
if [ $r -ne 0 ]; then
|
||||
fail "environment found"
|
||||
fi
|
||||
|
||||
trace "don't pass env, accept"
|
||||
verbose "test $tid: don't pass env, accept"
|
||||
${SSH} -F $OBJ/ssh_proxy otherhost \
|
||||
'[ -z "$_XXX_TEST_A" -a -z "$_XXX_TEST_B" ]'
|
||||
r=$?
|
||||
if [ $r -ne 0 ]; then
|
||||
fail "environment found"
|
||||
fi
|
||||
|
||||
trace "pass single env, accept single env"
|
||||
verbose "test $tid: pass single env, accept single env"
|
||||
_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -F $OBJ/ssh_proxy otherhost \
|
||||
'[ "x$_XXX_TEST" = "xblah" ]'
|
||||
r=$?
|
||||
if [ $r -ne 0 ]; then
|
||||
fail "environment not found"
|
||||
fi
|
||||
|
||||
trace "pass multiple env, accept multiple env"
|
||||
verbose "test $tid: pass multiple env, accept multiple env"
|
||||
_XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -oSendEnv="_XXX_TEST_*" \
|
||||
-F $OBJ/ssh_proxy otherhost \
|
||||
'[ "x$_XXX_TEST_A" = "x1" -a "x$_XXX_TEST_B" = "x2" ]'
|
||||
r=$?
|
||||
if [ $r -ne 0 ]; then
|
||||
fail "environment not found"
|
||||
fi
|
||||
|
@ -1,58 +0,0 @@
|
||||
/* $OpenBSD: getput.h,v 1.8 2002/03/04 17:27:39 stevesk Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
* Macros for storing and retrieving data in msb first and lsb first order.
|
||||
*
|
||||
* As far as I am concerned, the code I have written for this software
|
||||
* can be used freely for any purpose. Any derived versions of this
|
||||
* software must be clearly marked as such, and if the derived work is
|
||||
* incompatible with the protocol description in the RFC file, it must be
|
||||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*/
|
||||
|
||||
#ifndef GETPUT_H
|
||||
#define GETPUT_H
|
||||
|
||||
/*------------ macros for storing/extracting msb first words -------------*/
|
||||
|
||||
#define GET_64BIT(cp) (((u_int64_t)(u_char)(cp)[0] << 56) | \
|
||||
((u_int64_t)(u_char)(cp)[1] << 48) | \
|
||||
((u_int64_t)(u_char)(cp)[2] << 40) | \
|
||||
((u_int64_t)(u_char)(cp)[3] << 32) | \
|
||||
((u_int64_t)(u_char)(cp)[4] << 24) | \
|
||||
((u_int64_t)(u_char)(cp)[5] << 16) | \
|
||||
((u_int64_t)(u_char)(cp)[6] << 8) | \
|
||||
((u_int64_t)(u_char)(cp)[7]))
|
||||
|
||||
#define GET_32BIT(cp) (((u_long)(u_char)(cp)[0] << 24) | \
|
||||
((u_long)(u_char)(cp)[1] << 16) | \
|
||||
((u_long)(u_char)(cp)[2] << 8) | \
|
||||
((u_long)(u_char)(cp)[3]))
|
||||
|
||||
#define GET_16BIT(cp) (((u_long)(u_char)(cp)[0] << 8) | \
|
||||
((u_long)(u_char)(cp)[1]))
|
||||
|
||||
#define PUT_64BIT(cp, value) do { \
|
||||
(cp)[0] = (value) >> 56; \
|
||||
(cp)[1] = (value) >> 48; \
|
||||
(cp)[2] = (value) >> 40; \
|
||||
(cp)[3] = (value) >> 32; \
|
||||
(cp)[4] = (value) >> 24; \
|
||||
(cp)[5] = (value) >> 16; \
|
||||
(cp)[6] = (value) >> 8; \
|
||||
(cp)[7] = (value); } while (0)
|
||||
|
||||
#define PUT_32BIT(cp, value) do { \
|
||||
(cp)[0] = (value) >> 24; \
|
||||
(cp)[1] = (value) >> 16; \
|
||||
(cp)[2] = (value) >> 8; \
|
||||
(cp)[3] = (value); } while (0)
|
||||
|
||||
#define PUT_16BIT(cp, value) do { \
|
||||
(cp)[0] = (value) >> 8; \
|
||||
(cp)[1] = (value); } while (0)
|
||||
|
||||
#endif /* GETPUT_H */
|
@ -1,23 +0,0 @@
|
||||
/* $OpenBSD: moduli.h,v 1.1 2003/07/28 09:49:56 djm Exp $ */
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <openssl/bn.h>
|
||||
|
||||
/*
|
||||
* Using virtual memory can cause thrashing. This should be the largest
|
||||
* number that is supported without a large amount of disk activity --
|
||||
* that would increase the run time from hours to days or weeks!
|
||||
*/
|
||||
#define LARGE_MINIMUM (8UL) /* megabytes */
|
||||
|
||||
/*
|
||||
* Do not increase this number beyond the unsigned integer bit size.
|
||||
* Due to a multiple of 4, it must be LESS than 128 (yielding 2**30 bits).
|
||||
*/
|
||||
#define LARGE_MAXIMUM (127UL) /* megabytes */
|
||||
|
||||
/* Minimum number of primality tests to perform */
|
||||
#define TRIAL_MINIMUM (4)
|
||||
|
||||
int gen_candidates(FILE *, int, int, BIGNUM *);
|
||||
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t);
|
@ -1,46 +0,0 @@
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
* This file contains various auxiliary functions related to multiple
|
||||
* precision integers.
|
||||
*
|
||||
* As far as I am concerned, the code I have written for this software
|
||||
* can be used freely for any purpose. Any derived versions of this
|
||||
* software must be clearly marked as such, and if the derived work is
|
||||
* incompatible with the protocol description in the RFC file, it must be
|
||||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: mpaux.c,v 1.16 2001/02/08 19:30:52 itojun Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include "getput.h"
|
||||
#include "xmalloc.h"
|
||||
|
||||
#include <openssl/md5.h>
|
||||
|
||||
#include "mpaux.h"
|
||||
|
||||
void
|
||||
compute_session_id(u_char session_id[16],
|
||||
u_char cookie[8],
|
||||
BIGNUM* host_key_n,
|
||||
BIGNUM* session_key_n)
|
||||
{
|
||||
u_int host_key_bytes = BN_num_bytes(host_key_n);
|
||||
u_int session_key_bytes = BN_num_bytes(session_key_n);
|
||||
u_int bytes = host_key_bytes + session_key_bytes;
|
||||
u_char *buf = xmalloc(bytes);
|
||||
MD5_CTX md;
|
||||
|
||||
BN_bn2bin(host_key_n, buf);
|
||||
BN_bn2bin(session_key_n, buf + host_key_bytes);
|
||||
MD5_Init(&md);
|
||||
MD5_Update(&md, buf, bytes);
|
||||
MD5_Update(&md, cookie, 8);
|
||||
MD5_Final(session_id, &md);
|
||||
memset(buf, 0, bytes);
|
||||
xfree(buf);
|
||||
}
|
@ -1,22 +0,0 @@
|
||||
/* $OpenBSD: mpaux.h,v 1.12 2002/03/04 17:27:39 stevesk Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
* This file contains various auxiliary functions related to multiple
|
||||
* precision integers.
|
||||
*
|
||||
* As far as I am concerned, the code I have written for this software
|
||||
* can be used freely for any purpose. Any derived versions of this
|
||||
* software must be clearly marked as such, and if the derived work is
|
||||
* incompatible with the protocol description in the RFC file, it must be
|
||||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*/
|
||||
|
||||
#ifndef MPAUX_H
|
||||
#define MPAUX_H
|
||||
|
||||
void compute_session_id(u_char[16], u_char[8], BIGNUM *, BIGNUM *);
|
||||
|
||||
#endif /* MPAUX_H */
|
@ -1 +0,0 @@
|
||||
Makefile
|
@ -1,19 +0,0 @@
|
||||
/* $OpenBSD: readpass.h,v 1.7 2002/03/26 15:58:46 markus Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
*
|
||||
* As far as I am concerned, the code I have written for this software
|
||||
* can be used freely for any purpose. Any derived versions of this
|
||||
* software must be clearly marked as such, and if the derived work is
|
||||
* incompatible with the protocol description in the RFC file, it must be
|
||||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*/
|
||||
|
||||
#define RP_ECHO 0x0001
|
||||
#define RP_ALLOW_STDIN 0x0002
|
||||
#define RP_ALLOW_EOF 0x0004
|
||||
|
||||
char *read_passphrase(const char *, int);
|
@ -1,2 +0,0 @@
|
||||
Makefile
|
||||
Ssh.bin
|
@ -1,37 +0,0 @@
|
||||
/* $OpenBSD: sftp-glob.h,v 1.8 2002/09/11 22:41:50 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001,2002 Damien Miller. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* Remote sftp filename globbing */
|
||||
|
||||
#ifndef _SFTP_GLOB_H
|
||||
#define _SFTP_GLOB_H
|
||||
|
||||
#include "sftp-client.h"
|
||||
|
||||
int remote_glob(struct sftp_conn *, const char *, int,
|
||||
int (*)(const char *, int), glob_t *);
|
||||
|
||||
#endif
|
File diff suppressed because it is too large
Load Diff
@ -1,27 +0,0 @@
|
||||
/* $OpenBSD: sftp-int.h,v 1.6 2003/01/08 23:53:26 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001,2002 Damien Miller. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
int interactive_loop(int, int, char *, char *);
|
@ -1,47 +0,0 @@
|
||||
/* $OpenBSD: sshtty.h,v 1.3 2003/09/19 17:43:35 markus Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
*
|
||||
* As far as I am concerned, the code I have written for this software
|
||||
* can be used freely for any purpose. Any derived versions of this
|
||||
* software must be clearly marked as such, and if the derived work is
|
||||
* incompatible with the protocol description in the RFC file, it must be
|
||||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*/
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2001 Kevin Steves. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef SSHTTY_H
|
||||
#define SSHTTY_H
|
||||
|
||||
#include <termios.h>
|
||||
|
||||
struct termios get_saved_tio(void);
|
||||
void leave_raw_mode(void);
|
||||
void enter_raw_mode(void);
|
||||
|
||||
#endif
|
@ -1,73 +0,0 @@
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
*
|
||||
* As far as I am concerned, the code I have written for this software
|
||||
* can be used freely for any purpose. Any derived versions of this
|
||||
* software must be clearly marked as such, and if the derived work is
|
||||
* incompatible with the protocol description in the RFC file, it must be
|
||||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: tildexpand.c,v 1.15 2004/05/21 08:43:03 markus Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
#include "misc.h"
|
||||
|
||||
/*
|
||||
* Expands tildes in the file name. Returns data allocated by xmalloc.
|
||||
* Warning: this calls getpw*.
|
||||
*/
|
||||
char *
|
||||
tilde_expand_filename(const char *filename, uid_t my_uid)
|
||||
{
|
||||
const char *cp;
|
||||
u_int userlen;
|
||||
char *expanded;
|
||||
struct passwd *pw;
|
||||
char user[100];
|
||||
int len;
|
||||
|
||||
/* Return immediately if no tilde. */
|
||||
if (filename[0] != '~')
|
||||
return xstrdup(filename);
|
||||
|
||||
/* Skip the tilde. */
|
||||
filename++;
|
||||
|
||||
/* Find where the username ends. */
|
||||
cp = strchr(filename, '/');
|
||||
if (cp)
|
||||
userlen = cp - filename; /* Something after username. */
|
||||
else
|
||||
userlen = strlen(filename); /* Nothing after username. */
|
||||
if (userlen == 0)
|
||||
pw = getpwuid(my_uid); /* Own home directory. */
|
||||
else {
|
||||
/* Tilde refers to someone elses home directory. */
|
||||
if (userlen > sizeof(user) - 1)
|
||||
fatal("User name after tilde too long.");
|
||||
memcpy(user, filename, userlen);
|
||||
user[userlen] = 0;
|
||||
pw = getpwnam(user);
|
||||
}
|
||||
if (!pw)
|
||||
fatal("Unknown user %100s.", user);
|
||||
|
||||
/* If referring to someones home directory, return it now. */
|
||||
if (!cp) {
|
||||
/* Only home directory specified */
|
||||
return xstrdup(pw->pw_dir);
|
||||
}
|
||||
/* Build a path combining the specified directory and path. */
|
||||
len = strlen(pw->pw_dir) + strlen(cp + 1) + 2;
|
||||
if (len > MAXPATHLEN)
|
||||
fatal("Home directory too long (%d > %d", len-1, MAXPATHLEN-1);
|
||||
expanded = xmalloc(len);
|
||||
snprintf(expanded, len, "%s%s%s", pw->pw_dir,
|
||||
strcmp(pw->pw_dir, "/") ? "/" : "", cp + 1);
|
||||
return expanded;
|
||||
}
|
@ -1,15 +0,0 @@
|
||||
/* $OpenBSD: tildexpand.h,v 1.4 2001/06/26 17:27:25 markus Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
*
|
||||
* As far as I am concerned, the code I have written for this software
|
||||
* can be used freely for any purpose. Any derived versions of this
|
||||
* software must be clearly marked as such, and if the derived work is
|
||||
* incompatible with the protocol description in the RFC file, it must be
|
||||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*/
|
||||
|
||||
char *tilde_expand_filename(const char *, uid_t);
|
Loading…
Reference in New Issue
Block a user