diff options
| author | des <des@FreeBSD.org> | 2004-10-28 16:11:31 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2004-10-28 16:11:31 +0000 |
| commit | a744ec13ade7d70128cd82393862d02c1f712f6a (patch) | |
| tree | 2b93d7eeb78a97c2cc9e93d61346f39150ed165f /crypto/openssh/contrib | |
| parent | ca12ec184bb7b4d1d0ff5dc213f5da06de091b8c (diff) | |
| download | FreeBSD-src-a744ec13ade7d70128cd82393862d02c1f712f6a.zip FreeBSD-src-a744ec13ade7d70128cd82393862d02c1f712f6a.tar.gz | |
Resolve conflicts
Diffstat (limited to 'crypto/openssh/contrib')
37 files changed, 0 insertions, 4926 deletions
diff --git a/crypto/openssh/contrib/Makefile b/crypto/openssh/contrib/Makefile deleted file mode 100644 index 2cef46f..0000000 --- a/crypto/openssh/contrib/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -all: - @echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2" - -gnome-ssh-askpass1: gnome-ssh-askpass1.c - $(CC) `gnome-config --cflags gnome gnomeui` \ - gnome-ssh-askpass1.c -o gnome-ssh-askpass1 \ - `gnome-config --libs gnome gnomeui` - -gnome-ssh-askpass2: gnome-ssh-askpass2.c - $(CC) `pkg-config --cflags gtk+-2.0` \ - gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \ - `pkg-config --libs gtk+-2.0` - -clean: - rm -f *.o gnome-ssh-askpass1 gnome-ssh-askpass2 gnome-ssh-askpass diff --git a/crypto/openssh/contrib/README b/crypto/openssh/contrib/README deleted file mode 100644 index 9de3d96..0000000 --- a/crypto/openssh/contrib/README +++ /dev/null @@ -1,60 +0,0 @@ -Other patches and addons for OpenSSH. Please send submissions to -djm@mindrot.org - -Externally maintained ---------------------- - -SSH Proxy Command -- connect.c - -Shun-ichi GOTO <gotoh@imasy.or.jp> has written a very useful ProxyCommand -which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or -https CONNECT style proxy server. His page for connect.c has extensive -documentation on its use as well as compiled versions for Win32. - -http://www.taiyo.co.jp/~gotoh/ssh/connect.html - - -X11 SSH Askpass: - -Jim Knoble <jmknoble@pobox.com> has written an excellent X11 -passphrase requester. This is highly recommended: - -http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html - - -In this directory ------------------ - -ssh-copy-id: - -Phil Hands' <phil@hands.com> shell script to automate the process of adding -your public key to a remote machine's ~/.ssh/authorized_keys file. - -gnome-ssh-askpass[12]: - -A GNOME and Gtk2 passphrase requesters. Use "make gnome-ssh-askpass1" or -"make gnome-ssh-askpass2" to build. - -sshd.pam.generic: - -A generic PAM config file which may be useful on your system. YMMV - -sshd.pam.freebsd: - -A PAM config file which works with FreeBSD's PAM port. Contributed by -Dominik Brettnacher <domi@saargate.de> - -mdoc2man.pl: - -Converts mdoc formated manpages into normal manpages. This can be used -on Solaris machines to provide manpages that are not preformated. -Contributed by Mark D. Roth <roth@feep.net> - -redhat: - -RPM spec file and scripts for building Redhat packages - -suse: - -RPM spec file and scripts for building SuSE packages - diff --git a/crypto/openssh/contrib/aix/README b/crypto/openssh/contrib/aix/README deleted file mode 100644 index 2a29935..0000000 --- a/crypto/openssh/contrib/aix/README +++ /dev/null @@ -1,50 +0,0 @@ -Overview: - -This directory contains files to build an AIX native (installp or SMIT -installable) openssh package. - - -Directions: - -(optional) create config.local in your build dir -./configure [options] -contrib/aix/buildbff.sh - -The file config.local or the environment is read to set the following options -(default first): -PERMIT_ROOT_LOGIN=[no|yes] -X11_FORWARDING=[no|yes] -AIX_SRC=[no|yes] - -Acknowledgements: - -The contents of this directory are based on Ben Lindstrom's Solaris -buildpkg.sh. Ben also supplied inventory.sh. - -Jim Abbey's (GPL'ed) lppbuild-2.1 was used to learn how to build .bff's -and for comparison with the output from this script, however no code -from lppbuild is included and it is not required for operation. - -SRC support based on examples provided by Sandor Sklar and Maarten Kreuger. -PrivSep account handling fixes contributed by W. Earl Allen. - - -Other notes: - -The script treats all packages as USR packages (not ROOT+USR when -appropriate). It seems to work, though...... - -If there are any patches to this that have not yet been integrated they -may be found at http://www.zip.com.au/~dtucker/openssh/. - - -Disclaimer: - -It is hoped that it is useful but there is no warranty. If it breaks -you get to keep both pieces. - - - - Darren Tucker (dtucker at zip dot com dot au) - 2002/03/01 - -$Id: README,v 1.4 2003/08/25 05:01:04 dtucker Exp $ diff --git a/crypto/openssh/contrib/aix/buildbff.sh b/crypto/openssh/contrib/aix/buildbff.sh deleted file mode 100755 index 4a5c32b0e..0000000 --- a/crypto/openssh/contrib/aix/buildbff.sh +++ /dev/null @@ -1,383 +0,0 @@ -#!/bin/sh -# -# buildbff.sh: Create AIX SMIT-installable OpenSSH packages -# $Id: buildbff.sh,v 1.7 2003/11/21 12:48:56 djm Exp $ -# -# Author: Darren Tucker (dtucker at zip dot com dot au) -# This file is placed in the public domain and comes with absolutely -# no warranty. -# -# Based originally on Ben Lindstrom's buildpkg.sh for Solaris -# - -# -# Tunable configuration settings -# create a "config.local" in your build directory or set -# environment variables to override these. -# -[ -z "$PERMIT_ROOT_LOGIN" ] && PERMIT_ROOT_LOGIN=no -[ -z "$X11_FORWARDING" ] && X11_FORWARDING=no -[ -z "$AIX_SRC" ] && AIX_SRC=no - -umask 022 - -startdir=`pwd` - -# Path to inventory.sh: same place as buildbff.sh -if echo $0 | egrep '^/' -then - inventory=`dirname $0`/inventory.sh # absolute path -else - inventory=`pwd`/`dirname $0`/inventory.sh # relative path -fi - -# -# We still support running from contrib/aix, but this is deprecated -# -if pwd | egrep 'contrib/aix$' -then - echo "Changing directory to `pwd`/../.." - echo "Please run buildbff.sh from your build directory in future." - cd ../.. - contribaix=1 -fi - -if [ ! -f Makefile ] -then - echo "Makefile not found (did you run configure?)" - exit 1 -fi - -# -# Directories used during build: -# current dir = $objdir directory you ran ./configure in. -# $objdir/$PKGDIR/ directory package files are constructed in -# $objdir/$PKGDIR/root/ package root ($FAKE_ROOT) -# -objdir=`pwd` -PKGNAME=openssh -PKGDIR=package - -# -# Collect local configuration settings to override defaults -# -if [ -s ./config.local ] -then - echo Reading local settings from config.local - . ./config.local -fi - -# -# Fill in some details from Makefile, like prefix and sysconfdir -# the eval also expands variables like sysconfdir=${prefix}/etc -# provided they are eval'ed in the correct order -# -for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir srcdir -do - eval $confvar=`grep "^$confvar=" $objdir/Makefile | cut -d = -f 2` -done - -# -# Collect values of privsep user and privsep path -# currently only found in config.h -# -for confvar in SSH_PRIVSEP_USER PRIVSEP_PATH -do - eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' $objdir/config.h` -done - -# Set privsep defaults if not defined -if [ -z "$SSH_PRIVSEP_USER" ] -then - SSH_PRIVSEP_USER=sshd -fi -if [ -z "$PRIVSEP_PATH" ] -then - PRIVSEP_PATH=/var/empty -fi - -# Clean package build directory -rm -rf $objdir/$PKGDIR -FAKE_ROOT=$objdir/$PKGDIR/root -mkdir -p $FAKE_ROOT - -# Start by faking root install -echo "Faking root install..." -cd $objdir -make install-nokeys DESTDIR=$FAKE_ROOT - -if [ $? -gt 0 ] -then - echo "Fake root install failed, stopping." - exit 1 -fi - -# -# Copy informational files to include in package -# -cp $srcdir/LICENCE $objdir/$PKGDIR/ -cp $srcdir/README* $objdir/$PKGDIR/ - -# -# Extract common info requires for the 'info' part of the package. -# AIX requires 4-part version numbers -# -VERSION=`./ssh -V 2>&1 | cut -f 1 -d , | cut -f 2 -d _` -MAJOR=`echo $VERSION | cut -f 1 -d p | cut -f 1 -d .` -MINOR=`echo $VERSION | cut -f 1 -d p | cut -f 2 -d .` -PATCH=`echo $VERSION | cut -f 1 -d p | cut -f 3 -d .` -PORTABLE=`echo $VERSION | awk 'BEGIN{FS="p"}{print $2}'` -[ "$PATCH" = "" ] && PATCH=0 -[ "$PORTABLE" = "" ] && PORTABLE=0 -BFFVERSION=`printf "%d.%d.%d.%d" $MAJOR $MINOR $PATCH $PORTABLE` - -echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)" - -# -# Set ssh and sshd parameters as per config.local -# -if [ "${PERMIT_ROOT_LOGIN}" = no ] -then - perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \ - $FAKE_ROOT/${sysconfdir}/sshd_config -fi -if [ "${X11_FORWARDING}" = yes ] -then - perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \ - $FAKE_ROOT/${sysconfdir}/sshd_config -fi - - -# Rename config files; postinstall script will copy them if necessary -for cfgfile in ssh_config sshd_config ssh_prng_cmds -do - mv $FAKE_ROOT/$sysconfdir/$cfgfile $FAKE_ROOT/$sysconfdir/$cfgfile.default -done - -# -# Generate lpp control files. -# working dir is $FAKE_ROOT but files are generated in dir above -# and moved into place just before creation of .bff -# -cd $FAKE_ROOT -echo Generating LPP control files -find . ! -name . -print >../openssh.al -$inventory >../openssh.inventory - -cat <<EOD >../openssh.copyright -This software is distributed under a BSD-style license. -For the full text of the license, see /usr/lpp/openssh/LICENCE -EOD - -# -# openssh.size file allows filesystem expansion as required -# generate list of directories containing files -# then calculate disk usage for each directory and store in openssh.size -# -files=`find . -type f -print` -dirs=`for file in $files; do dirname $file; done | sort -u` -for dir in $dirs -do - du $dir -done > ../openssh.size - -# -# Create postinstall script -# -cat <<EOF >>../openssh.post_i -#!/bin/sh - -echo Creating configs from defaults if necessary. -for cfgfile in ssh_config sshd_config ssh_prng_cmds -do - if [ ! -f $sysconfdir/\$cfgfile ] - then - echo "Creating \$cfgfile from default" - cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile - else - echo "\$cfgfile already exists." - fi -done -echo - -# Create PrivSep user if PrivSep not disabled in config -echo Creating PrivSep prereqs if required. -if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null -then - echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user," - echo "group or chroot directory." -else - echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." - - # create group if required - if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null - then - echo "PrivSep group $SSH_PRIVSEP_USER already exists." - else - echo "Creating PrivSep group $SSH_PRIVSEP_USER." - mkgroup -A $SSH_PRIVSEP_USER - fi - - # Create user if required - if lsuser ALL | cut -f1 -d: | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null - then - echo "PrivSep user $SSH_PRIVSEP_USER already exists." - else - echo "Creating PrivSep user $SSH_PRIVSEP_USER." - mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER - fi - - # create chroot directory if required - if [ -d $PRIVSEP_PATH ] - then - echo "PrivSep chroot directory $PRIVSEP_PATH already exists." - else - echo "Creating PrivSep chroot directory $PRIVSEP_PATH." - mkdir $PRIVSEP_PATH - chown 0 $PRIVSEP_PATH - chgrp 0 $PRIVSEP_PATH - chmod 755 $PRIVSEP_PATH - fi -fi -echo - -# Generate keys unless they already exist -echo Creating host keys if required. -if [ -f "$sysconfdir/ssh_host_key" ] ; then - echo "$sysconfdir/ssh_host_key already exists, skipping." -else - $bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N "" -fi -if [ -f $sysconfdir/ssh_host_dsa_key ] ; then - echo "$sysconfdir/ssh_host_dsa_key already exists, skipping." -else - $bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N "" -fi -if [ -f $sysconfdir/ssh_host_rsa_key ] ; then - echo "$sysconfdir/ssh_host_rsa_key already exists, skipping." -else - $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N "" -fi -echo - -# Set startup command depending on SRC support -if [ "$AIX_SRC" = "yes" ] -then - echo Creating SRC sshd subsystem. - rmssys -s sshd 2>&1 >/dev/null - mkssys -s sshd -p "$sbindir/sshd" -a '-D' -u 0 -S -n 15 -f 9 -R -G tcpip - startupcmd="start $sbindir/sshd \\\"\\\$src_running\\\"" - oldstartcmd="$sbindir/sshd" -else - startupcmd="$sbindir/sshd" - oldstartcmd="start $sbindir/sshd \\\"$src_running\\\"" -fi - -# If migrating to or from SRC, change previous startup command -# otherwise add to rc.tcpip -if egrep "^\$oldstartcmd" /etc/rc.tcpip >/dev/null -then - if sed "s|^\$oldstartcmd|\$startupcmd|g" /etc/rc.tcpip >/etc/rc.tcpip.new - then - chmod 0755 /etc/rc.tcpip.new - mv /etc/rc.tcpip /etc/rc.tcpip.old && \ - mv /etc/rc.tcpip.new /etc/rc.tcpip - else - echo "Updating /etc/rc.tcpip failed, please check." - fi -else - # Add to system startup if required - if grep "^\$startupcmd" /etc/rc.tcpip >/dev/null - then - echo "sshd found in rc.tcpip, not adding." - else - echo "Adding sshd to rc.tcpip" - echo >>/etc/rc.tcpip - echo "# Start sshd" >>/etc/rc.tcpip - echo "\$startupcmd" >>/etc/rc.tcpip - fi -fi -EOF - -# -# Create liblpp.a and move control files into it -# -echo Creating liblpp.a -( - cd .. - for i in openssh.al openssh.copyright openssh.inventory openssh.post_i openssh.size LICENCE README* - do - ar -r liblpp.a $i - rm $i - done -) - -# -# Create lpp_name -# -# This will end up looking something like: -# 4 R I OpenSSH { -# OpenSSH 3.0.2.1 1 N U en_US OpenSSH 3.0.2p1 Portable for AIX -# [ -# % -# /usr/local/bin 8073 -# /usr/local/etc 189 -# /usr/local/libexec 185 -# /usr/local/man/man1 145 -# /usr/local/man/man8 83 -# /usr/local/sbin 2105 -# /usr/local/share 3 -# % -# ] -# } - -echo Creating lpp_name -cat <<EOF >../lpp_name -4 R I $PKGNAME { -$PKGNAME $BFFVERSION 1 N U en_US OpenSSH $VERSION Portable for AIX -[ -% -EOF - -for i in $bindir $sysconfdir $libexecdir $mandir/${mansubdir}1 $mandir/${mansubdir}8 $sbindir $datadir /usr/lpp/openssh -do - # get size in 512 byte blocks - if [ -d $FAKE_ROOT/$i ] - then - size=`du $FAKE_ROOT/$i | awk '{print $1}'` - echo "$i $size" >>../lpp_name - fi -done - -echo '%' >>../lpp_name -echo ']' >>../lpp_name -echo '}' >>../lpp_name - -# -# Move pieces into place -# -mkdir -p usr/lpp/openssh -mv ../liblpp.a usr/lpp/openssh -mv ../lpp_name . - -# -# Now invoke backup to create .bff file -# note: lpp_name needs to be the first file so we generate the -# file list on the fly and feed it to backup using -i -# -echo Creating $PKGNAME-$VERSION.bff with backup... -rm -f $PKGNAME-$VERSION.bff -( - echo "./lpp_name" - find . ! -name lpp_name -a ! -name . -print -) | backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist - -# -# Move package into final location and clean up -# -mv ../$PKGNAME-$VERSION.bff $startdir -cd $startdir -rm -rf $objdir/$PKGDIR - -echo $0: done. - diff --git a/crypto/openssh/contrib/aix/inventory.sh b/crypto/openssh/contrib/aix/inventory.sh deleted file mode 100755 index e2641e7..0000000 --- a/crypto/openssh/contrib/aix/inventory.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/sh -# -# inventory.sh -# $Id: inventory.sh,v 1.6 2003/11/21 12:48:56 djm Exp $ -# -# Originally written by Ben Lindstrom, modified by Darren Tucker to use perl -# This file is placed into the public domain. -# -# This will produce an AIX package inventory file, which looks like: -# -# /usr/local/bin: -# class=apply,inventory,openssh -# owner=root -# group=system -# mode=755 -# type=DIRECTORY -# /usr/local/bin/slogin: -# class=apply,inventory,openssh -# owner=root -# group=system -# mode=777 -# type=SYMLINK -# target=ssh -# /usr/local/share/Ssh.bin: -# class=apply,inventory,openssh -# owner=root -# group=system -# mode=644 -# type=FILE -# size=VOLATILE -# checksum=VOLATILE - -find . ! -name . -print | perl -ne '{ - chomp; - if ( -l $_ ) { - ($dev,$ino,$mod,$nl,$uid,$gid,$rdev,$sz,$at,$mt,$ct,$bsz,$blk)=lstat; - } else { - ($dev,$ino,$mod,$nl,$uid,$gid,$rdev,$sz,$at,$mt,$ct,$bsz,$blk)=stat; - } - - # Start to display inventory information - $name = $_; - $name =~ s|^.||; # Strip leading dot from path - print "$name:\n"; - print "\tclass=apply,inventory,openssh\n"; - print "\towner=root\n"; - print "\tgroup=system\n"; - printf "\tmode=%lo\n", $mod & 07777; # Mask perm bits - - if ( -l $_ ) { - # Entry is SymLink - print "\ttype=SYMLINK\n"; - printf "\ttarget=%s\n", readlink($_); - } elsif ( -f $_ ) { - # Entry is File - print "\ttype=FILE\n"; - print "\tsize=$sz\n"; - print "\tchecksum=VOLATILE\n"; - } elsif ( -d $_ ) { - # Entry is Directory - print "\ttype=DIRECTORY\n"; - } -}' diff --git a/crypto/openssh/contrib/aix/pam.conf b/crypto/openssh/contrib/aix/pam.conf deleted file mode 100644 index 1495f43..0000000 --- a/crypto/openssh/contrib/aix/pam.conf +++ /dev/null @@ -1,20 +0,0 @@ -# -# PAM configuration file /etc/pam.conf -# Example for OpenSSH on AIX 5.2 -# - -# Authentication Management -sshd auth required /usr/lib/security/pam_aix -OTHER auth required /usr/lib/security/pam_aix - -# Account Management -sshd account required /usr/lib/security/pam_aix -OTHER account required /usr/lib/security/pam_aix - -# Session Management -sshd password required /usr/lib/security/pam_aix -OTHER password required /usr/lib/security/pam_aix - -# Password Management -sshd session required /usr/lib/security/pam_aix -OTHER session required /usr/lib/security/pam_aix diff --git a/crypto/openssh/contrib/caldera/openssh.spec b/crypto/openssh/contrib/caldera/openssh.spec deleted file mode 100644 index e690f10..0000000 --- a/crypto/openssh/contrib/caldera/openssh.spec +++ /dev/null @@ -1,366 +0,0 @@ - -# Some of this will need re-evaluation post-LSB. The SVIdir is there -# because the link appeared broken. The rest is for easy compilation, -# the tradeoff open to discussion. (LC957) - -%define SVIdir /etc/rc.d/init.d -%{!?_defaultdocdir:%define _defaultdocdir %{_prefix}/share/doc/packages} -%{!?SVIcdir:%define SVIcdir /etc/sysconfig/daemons} - -%define _mandir %{_prefix}/share/man/en -%define _sysconfdir /etc/ssh -%define _libexecdir %{_libdir}/ssh - -# Do we want to disable root_login? (1=yes 0=no) -%define no_root_login 0 - -#old cvs stuff. please update before use. may be deprecated. -%define use_stable 1 -%if %{use_stable} - %define version 3.8.1p1 - %define cvs %{nil} - %define release 1 -%else - %define version 3.8.1p1 - %define cvs cvs20011009 - %define release 0r1 -%endif -%define xsa x11-ssh-askpass -%define askpass %{xsa}-1.2.4.1 - -# OpenSSH privilege separation requires a user & group ID -%define sshd_uid 67 -%define sshd_gid 67 - -Name : openssh -Version : %{version}%{cvs} -Release : %{release} -Group : System/Network - -Summary : OpenSSH free Secure Shell (SSH) implementation. -Summary(de) : OpenSSH - freie Implementation der Secure Shell (SSH). -Summary(es) : OpenSSH implementación libre de Secure Shell (SSH). -Summary(fr) : Implémentation libre du shell sécurisé OpenSSH (SSH). -Summary(it) : Implementazione gratuita OpenSSH della Secure Shell. -Summary(pt) : Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH). -Summary(pt_BR) : Implementação livre OpenSSH do protocolo Secure Shell (SSH). - -Copyright : BSD -Packager : Raymund Will <ray@caldera.de> -URL : http://www.openssh.com/ - -Obsoletes : ssh, ssh-clients, openssh-clients - -BuildRoot : /tmp/%{name}-%{version} -BuildRequires : XFree86-imake - -# %{use_stable}==1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable -# %{use_stable}==0: :pserver:cvs@bass.directhit.com:/cvs/openssh_cvs -Source0: see-above:/.../openssh-%{version}.tar.gz -%if %{use_stable} -Source1: see-above:/.../openssh-%{version}.tar.gz.sig -%endif -Source2: http://www.ntrnet.net/~jmknoble/software/%{xsa}/%{askpass}.tar.gz -Source3: http://www.openssh.com/faq.html - -%Package server -Group : System/Network -Requires : openssh = %{version} -Obsoletes : ssh-server - -Summary : OpenSSH Secure Shell protocol server (sshd). -Summary(de) : OpenSSH Secure Shell Protocol-Server (sshd). -Summary(es) : Servidor del protocolo OpenSSH Secure Shell (sshd). -Summary(fr) : Serveur de protocole du shell sécurisé OpenSSH (sshd). -Summary(it) : Server OpenSSH per il protocollo Secure Shell (sshd). -Summary(pt) : Servidor do protocolo 'Secure Shell' OpenSSH (sshd). -Summary(pt_BR) : Servidor do protocolo Secure Shell OpenSSH (sshd). - - -%Package askpass -Group : System/Network -Requires : openssh = %{version} -URL : http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/ -Obsoletes : ssh-extras - -Summary : OpenSSH X11 pass-phrase dialog. -Summary(de) : OpenSSH X11 Passwort-Dialog. -Summary(es) : Aplicación de petición de frase clave OpenSSH X11. -Summary(fr) : Dialogue pass-phrase X11 d'OpenSSH. -Summary(it) : Finestra di dialogo X11 per la frase segreta di OpenSSH. -Summary(pt) : Diálogo de pedido de senha para X11 do OpenSSH. -Summary(pt_BR) : Diálogo de pedido de senha para X11 do OpenSSH. - - -%Description -OpenSSH (Secure Shell) provides access to a remote system. It replaces -telnet, rlogin, rexec, and rsh, and provides secure encrypted -communications between two untrusted hosts over an insecure network. -X11 connections and arbitrary TCP/IP ports can also be forwarded over -the secure channel. - -%Description -l de -OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es ersetzt -telnet, rlogin, rexec und rsh und stellt eine sichere, verschlüsselte -Verbindung zwischen zwei nicht vertrauenswürdigen Hosts über eine unsicheres -Netzwerk her. X11 Verbindungen und beliebige andere TCP/IP Ports können ebenso -über den sicheren Channel weitergeleitet werden. - -%Description -l es -OpenSSH (Secure Shell) proporciona acceso a sistemas remotos. Reemplaza a -telnet, rlogin, rexec, y rsh, y proporciona comunicaciones seguras encriptadas -entre dos equipos entre los que no se ha establecido confianza a través de una -red insegura. Las conexiones X11 y puertos TCP/IP arbitrarios también pueden -ser canalizadas sobre el canal seguro. - -%Description -l fr -OpenSSH (Secure Shell) fournit un accès à un système distant. Il remplace -telnet, rlogin, rexec et rsh, tout en assurant des communications cryptées -securisées entre deux hôtes non fiabilisés sur un réseau non sécurisé. Des -connexions X11 et des ports TCP/IP arbitraires peuvent également être -transmis sur le canal sécurisé. - -%Description -l it -OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto. -Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni sicure -e crittate tra due host non fidati su una rete non sicura. Le connessioni -X11 ad una porta TCP/IP arbitraria possono essere inoltrate attraverso -un canale sicuro. - -%Description -l pt -OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o -telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e cifradas -entre duas máquinas sem confiança mútua sobre uma rede insegura. -Ligações X11 e portos TCP/IP arbitrários também poder ser reenviados -pelo canal seguro. - -%Description -l pt_BR -O OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o -telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e criptografadas -entre duas máquinas sem confiança mútua sobre uma rede insegura. -Ligações X11 e portas TCP/IP arbitrárias também podem ser reenviadas -pelo canal seguro. - -%Description server -This package installs the sshd, the server portion of OpenSSH. - -%Description -l de server -Dieses Paket installiert den sshd, den Server-Teil der OpenSSH. - -%Description -l es server -Este paquete instala sshd, la parte servidor de OpenSSH. - -%Description -l fr server -Ce paquetage installe le 'sshd', partie serveur de OpenSSH. - -%Description -l it server -Questo pacchetto installa sshd, il server di OpenSSH. - -%Description -l pt server -Este pacote intala o sshd, o servidor do OpenSSH. - -%Description -l pt_BR server -Este pacote intala o sshd, o servidor do OpenSSH. - -%Description askpass -This package contains an X11-based pass-phrase dialog used per -default by ssh-add(1). It is based on %{askpass} -by Jim Knoble <jmknoble@pobox.com>. - - -%Prep -%setup %([ -z "%{cvs}" ] || echo "-n %{name}_cvs") -a2 -%if ! %{use_stable} - autoreconf -%endif - - -%Build -CFLAGS="$RPM_OPT_FLAGS" \ -%configure \ - --with-pam \ - --with-tcp-wrappers \ - --with-privsep-path=%{_var}/empty/sshd \ - #leave this line for easy edits. - -%__make CFLAGS="$RPM_OPT_FLAGS" - -cd %{askpass} -%configure \ - #leave this line for easy edits. - -xmkmf -%__make includes -%__make - - -%Install -[ %{buildroot} != "/" ] && rm -rf %{buildroot} - -make install DESTDIR=%{buildroot} -%makeinstall -C %{askpass} \ - BINDIR=%{_libexecdir} \ - MANPATH=%{_mandir} \ - DESTDIR=%{buildroot} - -# OpenLinux specific configuration -mkdir -p %{buildroot}{/etc/pam.d,%{SVIcdir},%{SVIdir}} -mkdir -p %{buildroot}%{_var}/empty/sshd - -# enabling X11 forwarding on the server is convenient and okay, -# on the client side it's a potential security risk! -%__perl -pi -e 's:#X11Forwarding no:X11Forwarding yes:g' \ - %{buildroot}%{_sysconfdir}/sshd_config - -%if %{no_root_login} -%__perl -pi -e 's:#PermitRootLogin yes:PermitRootLogin no:g' \ - %{buildroot}%{_sysconfdir}/sshd_config -%endif - -install -m644 contrib/caldera/sshd.pam %{buildroot}/etc/pam.d/sshd -# FIXME: disabled, find out why this doesn't work with nis -%__perl -pi -e 's:(.*pam_limits.*):#$1:' \ - %{buildroot}/etc/pam.d/sshd - -install -m 0755 contrib/caldera/sshd.init %{buildroot}%{SVIdir}/sshd - -# the last one is needless, but more future-proof -find %{buildroot}%{SVIdir} -type f -exec \ - %__perl -pi -e 's:\@SVIdir\@:%{SVIdir}:g;\ - s:\@sysconfdir\@:%{_sysconfdir}:g; \ - s:/usr/sbin:%{_sbindir}:g'\ - \{\} \; - -cat <<-EoD > %{buildroot}%{SVIcdir}/sshd - IDENT=sshd - DESCRIPTIVE="OpenSSH secure shell daemon" - # This service will be marked as 'skipped' on boot if there - # is no host key. Use ssh-host-keygen to generate one - ONBOOT="yes" - OPTIONS="" -EoD - -SKG=%{buildroot}%{_sbindir}/ssh-host-keygen -install -m 0755 contrib/caldera/ssh-host-keygen $SKG -# Fix up some path names in the keygen toy^Hol - %__perl -pi -e 's:\@sysconfdir\@:%{_sysconfdir}:g; \ - s:\@sshkeygen\@:%{_bindir}/ssh-keygen:g' \ - %{buildroot}%{_sbindir}/ssh-host-keygen - -# This looks terrible. Expect it to change. -# install remaining docs -DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}" -mkdir -p $DocD/%{askpass} -cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO $DocD -install -p -m 0444 %{SOURCE3} $DocD/faq.html -cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} $DocD/%{askpass} -%if %{use_stable} - cp -p %{askpass}/%{xsa}.man $DocD/%{askpass}/%{xsa}.1 -%else - cp -p %{askpass}/%{xsa}.man %{buildroot}%{_mandir}man1/%{xsa}.1 - ln -s %{xsa}.1 %{buildroot}%{_mandir}man1/ssh-askpass.1 -%endif - -find %{buildroot}%{_mandir} -type f -not -name '*.gz' -print0 | xargs -0r %__gzip -9nf -rm %{buildroot}%{_mandir}/man1/slogin.1 && \ - ln -s %{_mandir}/man1/ssh.1.gz \ - %{buildroot}%{_mandir}/man1/slogin.1.gz - - -%Clean -#%{rmDESTDIR} -[ %{buildroot} != "/" ] && rm -rf %{buildroot} - -%Post -# Generate host key when none is present to get up and running, -# both client and server require this for host-based auth! -# ssh-host-keygen checks for existing keys. -/usr/sbin/ssh-host-keygen -: # to protect the rpm database - -%pre server -%{_sbindir}/groupadd -g %{sshd_gid} sshd 2>/dev/null || : -%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \ - -c "SSH Daemon virtual user" -g sshd sshd 2>/dev/null || : -: # to protect the rpm database - -%Post server -if [ -x %{LSBinit}-install ]; then - %{LSBinit}-install sshd -else - lisa --SysV-init install sshd S55 2:3:4:5 K45 0:1:6 -fi - -! %{SVIdir}/sshd status || %{SVIdir}/sshd restart -: # to protect the rpm database - - -%PreUn server -[ "$1" = 0 ] || exit 0 - -! %{SVIdir}/sshd status || %{SVIdir}/sshd stop -: # to protect the rpm database - - -%PostUn server -if [ -x %{LSBinit}-remove ]; then - %{LSBinit}-remove sshd -else - lisa --SysV-init remove sshd $1 -fi -: # to protect the rpm database - - -%Files -%defattr(-,root,root) -%dir %{_sysconfdir} -%config %{_sysconfdir}/ssh_config -%{_bindir}/scp -%{_bindir}/sftp -%{_bindir}/ssh -%{_bindir}/slogin -%{_bindir}/ssh-add -%attr(2755,root,nobody) %{_bindir}/ssh-agent -%{_bindir}/ssh-keygen -%{_bindir}/ssh-keyscan -%dir %{_libexecdir} -%attr(4711,root,root) %{_libexecdir}/ssh-keysign -%{_sbindir}/ssh-host-keygen -%dir %{_defaultdocdir}/%{name}-%{version} -%{_defaultdocdir}/%{name}-%{version}/CREDITS -%{_defaultdocdir}/%{name}-%{version}/ChangeLog -%{_defaultdocdir}/%{name}-%{version}/LICENCE -%{_defaultdocdir}/%{name}-%{version}/OVERVIEW -%{_defaultdocdir}/%{name}-%{version}/README* -%{_defaultdocdir}/%{name}-%{version}/TODO -%{_defaultdocdir}/%{name}-%{version}/faq.html -%{_mandir}/man1/* -%{_mandir}/man8/ssh-keysign.8.gz -%{_mandir}/man5/ssh_config.5.gz - -%Files server -%defattr(-,root,root) -%dir %{_var}/empty/sshd -%config %{SVIdir}/sshd -%config /etc/pam.d/sshd -%config %{_sysconfdir}/moduli -%config %{_sysconfdir}/sshd_config -%config %{SVIcdir}/sshd -%{_libexecdir}/sftp-server -%{_sbindir}/sshd -%{_mandir}/man5/sshd_config.5.gz -%{_mandir}/man8/sftp-server.8.gz -%{_mandir}/man8/sshd.8.gz - -%Files askpass -%defattr(-,root,root) -%{_libexecdir}/ssh-askpass -%{_libexecdir}/x11-ssh-askpass -%{_defaultdocdir}/%{name}-%{version}/%{askpass} - - -%ChangeLog -* Mon Jan 01 1998 ... -Template Version: 1.31 - -$Id: openssh.spec,v 1.49 2004/03/21 22:40:04 djm Exp $ diff --git a/crypto/openssh/contrib/caldera/ssh-host-keygen b/crypto/openssh/contrib/caldera/ssh-host-keygen deleted file mode 100755 index 3c5c171..0000000 --- a/crypto/openssh/contrib/caldera/ssh-host-keygen +++ /dev/null @@ -1,36 +0,0 @@ -#! /bin/sh -# -# $Id: ssh-host-keygen,v 1.2 2003/11/21 12:48:57 djm Exp $ -# -# This script is normally run only *once* for a given host -# (in a given period of time) -- on updates/upgrades/recovery -# the ssh_host_key* files _should_ be retained! Otherwise false -# "man-in-the-middle-attack" alerts will frighten unsuspecting -# clients... - -keydir=@sysconfdir@ -keygen=@sshkeygen@ - -if [ -f $keydir/ssh_host_key -o \ - -f $keydir/ssh_host_key.pub ]; then - echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key." -else - echo "Generating 1024 bit SSH1 RSA host key." - $keygen -b 1024 -t rsa1 -f $keydir/ssh_host_key -C '' -N '' -fi - -if [ -f $keydir/ssh_host_rsa_key -o \ - -f $keydir/ssh_host_rsa_key.pub ]; then - echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key." -else - echo "Generating 1024 bit SSH2 RSA host key." - $keygen -b 1024 -t rsa -f $keydir/ssh_host_rsa_key -C '' -N '' -fi - -if [ -f $keydir/ssh_host_dsa_key -o \ - -f $keydir/ssh_host_dsa_key.pub ]; then - echo "You already have an SSH2 DSA host key in $keydir/ssh_host_dsa_key." -else - echo "Generating SSH2 DSA host key." - $keygen -t dsa -f $keydir/ssh_host_dsa_key -C '' -N '' -fi diff --git a/crypto/openssh/contrib/caldera/sshd.init b/crypto/openssh/contrib/caldera/sshd.init deleted file mode 100755 index 983146f..0000000 --- a/crypto/openssh/contrib/caldera/sshd.init +++ /dev/null @@ -1,125 +0,0 @@ -#! /bin/bash -# -# $Id: sshd.init,v 1.4 2003/11/21 12:48:57 djm Exp $ -# -### BEGIN INIT INFO -# Provides: -# Required-Start: $network -# Required-Stop: -# Default-Start: 3 4 5 -# Default-Stop: 0 1 2 6 -# Description: sshd -# Bring up/down the OpenSSH secure shell daemon. -### END INIT INFO -# -# Written by Miquel van Smoorenburg <miquels@drinkel.ow.org>. -# Modified for Debian GNU/Linux by Ian Murdock <imurdock@gnu.ai.mit.edu>. -# Modified for OpenLinux by Raymund Will <ray@caldera.de> - -NAME=sshd -DAEMON=/usr/sbin/$NAME -# Hack-Alert(TM)! This is necessary to get around the 'reload'-problem -# created by recent OpenSSH daemon/ssd combinations. See Caldera internal -# PR [linux/8278] for details... -PIDF=/var/run/$NAME.pid -NAME=$DAEMON - -_status() { - [ -z "$1" ] || local pidf="$1" - local ret=-1 - local pid - if [ -n "$pidf" ] && [ -r "$pidf" ]; then - pid=$(head -1 $pidf) - else - pid=$(pidof $NAME) - fi - - if [ ! -e $SVIlock ]; then - # no lock-file => not started == stopped? - ret=3 - elif [ -n "$pidf" -a ! -f "$pidf" ] || [ -z "$pid" ]; then - # pid-file given but not present or no pid => died, but was not stopped - ret=2 - elif [ -r /proc/$pid/cmdline ] && - echo -ne $NAME'\000' | cmp -s - /proc/$pid/cmdline; then - # pid-file given and present or pid found => check process... - # but don't compare exe, as this will fail after an update! - # compares OK => all's well, that ends well... - ret=0 - else - # no such process or exe does not match => stale pid-file or process died - # just recently... - ret=1 - fi - return $ret -} - -# Source function library (and set vital variables). -. @SVIdir@/functions - -case "$1" in - start) - [ ! -e $SVIlock ] || exit 0 - [ -x $DAEMON ] || exit 5 - SVIemptyConfig @sysconfdir@/sshd_config && exit 6 - - if [ ! \( -f @sysconfdir@/ssh_host_key -a \ - -f @sysconfdir@/ssh_host_key.pub \) -a \ - ! \( -f @sysconfdir@/ssh_host_rsa_key -a \ - -f @sysconfdir@/ssh_host_rsa_key.pub \) -a \ - ! \( -f @sysconfdir@/ssh_host_dsa_key -a \ - -f @sysconfdir@/ssh_host_dsa_key.pub \) ]; then - - echo "$SVIsubsys: host key not initialized: skipped!" - echo "$SVIsubsys: use ssh-host-keygen to generate one!" - exit 6 - fi - - echo -n "Starting $SVIsubsys services: " - ssd -S -x $DAEMON -n $NAME -- $OPTIONS - ret=$? - - echo "." - touch $SVIlock - ;; - - stop) - [ -e $SVIlock ] || exit 0 - - echo -n "Stopping $SVIsubsys services: " - ssd -K -p $PIDF -n $NAME - ret=$? - - echo "." - rm -f $SVIlock - ;; - - force-reload|reload) - [ -e $SVIlock ] || exit 0 - - echo "Reloading $SVIsubsys configuration files: " - ssd -K --signal 1 -q -p $PIDF -n $NAME - ret=$? - echo "done." - ;; - - restart) - $0 stop - $0 start - ret=$? - ;; - - status) - _status $PIDF - ret=$? - ;; - - *) - echo "Usage: $SVIscript {[re]start|stop|[force-]reload|status}" - ret=2 - ;; - -esac - -exit $ret - diff --git a/crypto/openssh/contrib/caldera/sshd.pam b/crypto/openssh/contrib/caldera/sshd.pam deleted file mode 100644 index 26dcb34..0000000 --- a/crypto/openssh/contrib/caldera/sshd.pam +++ /dev/null @@ -1,8 +0,0 @@ -#%PAM-1.0 -auth required /lib/security/pam_pwdb.so shadow nodelay -auth required /lib/security/pam_nologin.so -account required /lib/security/pam_pwdb.so -password required /lib/security/pam_cracklib.so -password required /lib/security/pam_pwdb.so shadow nullok use_authtok -session required /lib/security/pam_pwdb.so -session required /lib/security/pam_limits.so diff --git a/crypto/openssh/contrib/cygwin/Makefile b/crypto/openssh/contrib/cygwin/Makefile deleted file mode 100644 index 09e8ea2..0000000 --- a/crypto/openssh/contrib/cygwin/Makefile +++ /dev/null @@ -1,56 +0,0 @@ -srcdir=../.. -prefix=/usr -exec_prefix=$(prefix) -bindir=$(prefix)/bin -datadir=$(prefix)/share -docdir=$(datadir)/doc -sshdocdir=$(docdir)/openssh -cygdocdir=$(docdir)/Cygwin -sysconfdir=/etc -defaultsdir=$(sysconfdir)/defaults/etc -PRIVSEP_PATH=/var/empty -INSTALL=/usr/bin/install -c - -DESTDIR= - -all: - @echo - @echo "Use \`make cygwin-postinstall DESTDIR=[package directory]'" - @echo "Be sure having DESTDIR set correctly!" - @echo - -move-config-files: $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(sysconfdir)/sshd_config - $(srcdir)/mkinstalldirs $(DESTDIR)$(defaultsdir) - mv $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(defaultsdir) - mv $(DESTDIR)$(sysconfdir)/sshd_config $(DESTDIR)$(defaultsdir) - -remove-empty-dir: - rm -rf $(DESTDIR)$(PRIVSEP_PATH) - -install-sshdoc: - $(srcdir)/mkinstalldirs $(DESTDIR)$(sshdocdir) - $(INSTALL) -m 644 $(srcdir)/CREDITS $(DESTDIR)$(sshdocdir)/CREDITS - $(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(sshdocdir)/ChangeLog - $(INSTALL) -m 644 $(srcdir)/LICENCE $(DESTDIR)$(sshdocdir)/LICENCE - $(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW - $(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README - $(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns - $(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep - $(INSTALL) -m 644 $(srcdir)/README.smartcard $(DESTDIR)$(sshdocdir)/README.smartcard - $(INSTALL) -m 644 $(srcdir)/RFC.nroff $(DESTDIR)$(sshdocdir)/RFC.nroff - $(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO - $(INSTALL) -m 644 $(srcdir)/WARNING.RNG $(DESTDIR)$(sshdocdir)/WARNING.RNG - -install-cygwindoc: README - $(srcdir)/mkinstalldirs $(DESTDIR)$(cygdocdir) - $(INSTALL) -m 644 README $(DESTDIR)$(cygdocdir)/openssh.README - -install-doc: install-sshdoc install-cygwindoc - -install-scripts: ssh-host-config ssh-user-config - $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) - $(INSTALL) -m 755 ssh-host-config $(DESTDIR)$(bindir)/ssh-host-config - $(INSTALL) -m 755 ssh-user-config $(DESTDIR)$(bindir)/ssh-user-config - -cygwin-postinstall: move-config-files remove-empty-dir install-doc install-scripts - @echo "Cygwin specific configuration finished." diff --git a/crypto/openssh/contrib/cygwin/README b/crypto/openssh/contrib/cygwin/README deleted file mode 100644 index fc0a2f6..0000000 --- a/crypto/openssh/contrib/cygwin/README +++ /dev/null @@ -1,224 +0,0 @@ -This package describes important Cygwin specific stuff concerning OpenSSH. - -The binary package is usually built for recent Cygwin versions and might -not run on older versions. Please check http://cygwin.com/ for information -about current Cygwin releases. - -Build instructions are at the end of the file. - -=========================================================================== -Important change since 3.7.1p2-2: - -The ssh-host-config file doesn't create the /etc/ssh_config and -/etc/sshd_config files from builtin here-scripts anymore, but it uses -skeleton files installed in /etc/defaults/etc. - -Also it now tries hard to create appropriate permissions on files. -Same applies for ssh-user-config. - -After creating the sshd service with ssh-host-config, it's advisable to -call ssh-user-config for all affected users, also already exising user -configurations. In the latter case, file and directory permissions are -checked and changed, if requireed to match the host configuration. - -Important note for Windows 2003 Server users: ---------------------------------------------- - -2003 Server has a funny new feature. When starting services under SYSTEM -account, these services have nearly all user rights which SYSTEM holds... -except for the "Create a token object" right, which is needed to allow -public key authentication :-( - -There's no way around this, except for creating a substitute account which -has the appropriate privileges. Basically, this account should be member -of the administrators group, plus it should have the following user rights: - - Create a token object - Logon as a service - Replace a process level token - Increase Quota - -The ssh-host-config script asks you, if it should create such an account, -called "sshd_server". If you say "no" here, you're on your own. Please -follow the instruction in ssh-host-config exactly if possible. Note that -ssh-user-config sets the permissions on 2003 Server machines dependent of -whether a sshd_server account exists or not. -=========================================================================== - -=========================================================================== -Important change since 3.4p1-2: - -This version adds privilege separation as default setting, see -/usr/doc/openssh/README.privsep. According to that document the -privsep feature requires a non-privileged account called 'sshd'. - -The new ssh-host-config file which is part of this version asks -to create 'sshd' as local user if you want to use privilege -separation. If you confirm, it creates that NT user and adds -the necessary entry to /etc/passwd. - -On 9x/Me systems the script just sets UsePrivilegeSeparation to "no" -since that feature doesn't make any sense on a system which doesn't -differ between privileged and unprivileged users. - -The new ssh-host-config script also adds the /var/empty directory -needed by privilege separation. When creating the /var/empty directory -by yourself, please note that in contrast to the README.privsep document -the owner sshould not be "root" but the user which is running sshd. So, -in the standard configuration this is SYSTEM. The ssh-host-config script -chowns /var/empty accordingly. -=========================================================================== - -=========================================================================== -Important change since 3.0.1p1-2: - -This version introduces the ability to register sshd as service on -Windows 9x/Me systems. This is done only when the options -D and/or --d are not given. -=========================================================================== - -=========================================================================== -Important change since 2.9p2: - -Since Cygwin is able to switch user context without password beginning -with version 1.3.2, OpenSSH now allows to do so when it's running under -a version >= 1.3.2. Keep in mind that `ntsec' has to be activated to -allow that feature. -=========================================================================== - -=========================================================================== -Important change since 2.3.0p1: - -When using `ntea' or `ntsec' you now have to care for the ownership -and permission bits of your host key files and your private key files. -The host key files have to be owned by the NT account which starts -sshd. The user key files have to be owned by the user. The permission -bits of the private key files (host and user) have to be at least -rw------- (0600)! - -Note that this is forced under `ntsec' only if the files are on a NTFS -filesystem (which is recommended) due to the lack of any basic security -features of the FAT/FAT32 filesystems. -=========================================================================== - -If you are installing OpenSSH the first time, you can generate global config -files and server keys by running - - /usr/bin/ssh-host-config - -Note that this binary archive doesn't contain default config files in /etc. -That files are only created if ssh-host-config is started. - -If you are updating your installation you may run the above ssh-host-config -as well to move your configuration files to the new location and to -erase the files at the old location. - -To support testing and unattended installation ssh-host-config got -some options: - -usage: ssh-host-config [OPTION]... -Options: - --debug -d Enable shell's debug output. - --yes -y Answer all questions with "yes" automatically. - --no -n Answer all questions with "no" automatically. - --cygwin -c <options> Use "options" as value for CYGWIN environment var. - --port -p <n> sshd listens on port n. - --pwd -w <passwd> Use "pwd" as password for user 'sshd_server'. - -Additionally ssh-host-config now asks if it should install sshd as a -service when running under NT/W2K. This requires cygrunsrv installed. - -You can create the private and public keys for a user now by running - - /usr/bin/ssh-user-config - -under the users account. - -To support testing and unattended installation ssh-user-config got -some options as well: - -usage: ssh-user-config [OPTION]... -Options: - --debug -d Enable shell's debug output. - --yes -y Answer all questions with "yes" automatically. - --no -n Answer all questions with "no" automatically. - --passphrase -p word Use "word" as passphrase automatically. - -Install sshd as daemon via cygrunsrv.exe (recommended on NT/W2K), via inetd -(results in very slow deamon startup!) or from the command line (recommended -on 9X/ME). - -If you start sshd as deamon via cygrunsrv.exe you MUST give the -"-D" option to sshd. Otherwise the service can't get started at all. - -If starting via inetd, copy sshd to eg. /usr/sbin/in.sshd and add the -following line to your inetd.conf file: - -ssh stream tcp nowait root /usr/sbin/in.sshd sshd -i - -Moreover you'll have to add the following line to your -${SYSTEMROOT}/system32/drivers/etc/services file: - - ssh 22/tcp #SSH daemon - -Please note that OpenSSH does never use the value of $HOME to -search for the users configuration files! It always uses the -value of the pw_dir field in /etc/passwd as the home directory. -If no home diretory is set in /etc/passwd, the root directory -is used instead! - -You may use all features of the CYGWIN=ntsec setting the same -way as they are used by Cygwin's login(1) port: - - The pw_gecos field may contain an additional field, that begins - with (upper case!) "U-", followed by the domain and the username - separated by a backslash. - CAUTION: The SID _must_ remain the _last_ field in pw_gecos! - BTW: The field separator in pw_gecos is the comma. - The username in pw_name itself may be any nice name: - - domuser::1104:513:John Doe,U-domain\user,S-1-5-21-... - - Now you may use `domuser' as your login name with telnet! - This is possible additionally for local users, if you don't like - your NT login name ;-) You only have to leave out the domain: - - locuser::1104:513:John Doe,U-user,S-1-5-21-... - -Note that the CYGWIN=ntsec setting is required for public key authentication. - -SSH2 server and user keys are generated by the `ssh-*-config' scripts -as well. - -If you want to build from source, the following options to -configure are used for the Cygwin binary distribution: - - --prefix=/usr \ - --sysconfdir=/etc \ - --libexecdir='$(sbindir)' \ - --localstatedir=/var \ - --datadir='$(prefix)/share' \ - --mandir='$(datadir)/man' \ - --with-tcp-wrappers - -If you want to create a Cygwin package, equivalent to the one -in the Cygwin binary distribution, install like this: - - mkdir /tmp/cygwin-ssh - cd $(builddir) - make install DESTDIR=/tmp/cygwin-ssh - cd $(srcdir)/contrib/cygwin - make cygwin-postinstall DESTDIR=/tmp/cygwin-ssh - cd /tmp/cygwin-ssh - find * \! -type d | tar cvjfT my-openssh.tar.bz2 - - -You must have installed the zlib and openssl-devel packages to be able to -build OpenSSH! - -Please send requests, error reports etc. to cygwin@cygwin.com. - -Have fun, - -Corinna Vinschen -Cygwin Developer -Red Hat Inc. diff --git a/crypto/openssh/contrib/cygwin/ssh-host-config b/crypto/openssh/contrib/cygwin/ssh-host-config deleted file mode 100644 index 9c0dabf..0000000 --- a/crypto/openssh/contrib/cygwin/ssh-host-config +++ /dev/null @@ -1,592 +0,0 @@ -#!/bin/bash -# -# ssh-host-config, Copyright 2000, 2001, 2002, 2003 Red Hat Inc. -# -# This file is part of the Cygwin port of OpenSSH. - -# Subdirectory where the new package is being installed -PREFIX=/usr - -# Directory where the config files are stored -SYSCONFDIR=/etc -LOCALSTATEDIR=/var - -progname=$0 -auto_answer="" -port_number=22 - -privsep_configured=no -privsep_used=yes -sshd_in_passwd=no -sshd_in_sam=no - -request() -{ - if [ "${auto_answer}" = "yes" ] - then - echo "$1 (yes/no) yes" - return 0 - elif [ "${auto_answer}" = "no" ] - then - echo "$1 (yes/no) no" - return 1 - fi - - answer="" - while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ] - do - echo -n "$1 (yes/no) " - read -e answer - done - if [ "X${answer}" = "Xyes" ] - then - return 0 - else - return 1 - fi -} - -# Check options - -while : -do - case $# in - 0) - break - ;; - esac - - option=$1 - shift - - case "${option}" in - -d | --debug ) - set -x - ;; - - -y | --yes ) - auto_answer=yes - ;; - - -n | --no ) - auto_answer=no - ;; - - -c | --cygwin ) - cygwin_value="$1" - shift - ;; - - -p | --port ) - port_number=$1 - shift - ;; - - -w | --pwd ) - password_value="$1" - shift - ;; - - *) - echo "usage: ${progname} [OPTION]..." - echo - echo "This script creates an OpenSSH host configuration." - echo - echo "Options:" - echo " --debug -d Enable shell's debug output." - echo " --yes -y Answer all questions with \"yes\" automatically." - echo " --no -n Answer all questions with \"no\" automatically." - echo " --cygwin -c <options> Use \"options\" as value for CYGWIN environment var." - echo " --port -p <n> sshd listens on port n." - echo " --pwd -w <passwd> Use \"pwd\" as password for user 'sshd_server'." - echo - exit 1 - ;; - - esac -done - -# Check if running on NT -_sys="`uname`" -_nt=`expr "${_sys}" : "CYGWIN_NT"` -# If running on NT, check if running under 2003 Server or later -if [ ${_nt} -gt 0 ] -then - _nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'` -fi - -# Check for running ssh/sshd processes first. Refuse to do anything while -# some ssh processes are still running - -if ps -ef | grep -v grep | grep -q ssh -then - echo - echo "There are still ssh processes running. Please shut them down first." - echo - exit 1 -fi - -# Check for ${SYSCONFDIR} directory - -if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ] -then - echo - echo "${SYSCONFDIR} is existant but not a directory." - echo "Cannot create global configuration files." - echo - exit 1 -fi - -# Create it if necessary - -if [ ! -e "${SYSCONFDIR}" ] -then - mkdir "${SYSCONFDIR}" - if [ ! -e "${SYSCONFDIR}" ] - then - echo - echo "Creating ${SYSCONFDIR} directory failed" - echo - exit 1 - fi -fi - -# Create /var/log and /var/log/lastlog if not already existing - -if [ -f ${LOCALSTATEDIR}/log ] -then - echo "Creating ${LOCALSTATEDIR}/log failed!" -else - if [ ! -d ${LOCALSTATEDIR}/log ] - then - mkdir -p ${LOCALSTATEDIR}/log - fi - if [ -d ${LOCALSTATEDIR}/log/lastlog ] - then - chmod 777 ${LOCALSTATEDIR}/log/lastlog - elif [ ! -f ${LOCALSTATEDIR}/log/lastlog ] - then - cat /dev/null > ${LOCALSTATEDIR}/log/lastlog - chmod 666 ${LOCALSTATEDIR}/log/lastlog - fi -fi - -# Create /var/empty file used as chroot jail for privilege separation -if [ -f ${LOCALSTATEDIR}/empty ] -then - echo "Creating ${LOCALSTATEDIR}/empty failed!" -else - mkdir -p ${LOCALSTATEDIR}/empty - if [ ${_nt} -gt 0 ] - then - chmod 755 ${LOCALSTATEDIR}/empty - fi -fi - -# First generate host keys if not already existing - -if [ ! -f "${SYSCONFDIR}/ssh_host_key" ] -then - echo "Generating ${SYSCONFDIR}/ssh_host_key" - ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null -fi - -if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ] -then - echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key" - ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null -fi - -if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ] -then - echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key" - ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null -fi - -# Check if ssh_config exists. If yes, ask for overwriting - -if [ -f "${SYSCONFDIR}/ssh_config" ] -then - if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?" - then - rm -f "${SYSCONFDIR}/ssh_config" - if [ -f "${SYSCONFDIR}/ssh_config" ] - then - echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected." - fi - fi -fi - -# Create default ssh_config from skeleton file in /etc/defaults/etc - -if [ ! -f "${SYSCONFDIR}/ssh_config" ] -then - echo "Generating ${SYSCONFDIR}/ssh_config file" - cp ${SYSCONFDIR}/defaults/etc/ssh_config ${SYSCONFDIR}/ssh_config - if [ "${port_number}" != "22" ] - then - echo "Host localhost" >> ${SYSCONFDIR}/ssh_config - echo " Port ${port_number}" >> ${SYSCONFDIR}/ssh_config - fi -fi - -# Check if sshd_config exists. If yes, ask for overwriting - -if [ -f "${SYSCONFDIR}/sshd_config" ] -then - if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?" - then - rm -f "${SYSCONFDIR}/sshd_config" - if [ -f "${SYSCONFDIR}/sshd_config" ] - then - echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected." - fi - else - grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes - fi -fi - -# Prior to creating or modifying sshd_config, care for privilege separation - -if [ "${privsep_configured}" != "yes" ] -then - if [ ${_nt} -gt 0 ] - then - echo "Privilege separation is set to yes by default since OpenSSH 3.3." - echo "However, this requires a non-privileged account called 'sshd'." - echo "For more info on privilege separation read /usr/share/doc/openssh/README.privsep." - echo - if request "Should privilege separation be used?" - then - privsep_used=yes - grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes - net user sshd >/dev/null 2>&1 && sshd_in_sam=yes - if [ "${sshd_in_passwd}" != "yes" ] - then - if [ "${sshd_in_sam}" != "yes" ] - then - echo "Warning: The following function requires administrator privileges!" - if request "Should this script create a local user 'sshd' on this machine?" - then - dos_var_empty=`cygpath -w ${LOCALSTATEDIR}/empty` - net user sshd /add /fullname:"sshd privsep" "/homedir:${dos_var_empty}" /active:no > /dev/null 2>&1 && sshd_in_sam=yes - if [ "${sshd_in_sam}" != "yes" ] - then - echo "Warning: Creating the user 'sshd' failed!" - fi - fi - fi - if [ "${sshd_in_sam}" != "yes" ] - then - echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!" - echo " Privilege separation set to 'no' again!" - echo " Check your ${SYSCONFDIR}/sshd_config file!" - privsep_used=no - else - mkpasswd -l -u sshd | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd - fi - fi - else - privsep_used=no - fi - else - # On 9x don't use privilege separation. Since security isn't - # available it just adds useless additional processes. - privsep_used=no - fi -fi - -# Create default sshd_config from skeleton files in /etc/defaults/etc or -# modify to add the missing privsep configuration option - -if [ ! -f "${SYSCONFDIR}/sshd_config" ] -then - echo "Generating ${SYSCONFDIR}/sshd_config file" - sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/ - s/^#Port 22/Port ${port_number}/ - s/^#StrictModes yes/StrictModes no/" \ - < ${SYSCONFDIR}/defaults/etc/sshd_config \ - > ${SYSCONFDIR}/sshd_config -elif [ "${privsep_configured}" != "yes" ] -then - echo >> ${SYSCONFDIR}/sshd_config - echo "UsePrivilegeSeparation ${privsep_used}" >> ${SYSCONFDIR}/sshd_config -fi - -# Care for services file -_my_etcdir="/ssh-host-config.$$" -if [ ${_nt} -gt 0 ] -then - _win_etcdir="${SYSTEMROOT}\\system32\\drivers\\etc" - _services="${_my_etcdir}/services" - # On NT, 27 spaces, no space after the hash - _spaces=" #" -else - _win_etcdir="${WINDIR}" - _services="${_my_etcdir}/SERVICES" - # On 9x, 18 spaces (95 is very touchy), a space after the hash - _spaces=" # " -fi -_serv_tmp="${_my_etcdir}/srv.out.$$" - -mount -t -f "${_win_etcdir}" "${_my_etcdir}" - -# Depends on the above mount -_wservices=`cygpath -w "${_services}"` - -# Remove sshd 22/port from services -if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ] -then - grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}" - if [ -f "${_serv_tmp}" ] - then - if mv "${_serv_tmp}" "${_services}" - then - echo "Removing sshd from ${_wservices}" - else - echo "Removing sshd from ${_wservices} failed!" - fi - rm -f "${_serv_tmp}" - else - echo "Removing sshd from ${_wservices} failed!" - fi -fi - -# Add ssh 22/tcp and ssh 22/udp to services -if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ] -then - if awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp'"${_spaces}"'SSH Remote Login Protocol\nssh 22/udp'"${_spaces}"'SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}" - then - if mv "${_serv_tmp}" "${_services}" - then - echo "Added ssh to ${_wservices}" - else - echo "Adding ssh to ${_wservices} failed!" - fi - rm -f "${_serv_tmp}" - else - echo "WARNING: Adding ssh to ${_wservices} failed!" - fi -fi - -umount "${_my_etcdir}" - -# Care for inetd.conf file -_inetcnf="${SYSCONFDIR}/inetd.conf" -_inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$" - -if [ -f "${_inetcnf}" ] -then - # Check if ssh service is already in use as sshd - with_comment=1 - grep -q '^[ \t]*sshd' "${_inetcnf}" && with_comment=0 - # Remove sshd line from inetd.conf - if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ] - then - grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}" - if [ -f "${_inetcnf_tmp}" ] - then - if mv "${_inetcnf_tmp}" "${_inetcnf}" - then - echo "Removed sshd from ${_inetcnf}" - else - echo "Removing sshd from ${_inetcnf} failed!" - fi - rm -f "${_inetcnf_tmp}" - else - echo "Removing sshd from ${_inetcnf} failed!" - fi - fi - - # Add ssh line to inetd.conf - if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ] - then - if [ "${with_comment}" -eq 0 ] - then - echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" - else - echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" - fi - echo "Added ssh to ${_inetcnf}" - fi -fi - -# On NT ask if sshd should be installed as service -if [ ${_nt} -gt 0 ] -then - # But only if it is not already installed - if ! cygrunsrv -Q sshd > /dev/null 2>&1 - then - echo - echo - echo "Warning: The following functions require administrator privileges!" - echo - echo "Do you want to install sshd as service?" - if request "(Say \"no\" if it's already installed as service)" - then - if [ $_nt2003 -gt 0 ] - then - grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && sshd_server_in_passwd=yes - if [ "${sshd_server_in_passwd}" = "yes" ] - then - # Drop sshd_server from passwd since it could have wrong settings - grep -v '^sshd_server:' ${SYSCONFDIR}/passwd > ${SYSCONFDIR}/passwd.$$ - rm -f ${SYSCONFDIR}/passwd - mv ${SYSCONFDIR}/passwd.$$ ${SYSCONFDIR}/passwd - chmod g-w,o-w ${SYSCONFDIR}/passwd - fi - net user sshd_server >/dev/null 2>&1 && sshd_server_in_sam=yes - if [ "${sshd_server_in_sam}" != "yes" ] - then - echo - echo "You appear to be running Windows 2003 Server or later. On 2003 and" - echo "later systems, it's not possible to use the LocalSystem account" - echo "if sshd should allow passwordless logon (e. g. public key authentication)." - echo "If you want to enable that functionality, it's required to create a new" - echo "account 'sshd_server' with special privileges, which is then used to run" - echo "the sshd service under." - echo - echo "Should this script create a new local account 'sshd_server' which has" - if request "the required privileges?" - then - _admingroup=`awk -F: '{if ( $2 == "S-1-5-32-544" ) print $1;}' ${SYSCONFDIR}/group` - if [ -z "${_admingroup}" ] - then - echo "There's no group with SID S-1-5-32-544 (Local administrators group) in" - echo "your ${SYSCONFDIR}/group file. Please regenerate this entry using 'mkgroup -l'" - echo "and restart this script." - exit 1 - fi - dos_var_empty=`cygpath -w ${LOCALSTATEDIR}/empty` - while [ "${sshd_server_in_sam}" != "yes" ] - do - if [ -n "${password_value}" ] - then - _password="${password_value}" - # Allow to ask for password if first try fails - password_value="" - else - echo - echo "Please enter a password for new user 'sshd_server'. Please be sure that" - echo "this password matches the password rules given on your system." - echo -n "Entering no password will exit the configuration. PASSWORD=" - read -e _password - if [ -z "${_password}" ] - then - echo - echo "Exiting configuration. No user sshd_server has been created," - echo "no sshd service installed." - exit 1 - fi - fi - net user sshd_server "${_password}" /add /fullname:"sshd server account" "/homedir:${dos_var_empty}" /yes > /tmp/nu.$$ 2>&1 && sshd_server_in_sam=yes - if [ "${sshd_server_in_sam}" != "yes" ] - then - echo "Creating the user 'sshd_server' failed! Reason:" - cat /tmp/nu.$$ - rm /tmp/nu.$$ - fi - done - net localgroup "${_admingroup}" sshd_server /add > /dev/null 2>&1 && sshd_server_in_admingroup=yes - if [ "${sshd_server_in_admingroup}" != "yes" ] - then - echo "WARNING: Adding user sshd_server to local group ${_admingroup} failed!" - echo "Please add sshd_server to local group ${_admingroup} before" - echo "starting the sshd service!" - echo - fi - passwd_has_expiry_flags=`passwd -v | awk '/^passwd /{print ( $3 >= 1.5 ) ? "yes" : "no";}'` - if [ "${passwd_has_expiry_flags}" != "yes" ] - then - echo - echo "WARNING: User sshd_server has password expiry set to system default." - echo "Please check that password never expires or set it to your needs." - elif ! passwd -e sshd_server - then - echo - echo "WARNING: Setting password expiry for user sshd_server failed!" - echo "Please check that password never expires or set it to your needs." - fi - editrights -a SeAssignPrimaryTokenPrivilege -u sshd_server && - editrights -a SeCreateTokenPrivilege -u sshd_server && - editrights -a SeDenyInteractiveLogonRight -u sshd_server && - editrights -a SeDenyNetworkLogonRight -u sshd_server && - editrights -a SeDenyRemoteInteractiveLogonRight -u sshd_server && - editrights -a SeIncreaseQuotaPrivilege -u sshd_server && - editrights -a SeServiceLogonRight -u sshd_server && - sshd_server_got_all_rights="yes" - if [ "${sshd_server_got_all_rights}" != "yes" ] - then - echo - echo "Assigning the appropriate privileges to user 'sshd_server' failed!" - echo "Can't create sshd service!" - exit 1 - fi - echo - echo "User 'sshd_server' has been created with password '${_password}'." - echo "If you change the password, please keep in mind to change the password" - echo "for the sshd service, too." - echo - echo "Also keep in mind that the user sshd_server needs read permissions on all" - echo "users' .ssh/authorized_keys file to allow public key authentication for" - echo "these users!. (Re-)running ssh-user-config for each user will set the" - echo "required permissions correctly." - echo - fi - fi - if [ "${sshd_server_in_sam}" = "yes" ] - then - mkpasswd -l -u sshd_server | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd - fi - fi - if [ -n "${cygwin_value}" ] - then - _cygwin="${cygwin_value}" - else - echo - echo "Which value should the environment variable CYGWIN have when" - echo "sshd starts? It's recommended to set at least \"ntsec\" to be" - echo "able to change user context without password." - echo -n "Default is \"ntsec\". CYGWIN=" - read -e _cygwin - fi - [ -z "${_cygwin}" ] && _cygwin="ntsec" - if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ] - then - if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -u sshd_server -w "${_password}" -e "CYGWIN=${_cygwin}" - then - echo - echo "The service has been installed under sshd_server account." - echo "To start the service, call \`net start sshd' or \`cygrunsrv -S sshd'." - fi - else - if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}" - then - echo - echo "The service has been installed under LocalSystem account." - echo "To start the service, call \`net start sshd' or \`cygrunsrv -S sshd'." - fi - fi - fi - # Now check if sshd has been successfully installed. This allows to - # set the ownership of the affected files correctly. - if cygrunsrv -Q sshd > /dev/null 2>&1 - then - if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ] - then - _user="sshd_server" - else - _user="system" - fi - chown "${_user}" ${SYSCONFDIR}/ssh* - chown "${_user}".544 ${LOCALSTATEDIR}/empty - if [ -f ${LOCALSTATEDIR}/log/sshd.log ] - then - chown "${_user}".544 ${LOCALSTATEDIR}/log/sshd.log - fi - fi - fi -fi - -echo -echo "Host configuration finished. Have fun!" diff --git a/crypto/openssh/contrib/cygwin/ssh-user-config b/crypto/openssh/contrib/cygwin/ssh-user-config deleted file mode 100644 index fe07ce3..0000000 --- a/crypto/openssh/contrib/cygwin/ssh-user-config +++ /dev/null @@ -1,250 +0,0 @@ -#!/bin/sh -# -# ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc. -# -# This file is part of the Cygwin port of OpenSSH. - -# Directory where the config files are stored -SYSCONFDIR=/etc - -progname=$0 -auto_answer="" -auto_passphrase="no" -passphrase="" - -request() -{ - if [ "${auto_answer}" = "yes" ] - then - return 0 - elif [ "${auto_answer}" = "no" ] - then - return 1 - fi - - answer="" - while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ] - do - echo -n "$1 (yes/no) " - read answer - done - if [ "X${answer}" = "Xyes" ] - then - return 0 - else - return 1 - fi -} - -# Check if running on NT -_sys="`uname -a`" -_nt=`expr "$_sys" : "CYGWIN_NT"` -# If running on NT, check if running under 2003 Server or later -if [ $_nt -gt 0 ] -then - _nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'` -fi - -# Check options - -while : -do - case $# in - 0) - break - ;; - esac - - option=$1 - shift - - case "$option" in - -d | --debug ) - set -x - ;; - - -y | --yes ) - auto_answer=yes - ;; - - -n | --no ) - auto_answer=no - ;; - - -p | --passphrase ) - with_passphrase="yes" - passphrase=$1 - shift - ;; - - *) - echo "usage: ${progname} [OPTION]..." - echo - echo "This script creates an OpenSSH user configuration." - echo - echo "Options:" - echo " --debug -d Enable shell's debug output." - echo " --yes -y Answer all questions with \"yes\" automatically." - echo " --no -n Answer all questions with \"no\" automatically." - echo " --passphrase -p word Use \"word\" as passphrase automatically." - echo - exit 1 - ;; - - esac -done - -# Ask user if user identity should be generated - -if [ ! -f ${SYSCONFDIR}/passwd ] -then - echo "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" - echo 'first using mkpasswd. Check if it contains an entry for you and' - echo 'please care for the home directory in your entry as well.' - exit 1 -fi - -uid=`id -u` -pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd` - -if [ "X${pwdhome}" = "X" ] -then - echo "There is no home directory set for you in ${SYSCONFDIR}/passwd." - echo 'Setting $HOME is not sufficient!' - exit 1 -fi - -if [ ! -d "${pwdhome}" ] -then - echo "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" - echo 'but it is not a valid directory. Cannot create user identity files.' - exit 1 -fi - -# If home is the root dir, set home to empty string to avoid error messages -# in subsequent parts of that script. -if [ "X${pwdhome}" = "X/" ] -then - # But first raise a warning! - echo "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!" - if request "Would you like to proceed anyway?" - then - pwdhome='' - else - exit 1 - fi -fi - -if [ -d "${pwdhome}" -a $_nt -gt 0 -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ] -then - echo - echo 'WARNING: group and other have been revoked write permission to your home' - echo " directory ${pwdhome}." - echo ' This is required by OpenSSH to allow public key authentication using' - echo ' the key files stored in your .ssh subdirectory.' - echo ' Revert this change ONLY if you know what you are doing!' - echo -fi - -if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ] -then - echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files." - exit 1 -fi - -if [ ! -e "${pwdhome}/.ssh" ] -then - mkdir "${pwdhome}/.ssh" - if [ ! -e "${pwdhome}/.ssh" ] - then - echo "Creating users ${pwdhome}/.ssh directory failed" - exit 1 - fi -fi - -if [ $_nt -gt 0 ] -then - _user="system" - if [ $_nt2003 -gt 0 ] - then - grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && _user="sshd_server" - fi - if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh" - then - echo "${pwdhome}/.ssh couldn't be given the correct permissions." - echo "Please try to solve this problem first." - exit 1 - fi -fi - -if [ ! -f "${pwdhome}/.ssh/identity" ] -then - if request "Shall I create an SSH1 RSA identity file for you?" - then - echo "Generating ${pwdhome}/.ssh/identity" - if [ "${with_passphrase}" = "yes" ] - then - ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null - else - ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null - fi - if request "Do you want to use this identity to login to this machine?" - then - echo "Adding to ${pwdhome}/.ssh/authorized_keys" - cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys" - fi - fi -fi - -if [ ! -f "${pwdhome}/.ssh/id_rsa" ] -then - if request "Shall I create an SSH2 RSA identity file for you? (yes/no) " - then - echo "Generating ${pwdhome}/.ssh/id_rsa" - if [ "${with_passphrase}" = "yes" ] - then - ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null - else - ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null - fi - if request "Do you want to use this identity to login to this machine?" - then - echo "Adding to ${pwdhome}/.ssh/authorized_keys" - cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys" - fi - fi -fi - -if [ ! -f "${pwdhome}/.ssh/id_dsa" ] -then - if request "Shall I create an SSH2 DSA identity file for you? (yes/no) " - then - echo "Generating ${pwdhome}/.ssh/id_dsa" - if [ "${with_passphrase}" = "yes" ] - then - ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null - else - ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null - fi - if request "Do you want to use this identity to login to this machine?" - then - echo "Adding to ${pwdhome}/.ssh/authorized_keys" - cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys" - fi - fi -fi - -if [ $_nt -gt 0 -a -e "${pwdhome}/.ssh/authorized_keys" ] -then - if ! setfacl -m "u::rw-,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh/authorized_keys" - then - echo - echo "WARNING: Setting correct permissions to ${pwdhome}/.ssh/authorized_keys" - echo "failed. Please care for the correct permissions. The minimum requirement" - echo "is, the owner and ${_user} both need read permissions." - echo - fi -fi - -echo -echo "Configuration finished. Have fun!" diff --git a/crypto/openssh/contrib/findssl.sh b/crypto/openssh/contrib/findssl.sh deleted file mode 100644 index 0c08d4a..0000000 --- a/crypto/openssh/contrib/findssl.sh +++ /dev/null @@ -1,159 +0,0 @@ -#!/bin/sh -# -# findssl.sh -# Search for all instances of OpenSSL headers and libraries -# and print their versions. -# Intended to help diagnose OpenSSH's "OpenSSL headers do not -# match your library" errors. -# -# Written by Darren Tucker (dtucker at zip dot com dot au) -# This file is placed in the public domain. -# -# $Id: findssl.sh,v 1.2 2003/11/21 12:48:56 djm Exp $ -# 2002-07-27: Initial release. -# 2002-08-04: Added public domain notice. -# 2003-06-24: Incorporated readme, set library paths. First cvs version. -# -# "OpenSSL headers do not match your library" are usually caused by -# OpenSSH's configure picking up an older version of OpenSSL headers -# or libraries. You can use the following # procedure to help identify -# the cause. -# -# The output of configure will tell you the versions of the OpenSSL -# headers and libraries that were picked up, for example: -# -# checking OpenSSL header version... 90604f (OpenSSL 0.9.6d 9 May 2002) -# checking OpenSSL library version... 90602f (OpenSSL 0.9.6b [engine] 9 Jul 2001) -# checking whether OpenSSL's headers match the library... no -# configure: error: Your OpenSSL headers do not match your library -# -# Now run findssl.sh. This should identify the headers and libraries -# present and their versions. You should be able to identify the -# libraries and headers used and adjust your CFLAGS or remove incorrect -# versions. The output will show OpenSSL's internal version identifier -# and should look something like: - -# $ ./findssl.sh -# Searching for OpenSSL header files. -# 0x0090604fL /usr/include/openssl/opensslv.h -# 0x0090604fL /usr/local/ssl/include/openssl/opensslv.h -# -# Searching for OpenSSL shared library files. -# 0x0090602fL /lib/libcrypto.so.0.9.6b -# 0x0090602fL /lib/libcrypto.so.2 -# 0x0090581fL /usr/lib/libcrypto.so.0 -# 0x0090602fL /usr/lib/libcrypto.so -# 0x0090581fL /usr/lib/libcrypto.so.0.9.5a -# 0x0090600fL /usr/lib/libcrypto.so.0.9.6 -# 0x0090600fL /usr/lib/libcrypto.so.1 -# -# Searching for OpenSSL static library files. -# 0x0090602fL /usr/lib/libcrypto.a -# 0x0090604fL /usr/local/ssl/lib/libcrypto.a -# -# In this example, I gave configure no extra flags, so it's picking up -# the OpenSSL header from /usr/include/openssl (90604f) and the library -# from /usr/lib/ (90602f). - -# -# Adjust these to suit your compiler. -# You may also need to set the *LIB*PATH environment variables if -# DEFAULT_LIBPATH is not correct for your system. -# -CC=gcc -STATIC=-static - -# -# Set up conftest C source -# -rm -f findssl.log -cat >conftest.c <<EOD -#include <stdio.h> -int main(){printf("0x%08xL\n", SSLeay());} -EOD - -# -# Set default library paths if not already set -# -DEFAULT_LIBPATH=/usr/lib:/usr/local/lib -LIBPATH=${LIBPATH:=$DEFAULT_LIBPATH} -LD_LIBRARY_PATH=${LD_LIBRARY_PATH:=$DEFAULT_LIBPATH} -LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH} -export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH - -# -# Search for OpenSSL headers and print versions -# -echo Searching for OpenSSL header files. -if [ -x "`which locate`" ] -then - headers=`locate opensslv.h` -else - headers=`find / -name opensslv.h -print 2>/dev/null` -fi - -for header in $headers -do - ver=`awk '/OPENSSL_VERSION_NUMBER/{printf \$3}' $header` - echo "$ver $header" -done -echo - -# -# Search for shared libraries. -# Relies on shared libraries looking like "libcrypto.s*" -# -echo Searching for OpenSSL shared library files. -if [ -x "`which locate`" ] -then - libraries=`locate libcrypto.s` -else - libraries=`find / -name 'libcrypto.s*' -print 2>/dev/null` -fi - -for lib in $libraries -do - (echo "Trying libcrypto $lib" >>findssl.log - dir=`dirname $lib` - LIBPATH="$dir:$LIBPATH" - LD_LIBRARY_PATH="$dir:$LIBPATH" - LIBRARY_PATH="$dir:$LIBPATH" - export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH - ${CC} -o conftest conftest.c $lib 2>>findssl.log - if [ -x ./conftest ] - then - ver=`./conftest 2>/dev/null` - rm -f ./conftest - echo "$ver $lib" - fi) -done -echo - -# -# Search for static OpenSSL libraries and print versions -# -echo Searching for OpenSSL static library files. -if [ -x "`which locate`" ] -then - libraries=`locate libcrypto.a` -else - libraries=`find / -name libcrypto.a -print 2>/dev/null` -fi - -for lib in $libraries -do - libdir=`dirname $lib` - echo "Trying libcrypto $lib" >>findssl.log - ${CC} ${STATIC} -o conftest conftest.c -L${libdir} -lcrypto 2>>findssl.log - if [ -x ./conftest ] - then - ver=`./conftest 2>/dev/null` - rm -f ./conftest - echo "$ver $lib" - fi -done - -# -# Clean up -# -rm -f conftest.c diff --git a/crypto/openssh/contrib/gnome-ssh-askpass1.c b/crypto/openssh/contrib/gnome-ssh-askpass1.c deleted file mode 100644 index 4d51032..0000000 --- a/crypto/openssh/contrib/gnome-ssh-askpass1.c +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Copyright (c) 2000-2002 Damien Miller. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * This is a simple GNOME SSH passphrase grabber. To use it, set the - * environment variable SSH_ASKPASS to point to the location of - * gnome-ssh-askpass before calling "ssh-add < /dev/null". - * - * There is only two run-time options: if you set the environment variable - * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab - * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the - * pointer will be grabbed too. These may have some benefit to security if - * you don't trust your X server. We grab the keyboard always. - */ - -/* - * Compile with: - * - * cc `gnome-config --cflags gnome gnomeui` \ - * gnome-ssh-askpass1.c -o gnome-ssh-askpass \ - * `gnome-config --libs gnome gnomeui` - * - */ - -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <gnome.h> -#include <X11/Xlib.h> -#include <gdk/gdkx.h> - -void -report_failed_grab (void) -{ - GtkWidget *err; - - err = gnome_message_box_new("Could not grab keyboard or mouse.\n" - "A malicious client may be eavesdropping on your session.", - GNOME_MESSAGE_BOX_ERROR, "EXIT", NULL); - gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER); - gtk_object_set(GTK_OBJECT(err), "type", GTK_WINDOW_POPUP, NULL); - - gnome_dialog_run_and_close(GNOME_DIALOG(err)); -} - -int -passphrase_dialog(char *message) -{ - char *passphrase; - char **messages; - int result, i, grab_server, grab_pointer; - GtkWidget *dialog, *entry, *label; - - grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL); - grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL); - - dialog = gnome_dialog_new("OpenSSH", GNOME_STOCK_BUTTON_OK, - GNOME_STOCK_BUTTON_CANCEL, NULL); - - messages = g_strsplit(message, "\\n", 0); - if (messages) - for(i = 0; messages[i]; i++) { - label = gtk_label_new(messages[i]); - gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), - label, FALSE, FALSE, 0); - } - - entry = gtk_entry_new(); - gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), entry, FALSE, - FALSE, 0); - gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE); - gtk_widget_grab_focus(entry); - - /* Center window and prepare for grab */ - gtk_object_set(GTK_OBJECT(dialog), "type", GTK_WINDOW_POPUP, NULL); - gnome_dialog_set_default(GNOME_DIALOG(dialog), 0); - gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER); - gtk_window_set_policy(GTK_WINDOW(dialog), FALSE, FALSE, TRUE); - gnome_dialog_close_hides(GNOME_DIALOG(dialog), TRUE); - gtk_container_set_border_width(GTK_CONTAINER(GNOME_DIALOG(dialog)->vbox), - GNOME_PAD); - gtk_widget_show_all(dialog); - - /* Grab focus */ - if (grab_server) - XGrabServer(GDK_DISPLAY()); - if (grab_pointer && gdk_pointer_grab(dialog->window, TRUE, 0, - NULL, NULL, GDK_CURRENT_TIME)) - goto nograb; - if (gdk_keyboard_grab(dialog->window, FALSE, GDK_CURRENT_TIME)) - goto nograbkb; - - /* Make <enter> close dialog */ - gnome_dialog_editable_enters(GNOME_DIALOG(dialog), GTK_EDITABLE(entry)); - - /* Run dialog */ - result = gnome_dialog_run(GNOME_DIALOG(dialog)); - - /* Ungrab */ - if (grab_server) - XUngrabServer(GDK_DISPLAY()); - if (grab_pointer) - gdk_pointer_ungrab(GDK_CURRENT_TIME); - gdk_keyboard_ungrab(GDK_CURRENT_TIME); - gdk_flush(); - - /* Report passphrase if user selected OK */ - passphrase = gtk_entry_get_text(GTK_ENTRY(entry)); - if (result == 0) - puts(passphrase); - - /* Zero passphrase in memory */ - memset(passphrase, '\0', strlen(passphrase)); - gtk_entry_set_text(GTK_ENTRY(entry), passphrase); - - gnome_dialog_close(GNOME_DIALOG(dialog)); - return (result == 0 ? 0 : -1); - - /* At least one grab failed - ungrab what we got, and report - the failure to the user. Note that XGrabServer() cannot - fail. */ - nograbkb: - gdk_pointer_ungrab(GDK_CURRENT_TIME); - nograb: - if (grab_server) - XUngrabServer(GDK_DISPLAY()); - gnome_dialog_close(GNOME_DIALOG(dialog)); - - report_failed_grab(); - return (-1); -} - -int -main(int argc, char **argv) -{ - char *message; - int result; - - gnome_init("GNOME ssh-askpass", "0.1", argc, argv); - - if (argc == 2) - message = argv[1]; - else - message = "Enter your OpenSSH passphrase:"; - - setvbuf(stdout, 0, _IONBF, 0); - result = passphrase_dialog(message); - - return (result); -} diff --git a/crypto/openssh/contrib/gnome-ssh-askpass2.c b/crypto/openssh/contrib/gnome-ssh-askpass2.c deleted file mode 100644 index 0ce8dae..0000000 --- a/crypto/openssh/contrib/gnome-ssh-askpass2.c +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Copyright (c) 2000-2002 Damien Miller. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* GTK2 support by Nalin Dahyabhai <nalin@redhat.com> */ - -/* - * This is a simple GNOME SSH passphrase grabber. To use it, set the - * environment variable SSH_ASKPASS to point to the location of - * gnome-ssh-askpass before calling "ssh-add < /dev/null". - * - * There is only two run-time options: if you set the environment variable - * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab - * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the - * pointer will be grabbed too. These may have some benefit to security if - * you don't trust your X server. We grab the keyboard always. - */ - -#define GRAB_TRIES 16 -#define GRAB_WAIT 250 /* milliseconds */ - -/* - * Compile with: - * - * cc -Wall `pkg-config --cflags gtk+-2.0` \ - * gnome-ssh-askpass2.c -o gnome-ssh-askpass \ - * `pkg-config --libs gtk+-2.0` - * - */ - -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <unistd.h> -#include <X11/Xlib.h> -#include <gtk/gtk.h> -#include <gdk/gdkx.h> - -static void -report_failed_grab (const char *what) -{ - GtkWidget *err; - - err = gtk_message_dialog_new(NULL, 0, - GTK_MESSAGE_ERROR, - GTK_BUTTONS_CLOSE, - "Could not grab %s. " - "A malicious client may be eavesdropping " - "on your session.", what); - gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER); - gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(err))->label), - TRUE); - - gtk_dialog_run(GTK_DIALOG(err)); - - gtk_widget_destroy(err); -} - -static void -ok_dialog(GtkWidget *entry, gpointer dialog) -{ - g_return_if_fail(GTK_IS_DIALOG(dialog)); - gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK); -} - -static int -passphrase_dialog(char *message) -{ - const char *failed; - char *passphrase, *local; - int result, grab_tries, grab_server, grab_pointer; - GtkWidget *dialog, *entry; - GdkGrabStatus status; - - grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL); - grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL); - grab_tries = 0; - - dialog = gtk_message_dialog_new(NULL, 0, - GTK_MESSAGE_QUESTION, - GTK_BUTTONS_OK_CANCEL, - "%s", - message); - - entry = gtk_entry_new(); - gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE, - FALSE, 0); - gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE); - gtk_widget_grab_focus(entry); - gtk_widget_show(entry); - - gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH"); - gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER); - gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(dialog))->label), - TRUE); - - /* Make <enter> close dialog */ - gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK); - g_signal_connect(G_OBJECT(entry), "activate", - G_CALLBACK(ok_dialog), dialog); - - /* Grab focus */ - gtk_widget_show_now(dialog); - if (grab_pointer) { - for(;;) { - status = gdk_pointer_grab( - (GTK_WIDGET(dialog))->window, TRUE, 0, NULL, - NULL, GDK_CURRENT_TIME); - if (status == GDK_GRAB_SUCCESS) - break; - usleep(GRAB_WAIT * 1000); - if (++grab_tries > GRAB_TRIES) { - failed = "mouse"; - goto nograb; - } - } - } - for(;;) { - status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window, - FALSE, GDK_CURRENT_TIME); - if (status == GDK_GRAB_SUCCESS) - break; - usleep(GRAB_WAIT * 1000); - if (++grab_tries > GRAB_TRIES) { - failed = "keyboard"; - goto nograbkb; - } - } - if (grab_server) { - gdk_x11_grab_server(); - } - - result = gtk_dialog_run(GTK_DIALOG(dialog)); - - /* Ungrab */ - if (grab_server) - XUngrabServer(GDK_DISPLAY()); - if (grab_pointer) - gdk_pointer_ungrab(GDK_CURRENT_TIME); - gdk_keyboard_ungrab(GDK_CURRENT_TIME); - gdk_flush(); - - /* Report passphrase if user selected OK */ - passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry))); - if (result == GTK_RESPONSE_OK) { - local = g_locale_from_utf8(passphrase, strlen(passphrase), - NULL, NULL, NULL); - if (local != NULL) { - puts(local); - memset(local, '\0', strlen(local)); - g_free(local); - } else { - puts(passphrase); - } - } - - /* Zero passphrase in memory */ - memset(passphrase, '\b', strlen(passphrase)); - gtk_entry_set_text(GTK_ENTRY(entry), passphrase); - memset(passphrase, '\0', strlen(passphrase)); - g_free(passphrase); - - gtk_widget_destroy(dialog); - return (result == GTK_RESPONSE_OK ? 0 : -1); - - /* At least one grab failed - ungrab what we got, and report - the failure to the user. Note that XGrabServer() cannot - fail. */ - nograbkb: - gdk_pointer_ungrab(GDK_CURRENT_TIME); - nograb: - if (grab_server) - XUngrabServer(GDK_DISPLAY()); - gtk_widget_destroy(dialog); - - report_failed_grab(failed); - - return (-1); -} - -int -main(int argc, char **argv) -{ - char *message; - int result; - - gtk_init(&argc, &argv); - - if (argc > 1) { - message = g_strjoinv(" ", argv + 1); - } else { - message = g_strdup("Enter your OpenSSH passphrase:"); - } - - setvbuf(stdout, 0, _IONBF, 0); - result = passphrase_dialog(message); - g_free(message); - - return (result); -} diff --git a/crypto/openssh/contrib/hpux/README b/crypto/openssh/contrib/hpux/README deleted file mode 100644 index f8bfa84..0000000 --- a/crypto/openssh/contrib/hpux/README +++ /dev/null @@ -1,45 +0,0 @@ -README for OpenSSH HP-UX contrib files -Kevin Steves <stevesk@pobox.com> - -sshd: configuration file for sshd.rc -sshd.rc: SSH startup script -egd: configuration file for egd.rc -egd.rc: EGD (entropy gathering daemon) startup script - -To install: - -sshd.rc: - -o Verify paths in sshd.rc match your local installation - (WHAT_PATH and WHAT_PID) -o Customize sshd if needed (SSHD_ARGS) -o Install: - - # cp sshd /etc/rc.config.d - # chmod 444 /etc/rc.config.d/sshd - # cp sshd.rc /sbin/init.d - # chmod 555 /sbin/init.d/sshd.rc - # ln -s /sbin/init.d/sshd.rc /sbin/rc1.d/K100sshd - # ln -s /sbin/init.d/sshd.rc /sbin/rc2.d/S900sshd - -egd.rc: - -o Verify egd.pl path in egd.rc matches your local installation - (WHAT_PATH) -o Customize egd if needed (EGD_ARGS and EGD_LOG) -o Add pseudo account: - - # groupadd egd - # useradd -g egd egd - # mkdir -p /etc/opt/egd - # chown egd:egd /etc/opt/egd - # chmod 711 /etc/opt/egd - -o Install: - - # cp egd /etc/rc.config.d - # chmod 444 /etc/rc.config.d/egd - # cp egd.rc /sbin/init.d - # chmod 555 /sbin/init.d/egd.rc - # ln -s /sbin/init.d/egd.rc /sbin/rc1.d/K600egd - # ln -s /sbin/init.d/egd.rc /sbin/rc2.d/S400egd diff --git a/crypto/openssh/contrib/hpux/egd b/crypto/openssh/contrib/hpux/egd deleted file mode 100644 index 21af0bd..0000000 --- a/crypto/openssh/contrib/hpux/egd +++ /dev/null @@ -1,15 +0,0 @@ -# EGD_START: Set to 1 to start entropy gathering daemon -# EGD_ARGS: Command line arguments to pass to egd -# EGD_LOG: EGD stdout and stderr log file (default /etc/opt/egd/egd.log) -# -# To configure the egd environment: - -# groupadd egd -# useradd -g egd egd -# mkdir -p /etc/opt/egd -# chown egd:egd /etc/opt/egd -# chmod 711 /etc/opt/egd - -EGD_START=1 -EGD_ARGS='/etc/opt/egd/entropy' -EGD_LOG= diff --git a/crypto/openssh/contrib/hpux/egd.rc b/crypto/openssh/contrib/hpux/egd.rc deleted file mode 100755 index 919dea7..0000000 --- a/crypto/openssh/contrib/hpux/egd.rc +++ /dev/null @@ -1,98 +0,0 @@ -#!/sbin/sh - -# -# egd.rc: EGD start-up and shutdown script -# - -# Allowed exit values: -# 0 = success; causes "OK" to show up in checklist. -# 1 = failure; causes "FAIL" to show up in checklist. -# 2 = skip; causes "N/A" to show up in the checklist. -# Use this value if execution of this script is overridden -# by the use of a control variable, or if this script is not -# appropriate to execute for some other reason. -# 3 = reboot; causes the system to be rebooted after execution. - -# Input and output: -# stdin is redirected from /dev/null -# -# stdout and stderr are redirected to the /etc/rc.log file -# during checklist mode, or to the console in raw mode. - -umask 022 - -PATH=/usr/sbin:/usr/bin:/sbin -export PATH - -WHAT='EGD (entropy gathering daemon)' -WHAT_PATH=/opt/perl/bin/egd.pl -WHAT_CONFIG=/etc/rc.config.d/egd -WHAT_LOG=/etc/opt/egd/egd.log - -# NOTE: If your script executes in run state 0 or state 1, then /usr might -# not be available. Do not attempt to access commands or files in -# /usr unless your script executes in run state 2 or greater. Other -# file systems typically not mounted until run state 2 include /var -# and /opt. - -rval=0 - -# Check the exit value of a command run by this script. If non-zero, the -# exit code is echoed to the log file and the return value of this script -# is set to indicate failure. - -set_return() { - x=$? - if [ $x -ne 0 ]; then - echo "EXIT CODE: $x" - rval=1 # script FAILed - fi -} - -case $1 in -'start_msg') - echo "Starting $WHAT" - ;; - -'stop_msg') - echo "Stopping $WHAT" - ;; - -'start') - if [ -f $WHAT_CONFIG ] ; then - . $WHAT_CONFIG - else - echo "ERROR: $WHAT_CONFIG defaults file MISSING" - fi - - - if [ "$EGD_START" -eq 1 -a -x $WHAT_PATH ]; then - EGD_LOG=${EGD_LOG:-$WHAT_LOG} - su egd -c "nohup $WHAT_PATH $EGD_ARGS >$EGD_LOG 2>&1" && - echo $WHAT started - set_return - else - rval=2 - fi - ;; - -'stop') - pid=`ps -fuegd | awk '$1 == "egd" { print $2 }'` - if [ "X$pid" != "X" ]; then - if kill "$pid"; then - echo "$WHAT stopped" - else - rval=1 - echo "Unable to stop $WHAT" - fi - fi - set_return - ;; - -*) - echo "usage: $0 {start|stop|start_msg|stop_msg}" - rval=1 - ;; -esac - -exit $rval diff --git a/crypto/openssh/contrib/hpux/sshd b/crypto/openssh/contrib/hpux/sshd deleted file mode 100644 index 8eb5e92..0000000 --- a/crypto/openssh/contrib/hpux/sshd +++ /dev/null @@ -1,5 +0,0 @@ -# SSHD_START: Set to 1 to start SSH daemon -# SSHD_ARGS: Command line arguments to pass to sshd -# -SSHD_START=1 -SSHD_ARGS= diff --git a/crypto/openssh/contrib/hpux/sshd.rc b/crypto/openssh/contrib/hpux/sshd.rc deleted file mode 100755 index f9a1099..0000000 --- a/crypto/openssh/contrib/hpux/sshd.rc +++ /dev/null @@ -1,90 +0,0 @@ -#!/sbin/sh - -# -# sshd.rc: SSH daemon start-up and shutdown script -# - -# Allowed exit values: -# 0 = success; causes "OK" to show up in checklist. -# 1 = failure; causes "FAIL" to show up in checklist. -# 2 = skip; causes "N/A" to show up in the checklist. -# Use this value if execution of this script is overridden -# by the use of a control variable, or if this script is not -# appropriate to execute for some other reason. -# 3 = reboot; causes the system to be rebooted after execution. - -# Input and output: -# stdin is redirected from /dev/null -# -# stdout and stderr are redirected to the /etc/rc.log file -# during checklist mode, or to the console in raw mode. - -PATH=/usr/sbin:/usr/bin:/sbin -export PATH - -WHAT='OpenSSH' -WHAT_PATH=/opt/openssh/sbin/sshd -WHAT_PID=/var/run/sshd.pid -WHAT_CONFIG=/etc/rc.config.d/sshd - -# NOTE: If your script executes in run state 0 or state 1, then /usr might -# not be available. Do not attempt to access commands or files in -# /usr unless your script executes in run state 2 or greater. Other -# file systems typically not mounted until run state 2 include /var -# and /opt. - -rval=0 - -# Check the exit value of a command run by this script. If non-zero, the -# exit code is echoed to the log file and the return value of this script -# is set to indicate failure. - -set_return() { - x=$? - if [ $x -ne 0 ]; then - echo "EXIT CODE: $x" - rval=1 # script FAILed - fi -} - -case $1 in -'start_msg') - echo "Starting $WHAT" - ;; - -'stop_msg') - echo "Stopping $WHAT" - ;; - -'start') - if [ -f $WHAT_CONFIG ] ; then - . $WHAT_CONFIG - else - echo "ERROR: $WHAT_CONFIG defaults file MISSING" - fi - - if [ "$SSHD_START" -eq 1 -a -x "$WHAT_PATH" ]; then - $WHAT_PATH $SSHD_ARGS && echo "$WHAT started" - set_return - else - rval=2 - fi - ;; - -'stop') - if kill `cat $WHAT_PID`; then - echo "$WHAT stopped" - else - rval=1 - echo "Unable to stop $WHAT" - fi - set_return - ;; - -*) - echo "usage: $0 {start|stop|start_msg|stop_msg}" - rval=1 - ;; -esac - -exit $rval diff --git a/crypto/openssh/contrib/redhat/gnome-ssh-askpass.csh b/crypto/openssh/contrib/redhat/gnome-ssh-askpass.csh deleted file mode 100644 index dd77712..0000000 --- a/crypto/openssh/contrib/redhat/gnome-ssh-askpass.csh +++ /dev/null @@ -1 +0,0 @@ -setenv SSH_ASKPASS /usr/libexec/openssh/gnome-ssh-askpass diff --git a/crypto/openssh/contrib/redhat/gnome-ssh-askpass.sh b/crypto/openssh/contrib/redhat/gnome-ssh-askpass.sh deleted file mode 100644 index 355189f..0000000 --- a/crypto/openssh/contrib/redhat/gnome-ssh-askpass.sh +++ /dev/null @@ -1,2 +0,0 @@ -SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass -export SSH_ASKPASS diff --git a/crypto/openssh/contrib/redhat/openssh.spec b/crypto/openssh/contrib/redhat/openssh.spec deleted file mode 100644 index b747009..0000000 --- a/crypto/openssh/contrib/redhat/openssh.spec +++ /dev/null @@ -1,804 +0,0 @@ -%define ver 3.8.1p1 -%define rel 1 - -# OpenSSH privilege separation requires a user & group ID -%define sshd_uid 74 -%define sshd_gid 74 - -# Version of ssh-askpass -%define aversion 1.2.4.1 - -# Do we want to disable building of x11-askpass? (1=yes 0=no) -%define no_x11_askpass 0 - -# Do we want to disable building of gnome-askpass? (1=yes 0=no) -%define no_gnome_askpass 0 - -# Do we want to link against a static libcrypto? (1=yes 0=no) -%define static_libcrypto 0 - -# Do we want smartcard support (1=yes 0=no) -%define scard 0 - -# Use GTK2 instead of GNOME in gnome-ssh-askpass -%define gtk2 1 - -# Is this build for RHL 6.x? -%define build6x 0 - -# Do we want kerberos5 support (1=yes 0=no) -%define kerberos5 1 - -# Reserve options to override askpass settings with: -# rpm -ba|--rebuild --define 'skip_xxx 1' -%{?skip_x11_askpass:%define no_x11_askpass 1} -%{?skip_gnome_askpass:%define no_gnome_askpass 1} - -# Add option to build without GTK2 for older platforms with only GTK+. -# RedHat <= 7.2 and Red Hat Advanced Server 2.1 are examples. -# rpm -ba|--rebuild --define 'no_gtk2 1' -%{?no_gtk2:%define gtk2 0} - -# Is this a build for RHL 6.x or earlier? -%{?build_6x:%define build6x 1} - -# If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc. -%if %{build6x} -%define _sysconfdir /etc -%endif - -# Options for static OpenSSL link: -# rpm -ba|--rebuild --define "static_openssl 1" -%{?static_openssl:%define static_libcrypto 1} - -# Options for Smartcard support: (needs libsectok and openssl-engine) -# rpm -ba|--rebuild --define "smartcard 1" -%{?smartcard:%define scard 1} - -# Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no) -%define rescue 0 -%{?build_rescue:%define rescue 1} - -# Turn off some stuff for resuce builds -%if %{rescue} -%define kerberos5 0 -%endif - -Summary: The OpenSSH implementation of SSH protocol versions 1 and 2. -Name: openssh -Version: %{ver} -%if %{rescue} -Release: %{rel}rescue -%else -Release: %{rel} -%endif -URL: http://www.openssh.com/portable.html -Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz -Source1: http://www.pobox.com/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz -License: BSD -Group: Applications/Internet -BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot -Obsoletes: ssh -%if %{build6x} -PreReq: initscripts >= 5.00 -%else -PreReq: initscripts >= 5.20 -%endif -BuildPreReq: perl, openssl-devel, tcp_wrappers -BuildPreReq: /bin/login -%if ! %{build6x} -BuildPreReq: glibc-devel, pam -%else -BuildPreReq: /usr/include/security/pam_appl.h -%endif -%if ! %{no_x11_askpass} -BuildPreReq: XFree86-devel -%endif -%if ! %{no_gnome_askpass} -BuildPreReq: pkgconfig -%endif -%if %{kerberos5} -BuildPreReq: krb5-devel -BuildPreReq: krb5-libs -%endif - -%package clients -Summary: OpenSSH clients. -Requires: openssh = %{version}-%{release} -Group: Applications/Internet -Obsoletes: ssh-clients - -%package server -Summary: The OpenSSH server daemon. -Group: System Environment/Daemons -Obsoletes: ssh-server -PreReq: openssh = %{version}-%{release}, chkconfig >= 0.9 -%if ! %{build6x} -Requires: /etc/pam.d/system-auth -%endif - -%package askpass -Summary: A passphrase dialog for OpenSSH and X. -Group: Applications/Internet -Requires: openssh = %{version}-%{release} -Obsoletes: ssh-extras - -%package askpass-gnome -Summary: A passphrase dialog for OpenSSH, X, and GNOME. -Group: Applications/Internet -Requires: openssh = %{version}-%{release} -Obsoletes: ssh-extras - -%description -SSH (Secure SHell) is a program for logging into and executing -commands on a remote machine. SSH is intended to replace rlogin and -rsh, and to provide secure encrypted communications between two -untrusted hosts over an insecure network. X11 connections and -arbitrary TCP/IP ports can also be forwarded over the secure channel. - -OpenSSH is OpenBSD's version of the last free version of SSH, bringing -it up to date in terms of security and features, as well as removing -all patented algorithms to separate libraries. - -This package includes the core files necessary for both the OpenSSH -client and server. To make this package useful, you should also -install openssh-clients, openssh-server, or both. - -%description clients -OpenSSH is a free version of SSH (Secure SHell), a program for logging -into and executing commands on a remote machine. This package includes -the clients necessary to make encrypted connections to SSH servers. -You'll also need to install the openssh package on OpenSSH clients. - -%description server -OpenSSH is a free version of SSH (Secure SHell), a program for logging -into and executing commands on a remote machine. This package contains -the secure shell daemon (sshd). The sshd daemon allows SSH clients to -securely connect to your SSH server. You also need to have the openssh -package installed. - -%description askpass -OpenSSH is a free version of SSH (Secure SHell), a program for logging -into and executing commands on a remote machine. This package contains -an X11 passphrase dialog for OpenSSH. - -%description askpass-gnome -OpenSSH is a free version of SSH (Secure SHell), a program for logging -into and executing commands on a remote machine. This package contains -an X11 passphrase dialog for OpenSSH and the GNOME GUI desktop -environment. - -%prep - -%if ! %{no_x11_askpass} -%setup -q -a 1 -%else -%setup -q -%endif - -%build -%if %{rescue} -CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS -%endif - -%if %{kerberos5} -K5DIR=`rpm -ql krb5-devel | grep include/krb5.h | sed 's,\/include\/krb5.h,,'` -echo K5DIR=$K5DIR -%endif - -%configure \ - --sysconfdir=%{_sysconfdir}/ssh \ - --libexecdir=%{_libexecdir}/openssh \ - --datadir=%{_datadir}/openssh \ - --with-tcp-wrappers \ - --with-rsh=%{_bindir}/rsh \ - --with-default-path=/usr/local/bin:/bin:/usr/bin \ - --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \ - --with-privsep-path=%{_var}/empty/sshd \ - --with-md5-passwords \ -%if %{scard} - --with-smartcard \ -%endif -%if %{rescue} - --without-pam \ -%else - --with-pam \ -%endif -%if %{kerberos5} - --with-kerberos5=$K5DIR \ -%endif - - -%if %{static_libcrypto} -perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile -%endif - -make - -%if ! %{no_x11_askpass} -pushd x11-ssh-askpass-%{aversion} -%configure --libexecdir=%{_libexecdir}/openssh -xmkmf -a -make -popd -%endif - -# Define a variable to toggle gnome1/gtk2 building. This is necessary -# because RPM doesn't handle nested %if statements. -%if %{gtk2} - gtk2=yes -%else - gtk2=no -%endif - -%if ! %{no_gnome_askpass} -pushd contrib -if [ $gtk2 = yes ] ; then - make gnome-ssh-askpass2 - mv gnome-ssh-askpass2 gnome-ssh-askpass -else - make gnome-ssh-askpass1 - mv gnome-ssh-askpass1 gnome-ssh-askpass -fi -popd -%endif - -%install -rm -rf $RPM_BUILD_ROOT -mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh -mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh -mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd - -make install DESTDIR=$RPM_BUILD_ROOT - -install -d $RPM_BUILD_ROOT/etc/pam.d/ -install -d $RPM_BUILD_ROOT/etc/rc.d/init.d -install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh -%if %{build6x} -install -m644 contrib/redhat/sshd.pam.old $RPM_BUILD_ROOT/etc/pam.d/sshd -%else -install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd -%endif -install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd - -%if ! %{no_x11_askpass} -install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass -ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass -%endif - -%if ! %{no_gnome_askpass} -install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass -%endif - -%if ! %{scard} - rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin -%endif - -%if ! %{no_gnome_askpass} -install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ -install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ -install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ -%endif - -perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/* - -%clean -rm -rf $RPM_BUILD_ROOT - -%triggerun server -- ssh-server -if [ "$1" != 0 -a -r /var/run/sshd.pid ] ; then - touch /var/run/sshd.restart -fi - -%triggerun server -- openssh-server < 2.5.0p1 -# Count the number of HostKey and HostDsaKey statements we have. -gawk 'BEGIN {IGNORECASE=1} - /^hostkey/ || /^hostdsakey/ {sawhostkey = sawhostkey + 1} - END {exit sawhostkey}' /etc/ssh/sshd_config -# And if we only found one, we know the client was relying on the old default -# behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasn't -# specified. Now that HostKey is used for both SSH1 and SSH2 keys, specifying -# one nullifies the default, which would have loaded both. -if [ $? -eq 1 ] ; then - echo HostKey /etc/ssh/ssh_host_rsa_key >> /etc/ssh/sshd_config - echo HostKey /etc/ssh/ssh_host_dsa_key >> /etc/ssh/sshd_config -fi - -%triggerpostun server -- ssh-server -if [ "$1" != 0 ] ; then - /sbin/chkconfig --add sshd - if test -f /var/run/sshd.restart ; then - rm -f /var/run/sshd.restart - /sbin/service sshd start > /dev/null 2>&1 || : - fi -fi - -%pre server -%{_sbindir}/groupadd -r -g %{sshd_gid} sshd 2>/dev/null || : -%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \ - -g sshd -M -r sshd 2>/dev/null || : - -%post server -/sbin/chkconfig --add sshd - -%postun server -/sbin/service sshd condrestart > /dev/null 2>&1 || : - -%preun server -if [ "$1" = 0 ] -then - /sbin/service sshd stop > /dev/null 2>&1 || : - /sbin/chkconfig --del sshd -fi - -%files -%defattr(-,root,root) -%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* RFC* TODO WARNING* -%attr(0755,root,root) %{_bindir}/scp -%attr(0644,root,root) %{_mandir}/man1/scp.1* -%attr(0755,root,root) %dir %{_sysconfdir}/ssh -%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli -%if ! %{rescue} -%attr(0755,root,root) %{_bindir}/ssh-keygen -%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1* -%attr(0755,root,root) %dir %{_libexecdir}/openssh -%attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign -%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8* -%endif -%if %{scard} -%attr(0755,root,root) %dir %{_datadir}/openssh -%attr(0644,root,root) %{_datadir}/openssh/Ssh.bin -%endif - -%files clients -%defattr(-,root,root) -%attr(0755,root,root) %{_bindir}/ssh -%attr(0644,root,root) %{_mandir}/man1/ssh.1* -%attr(0644,root,root) %{_mandir}/man5/ssh_config.5* -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config -%attr(-,root,root) %{_bindir}/slogin -%attr(-,root,root) %{_mandir}/man1/slogin.1* -%if ! %{rescue} -%attr(2755,root,nobody) %{_bindir}/ssh-agent -%attr(0755,root,root) %{_bindir}/ssh-add -%attr(0755,root,root) %{_bindir}/ssh-keyscan -%attr(0755,root,root) %{_bindir}/sftp -%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1* -%attr(0644,root,root) %{_mandir}/man1/ssh-add.1* -%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1* -%attr(0644,root,root) %{_mandir}/man1/sftp.1* -%endif - -%if ! %{rescue} -%files server -%defattr(-,root,root) -%dir %attr(0111,root,root) %{_var}/empty/sshd -%attr(0755,root,root) %{_sbindir}/sshd -%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server -%attr(0644,root,root) %{_mandir}/man8/sshd.8* -%attr(0644,root,root) %{_mandir}/man5/sshd_config.5* -%attr(0644,root,root) %{_mandir}/man8/sftp-server.8* -%attr(0755,root,root) %dir %{_sysconfdir}/ssh -%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config -%attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd -%attr(0755,root,root) %config /etc/rc.d/init.d/sshd -%endif - -%if ! %{no_x11_askpass} -%files askpass -%defattr(-,root,root) -%doc x11-ssh-askpass-%{aversion}/README -%doc x11-ssh-askpass-%{aversion}/ChangeLog -%doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad -%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass -%attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass -%endif - -%if ! %{no_gnome_askpass} -%files askpass-gnome -%defattr(-,root,root) -%attr(0755,root,root) %config %{_sysconfdir}/profile.d/gnome-ssh-askpass.* -%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass -%endif - -%changelog -* Mon Jun 2 2003 Damien Miller <djm@mindrot.org> -- Remove noip6 option. This may be controlled at run-time in client config - file using new AddressFamily directive - -* Mon May 12 2003 Damien Miller <djm@mindrot.org> -- Don't install profile.d scripts when not building with GNOME/GTK askpass - (patch from bet@rahul.net) - -* Wed Oct 01 2002 Damien Miller <djm@mindrot.org> -- Install ssh-agent setgid nobody to prevent ptrace() key theft attacks - -* Mon Sep 30 2002 Damien Miller <djm@mindrot.org> -- Use contrib/ Makefile for building askpass programs - -* Fri Jun 21 2002 Damien Miller <djm@mindrot.org> -- Merge in spec changes from seba@iq.pl (Sebastian Pachuta) -- Add new {ssh,sshd}_config.5 manpages -- Add new ssh-keysign program and remove setuid from ssh client - -* Fri May 10 2002 Damien Miller <djm@mindrot.org> -- Merge in spec changes from RedHat, reorgansie a little -- Add Privsep user, group and directory - -* Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2 -- bump and grind (through the build system) - -* Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-1 -- require sharutils for building (mindrot #137) -- require db1-devel only when building for 6.x (#55105), which probably won't - work anyway (3.1 requires OpenSSL 0.9.6 to build), but what the heck -- require pam-devel by file (not by package name) again -- add Markus's patch to compile with OpenSSL 0.9.5a (from - http://bugzilla.mindrot.org/show_bug.cgi?id=141) and apply it if we're - building for 6.x - -* Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-0 -- update to 3.1p1 - -* Tue Mar 5 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020305 -- update to SNAP-20020305 -- drop debug patch, fixed upstream - -* Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020220 -- update to SNAP-20020220 for testing purposes (you've been warned, if there's - anything to be warned about, gss patches won't apply, I don't mind) - -* Wed Feb 13 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-3 -- add patches from Simon Wilkinson and Nicolas Williams for GSSAPI key - exchange, authentication, and named key support - -* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-2 -- remove dependency on db1-devel, which has just been swallowed up whole - by gnome-libs-devel - -* Sun Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com> -- adjust build dependencies so that build6x actually works right (fix - from Hugo van der Kooij) - -* Tue Dec 4 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-1 -- update to 3.0.2p1 - -* Fri Nov 16 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.1p1-1 -- update to 3.0.1p1 - -* Tue Nov 13 2001 Nalin Dahyabhai <nalin@redhat.com> -- update to current CVS (not for use in distribution) - -* Thu Nov 8 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0p1-1 -- merge some of Damien Miller <djm@mindrot.org> changes from the upstream - 3.0p1 spec file and init script - -* Wed Nov 7 2001 Nalin Dahyabhai <nalin@redhat.com> -- update to 3.0p1 -- update to x11-ssh-askpass 1.2.4.1 -- change build dependency on a file from pam-devel to the pam-devel package -- replace primes with moduli - -* Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-9 -- incorporate fix from Markus Friedl's advisory for IP-based authorization bugs - -* Thu Sep 13 2001 Bernhard Rosenkraenzer <bero@redhat.com> 2.9p2-8 -- Merge changes to rescue build from current sysadmin survival cd - -* Thu Sep 6 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-7 -- fix scp's server's reporting of file sizes, and build with the proper - preprocessor define to get large-file capable open(), stat(), etc. - (sftp has been doing this correctly all along) (#51827) -- configure without --with-ipv4-default on RHL 7.x and newer (#45987,#52247) -- pull cvs patch to fix support for /etc/nologin for non-PAM logins (#47298) -- mark profile.d scriptlets as config files (#42337) -- refer to Jason Stone's mail for zsh workaround for exit-hanging quasi-bug -- change a couple of log() statements to debug() statements (#50751) -- pull cvs patch to add -t flag to sshd (#28611) -- clear fd_sets correctly (one bit per FD, not one byte per FD) (#43221) - -* Mon Aug 20 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-6 -- add db1-devel as a BuildPrerequisite (noted by Hans Ecke) - -* Thu Aug 16 2001 Nalin Dahyabhai <nalin@redhat.com> -- pull cvs patch to fix remote port forwarding with protocol 2 - -* Thu Aug 9 2001 Nalin Dahyabhai <nalin@redhat.com> -- pull cvs patch to add session initialization to no-pty sessions -- pull cvs patch to not cut off challengeresponse auth needlessly -- refuse to do X11 forwarding if xauth isn't there, handy if you enable - it by default on a system that doesn't have X installed (#49263) - -* Wed Aug 8 2001 Nalin Dahyabhai <nalin@redhat.com> -- don't apply patches to code we don't intend to build (spotted by Matt Galgoci) - -* Mon Aug 6 2001 Nalin Dahyabhai <nalin@redhat.com> -- pass OPTIONS correctly to initlog (#50151) - -* Wed Jul 25 2001 Nalin Dahyabhai <nalin@redhat.com> -- switch to x11-ssh-askpass 1.2.2 - -* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com> -- rebuild in new environment - -* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com> -- disable the gssapi patch - -* Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com> -- update to 2.9p2 -- refresh to a new version of the gssapi patch - -* Thu Jun 7 2001 Nalin Dahyabhai <nalin@redhat.com> -- change Copyright: BSD to License: BSD -- add Markus Friedl's unverified patch for the cookie file deletion problem - so that we can verify it -- drop patch to check if xauth is present (was folded into cookie patch) -- don't apply gssapi patches for the errata candidate -- clear supplemental groups list at startup - -* Fri May 25 2001 Nalin Dahyabhai <nalin@redhat.com> -- fix an error parsing the new default sshd_config -- add a fix from Markus Friedl (via openssh-unix-dev) for ssh-keygen not - dealing with comments right - -* Thu May 24 2001 Nalin Dahyabhai <nalin@redhat.com> -- add in Simon Wilkinson's GSSAPI patch to give it some testing in-house, - to be removed before the next beta cycle because it's a big departure - from the upstream version - -* Thu May 3 2001 Nalin Dahyabhai <nalin@redhat.com> -- finish marking strings in the init script for translation -- modify init script to source /etc/sysconfig/sshd and pass $OPTIONS to sshd - at startup (change merged from openssh.com init script, originally by - Pekka Savola) -- refuse to do X11 forwarding if xauth isn't there, handy if you enable - it by default on a system that doesn't have X installed - -* Wed May 2 2001 Nalin Dahyabhai <nalin@redhat.com> -- update to 2.9 -- drop various patches that came from or went upstream or to or from CVS - -* Wed Apr 18 2001 Nalin Dahyabhai <nalin@redhat.com> -- only require initscripts 5.00 on 6.2 (reported by Peter Bieringer) - -* Sun Apr 8 2001 Preston Brown <pbrown@redhat.com> -- remove explicit openssl requirement, fixes builddistro issue -- make initscript stop() function wait until sshd really dead to avoid - races in condrestart - -* Mon Apr 2 2001 Nalin Dahyabhai <nalin@redhat.com> -- mention that challengereponse supports PAM, so disabling password doesn't - limit users to pubkey and rsa auth (#34378) -- bypass the daemon() function in the init script and call initlog directly, - because daemon() won't start a daemon it detects is already running (like - open connections) -- require the version of openssl we had when we were built - -* Fri Mar 23 2001 Nalin Dahyabhai <nalin@redhat.com> -- make do_pam_setcred() smart enough to know when to establish creds and - when to reinitialize them -- add in a couple of other fixes from Damien for inclusion in the errata - -* Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com> -- update to 2.5.2p2 -- call setcred() again after initgroups, because the "creds" could actually - be group memberships - -* Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com> -- update to 2.5.2p1 (includes endianness fixes in the rijndael implementation) -- don't enable challenge-response by default until we find a way to not - have too many userauth requests (we may make up to six pubkey and up to - three password attempts as it is) -- remove build dependency on rsh to match openssh.com's packages more closely - -* Sat Mar 3 2001 Nalin Dahyabhai <nalin@redhat.com> -- remove dependency on openssl -- would need to be too precise - -* Fri Mar 2 2001 Nalin Dahyabhai <nalin@redhat.com> -- rebuild in new environment - -* Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com> -- Revert the patch to move pam_open_session. -- Init script and spec file changes from Pekka Savola. (#28750) -- Patch sftp to recognize '-o protocol' arguments. (#29540) - -* Thu Feb 22 2001 Nalin Dahyabhai <nalin@redhat.com> -- Chuck the closing patch. -- Add a trigger to add host keys for protocol 2 to the config file, now that - configuration file syntax requires us to specify it with HostKey if we - specify any other HostKey values, which we do. - -* Tue Feb 20 2001 Nalin Dahyabhai <nalin@redhat.com> -- Redo patch to move pam_open_session after the server setuid()s to the user. -- Rework the nopam patch to use be picked up by autoconf. - -* Mon Feb 19 2001 Nalin Dahyabhai <nalin@redhat.com> -- Update for 2.5.1p1. -- Add init script mods from Pekka Savola. -- Tweak the init script to match the CVS contrib script more closely. -- Redo patch to ssh-add to try to adding both identity and id_dsa to also try - adding id_rsa. - -* Fri Feb 16 2001 Nalin Dahyabhai <nalin@redhat.com> -- Update for 2.5.0p1. -- Use $RPM_OPT_FLAGS instead of -O when building gnome-ssh-askpass -- Resync with parts of Damien Miller's openssh.spec from CVS, including - update of x11 askpass to 1.2.0. -- Only require openssl (don't prereq) because we generate keys in the init - script now. - -* Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com> -- Don't open a PAM session until we've forked and become the user (#25690). -- Apply Andrew Bartlett's patch for letting pam_authenticate() know which - host the user is attempting a login from. -- Resync with parts of Damien Miller's openssh.spec from CVS. -- Don't expose KbdInt responses in debug messages (from CVS). -- Detect and handle errors in rsa_{public,private}_decrypt (from CVS). - -* Wed Feb 7 2001 Trond Eivind Glomsrxd <teg@redhat.com> -- i18n-tweak to initscript. - -* Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com> -- More gettextizing. -- Close all files after going into daemon mode (needs more testing). -- Extract patch from CVS to handle auth banners (in the client). -- Extract patch from CVS to handle compat weirdness. - -* Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com> -- Finish with the gettextizing. - -* Thu Jan 18 2001 Nalin Dahyabhai <nalin@redhat.com> -- Fix a bug in auth2-pam.c (#23877) -- Gettextize the init script. - -* Wed Dec 20 2000 Nalin Dahyabhai <nalin@redhat.com> -- Incorporate a switch for using PAM configs for 6.x, just in case. - -* Tue Dec 5 2000 Nalin Dahyabhai <nalin@redhat.com> -- Incorporate Bero's changes for a build specifically for rescue CDs. - -* Wed Nov 29 2000 Nalin Dahyabhai <nalin@redhat.com> -- Don't treat pam_setcred() failure as fatal unless pam_authenticate() has - succeeded, to allow public-key authentication after a failure with "none" - authentication. (#21268) - -* Tue Nov 28 2000 Nalin Dahyabhai <nalin@redhat.com> -- Update to x11-askpass 1.1.1. (#21301) -- Don't second-guess fixpaths, which causes paths to get fixed twice. (#21290) - -* Mon Nov 27 2000 Nalin Dahyabhai <nalin@redhat.com> -- Merge multiple PAM text messages into subsequent prompts when possible when - doing keyboard-interactive authentication. - -* Sun Nov 26 2000 Nalin Dahyabhai <nalin@redhat.com> -- Disable the built-in MD5 password support. We're using PAM. -- Take a crack at doing keyboard-interactive authentication with PAM, and - enable use of it in the default client configuration so that the client - will try it when the server disallows password authentication. -- Build with debugging flags. Build root policies strip all binaries anyway. - -* Tue Nov 21 2000 Nalin Dahyabhai <nalin@redhat.com> -- Use DESTDIR instead of %%makeinstall. -- Remove /usr/X11R6/bin from the path-fixing patch. - -* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com> -- Add the primes file from the latest snapshot to the main package (#20884). -- Add the dev package to the prereq list (#19984). -- Remove the default path and mimic login's behavior in the server itself. - -* Fri Nov 17 2000 Nalin Dahyabhai <nalin@redhat.com> -- Resync with conditional options in Damien Miller's .spec file for an errata. -- Change libexecdir from %%{_libexecdir}/ssh to %%{_libexecdir}/openssh. - -* Tue Nov 7 2000 Nalin Dahyabhai <nalin@redhat.com> -- Update to OpenSSH 2.3.0p1. -- Update to x11-askpass 1.1.0. -- Enable keyboard-interactive authentication. - -* Mon Oct 30 2000 Nalin Dahyabhai <nalin@redhat.com> -- Update to ssh-askpass-x11 1.0.3. -- Change authentication related messages to be private (#19966). - -* Tue Oct 10 2000 Nalin Dahyabhai <nalin@redhat.com> -- Patch ssh-keygen to be able to list signatures for DSA public key files - it generates. - -* Thu Oct 5 2000 Nalin Dahyabhai <nalin@redhat.com> -- Add BuildPreReq on /usr/include/security/pam_appl.h to be sure we always - build PAM authentication in. -- Try setting SSH_ASKPASS if gnome-ssh-askpass is installed. -- Clean out no-longer-used patches. -- Patch ssh-add to try to add both identity and id_dsa, and to error only - when neither exists. - -* Mon Oct 2 2000 Nalin Dahyabhai <nalin@redhat.com> -- Update x11-askpass to 1.0.2. (#17835) -- Add BuildPreReqs for /bin/login and /usr/bin/rsh so that configure will - always find them in the right place. (#17909) -- Set the default path to be the same as the one supplied by /bin/login, but - add /usr/X11R6/bin. (#17909) -- Try to handle obsoletion of ssh-server more cleanly. Package names - are different, but init script name isn't. (#17865) - -* Wed Sep 6 2000 Nalin Dahyabhai <nalin@redhat.com> -- Update to 2.2.0p1. (#17835) -- Tweak the init script to allow proper restarting. (#18023) - -* Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com> -- Update to 20000823 snapshot. -- Change subpackage requirements from %%{version} to %%{version}-%%{release} -- Back out the pipe patch. - -* Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com> -- Update to 2.1.1p4, which includes fixes for config file parsing problems. -- Move the init script back. -- Add Damien's quick fix for wackiness. - -* Wed Jul 12 2000 Nalin Dahyabhai <nalin@redhat.com> -- Update to 2.1.1p3, which includes fixes for X11 forwarding and strtok(). - -* Thu Jul 6 2000 Nalin Dahyabhai <nalin@redhat.com> -- Move condrestart to server postun. -- Move key generation to init script. -- Actually use the right patch for moving the key generation to the init script. -- Clean up the init script a bit. - -* Wed Jul 5 2000 Nalin Dahyabhai <nalin@redhat.com> -- Fix X11 forwarding, from mail post by Chan Shih-Ping Richard. - -* Sun Jul 2 2000 Nalin Dahyabhai <nalin@redhat.com> -- Update to 2.1.1p2. -- Use of strtok() considered harmful. - -* Sat Jul 1 2000 Nalin Dahyabhai <nalin@redhat.com> -- Get the build root out of the man pages. - -* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com> -- Add and use condrestart support in the init script. -- Add newer initscripts as a prereq. - -* Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com> -- Build in new environment (release 2) -- Move -clients subpackage to Applications/Internet group - -* Fri Jun 9 2000 Nalin Dahyabhai <nalin@redhat.com> -- Update to 2.2.1p1 - -* Sat Jun 3 2000 Nalin Dahyabhai <nalin@redhat.com> -- Patch to build with neither RSA nor RSAref. -- Miscellaneous FHS-compliance tweaks. -- Fix for possibly-compressed man pages. - -* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au> -- Updated for new location -- Updated for new gnome-ssh-askpass build - -* Sun Dec 26 1999 Damien Miller <djm@mindrot.org> -- Added Jim Knoble's <jmknoble@pobox.com> askpass - -* Mon Nov 15 1999 Damien Miller <djm@mindrot.org> -- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com> - -* Sat Nov 13 1999 Damien Miller <djm@mindrot.org> -- Added 'Obsoletes' directives - -* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au> -- Use make install -- Subpackages - -* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au> -- Added links for slogin -- Fixed perms on manpages - -* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au> -- Renamed init script - -* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au> -- Back to old binary names - -* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au> -- Use autoconf -- New binary names - -* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au> -- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec. diff --git a/crypto/openssh/contrib/redhat/sshd.init b/crypto/openssh/contrib/redhat/sshd.init deleted file mode 100755 index 4ee8630..0000000 --- a/crypto/openssh/contrib/redhat/sshd.init +++ /dev/null @@ -1,154 +0,0 @@ -#!/bin/bash -# -# Init file for OpenSSH server daemon -# -# chkconfig: 2345 55 25 -# description: OpenSSH server daemon -# -# processname: sshd -# config: /etc/ssh/ssh_host_key -# config: /etc/ssh/ssh_host_key.pub -# config: /etc/ssh/ssh_random_seed -# config: /etc/ssh/sshd_config -# pidfile: /var/run/sshd.pid - -# source function library -. /etc/rc.d/init.d/functions - -# pull in sysconfig settings -[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd - -RETVAL=0 -prog="sshd" - -# Some functions to make the below more readable -KEYGEN=/usr/bin/ssh-keygen -SSHD=/usr/sbin/sshd -RSA1_KEY=/etc/ssh/ssh_host_key -RSA_KEY=/etc/ssh/ssh_host_rsa_key -DSA_KEY=/etc/ssh/ssh_host_dsa_key -PID_FILE=/var/run/sshd.pid - -do_rsa1_keygen() { - if [ ! -s $RSA1_KEY ]; then - echo -n $"Generating SSH1 RSA host key: " - if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then - chmod 600 $RSA1_KEY - chmod 644 $RSA1_KEY.pub - success $"RSA1 key generation" - echo - else - failure $"RSA1 key generation" - echo - exit 1 - fi - fi -} - -do_rsa_keygen() { - if [ ! -s $RSA_KEY ]; then - echo -n $"Generating SSH2 RSA host key: " - if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then - chmod 600 $RSA_KEY - chmod 644 $RSA_KEY.pub - success $"RSA key generation" - echo - else - failure $"RSA key generation" - echo - exit 1 - fi - fi -} - -do_dsa_keygen() { - if [ ! -s $DSA_KEY ]; then - echo -n $"Generating SSH2 DSA host key: " - if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then - chmod 600 $DSA_KEY - chmod 644 $DSA_KEY.pub - success $"DSA key generation" - echo - else - failure $"DSA key generation" - echo - exit 1 - fi - fi -} - -do_restart_sanity_check() -{ - $SSHD -t - RETVAL=$? - if [ ! "$RETVAL" = 0 ]; then - failure $"Configuration file or keys are invalid" - echo - fi -} - -start() -{ - # Create keys if necessary - do_rsa1_keygen - do_rsa_keygen - do_dsa_keygen - - echo -n $"Starting $prog:" - initlog -c "$SSHD $OPTIONS" && success || failure - RETVAL=$? - [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd - echo -} - -stop() -{ - echo -n $"Stopping $prog:" - killproc $SSHD -TERM - RETVAL=$? - [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd - echo -} - -reload() -{ - echo -n $"Reloading $prog:" - killproc $SSHD -HUP - RETVAL=$? - echo -} - -case "$1" in - start) - start - ;; - stop) - stop - ;; - restart) - stop - start - ;; - reload) - reload - ;; - condrestart) - if [ -f /var/lock/subsys/sshd ] ; then - do_restart_sanity_check - if [ "$RETVAL" = 0 ] ; then - stop - # avoid race - sleep 3 - start - fi - fi - ;; - status) - status $SSHD - RETVAL=$? - ;; - *) - echo $"Usage: $0 {start|stop|restart|reload|condrestart|status}" - RETVAL=1 -esac -exit $RETVAL diff --git a/crypto/openssh/contrib/redhat/sshd.pam b/crypto/openssh/contrib/redhat/sshd.pam deleted file mode 100644 index 24f3b46..0000000 --- a/crypto/openssh/contrib/redhat/sshd.pam +++ /dev/null @@ -1,8 +0,0 @@ -#%PAM-1.0 -auth required pam_stack.so service=system-auth -auth required pam_nologin.so -account required pam_stack.so service=system-auth -password required pam_stack.so service=system-auth -session required pam_stack.so service=system-auth -session required pam_limits.so -session optional pam_console.so diff --git a/crypto/openssh/contrib/solaris/README b/crypto/openssh/contrib/solaris/README deleted file mode 100755 index eb4c590..0000000 --- a/crypto/openssh/contrib/solaris/README +++ /dev/null @@ -1,24 +0,0 @@ -The following is a new package build script for Solaris. This is being -introduced into OpenSSH 3.0 and above in hopes of simplifying the build -process. As of 3.1p2 the script should work on all platforms that have -SVR4 style package tools. - -The build process is called a 'dummy install'.. Which means the software does -a "make install-nokeys DESTDIR=[fakeroot]". This way all manpages should -be handled correctly and key are defered until the first time the sshd -is started. - -Directions: - -1. make -F Makefile.in distprep (Only if you are getting from the CVS tree) -2. ./configure --with-pam [..any other options you want..] -3. look at the top of contrib/solaris/buildpkg.sh for the configurable options. -4. ./contrib/solaris/buildpkg.sh - -If all goes well you should have a solaris package ready to be installed. - -If you have any problems with this script please post them to -openssh-unix-dev@mindrot.org and I will try to assist you as best as I can. - -- Ben Lindstrom - diff --git a/crypto/openssh/contrib/solaris/buildpkg.sh b/crypto/openssh/contrib/solaris/buildpkg.sh deleted file mode 100755 index 29d0963..0000000 --- a/crypto/openssh/contrib/solaris/buildpkg.sh +++ /dev/null @@ -1,386 +0,0 @@ -#!/bin/sh -# -# Fake Root Solaris/SVR4/SVR5 Build System - Prototype -# -# The following code has been provide under Public Domain License. I really -# don't care what you use it for. Just as long as you don't complain to me -# nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org) -# -umask 022 -# -# Options for building the package -# You can create a config.local with your customized options -# -# uncommenting TEST_DIR and using -# configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty -# and -# PKGNAME=tOpenSSH should allow testing a package without interfering -# with a real OpenSSH package on a system. This is not needed on systems -# that support the -R option to pkgadd. -#TEST_DIR=/var/tmp # leave commented out for production build -PKGNAME=OpenSSH -SYSVINIT_NAME=opensshd -MAKE=${MAKE:="make"} -SSHDUID=67 # Default privsep uid -SSHDGID=67 # Default privsep gid -# uncomment these next three as needed -#PERMIT_ROOT_LOGIN=no -#X11_FORWARDING=yes -#USR_LOCAL_IS_SYMLINK=yes -# list of system directories we do NOT want to change owner/group/perms -# when installing our package -SYSTEM_DIR="/etc \ -/etc/init.d \ -/etc/rcS.d \ -/etc/rc0.d \ -/etc/rc1.d \ -/etc/rc2.d \ -/etc/opt \ -/opt \ -/opt/bin \ -/usr \ -/usr/bin \ -/usr/lib \ -/usr/sbin \ -/usr/share \ -/usr/share/man \ -/usr/share/man/man1 \ -/usr/share/man/man8 \ -/usr/local \ -/usr/local/bin \ -/usr/local/etc \ -/usr/local/libexec \ -/usr/local/man \ -/usr/local/man/man1 \ -/usr/local/man/man8 \ -/usr/local/sbin \ -/usr/local/share \ -/var \ -/var/opt \ -/var/run \ -/var/tmp \ -/tmp" - -# We may need to build as root so we make sure PATH is set up -# only set the path if it's not set already -[ -d /usr/local/bin ] && { - echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1 - [ $? -ne 0 ] && PATH=$PATH:/usr/local/bin -} -[ -d /usr/ccs/bin ] && { - echo $PATH | grep ":/usr/ccs/bin" > /dev/null 2>&1 - [ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin -} -export PATH -# - -[ -f Makefile ] || { - echo "Please run this script from your build directory" - exit 1 -} - -# we will look for config.local to override the above options -[ -s ./config.local ] && . ./config.local - -## Start by faking root install -echo "Faking root install..." -START=`pwd` -OPENSSHD_IN=`dirname $0`/opensshd.in -FAKE_ROOT=$START/package -[ -d $FAKE_ROOT ] && rm -fr $FAKE_ROOT -mkdir $FAKE_ROOT -${MAKE} install-nokeys DESTDIR=$FAKE_ROOT -if [ $? -gt 0 ] -then - echo "Fake root install failed, stopping." - exit 1 -fi - -## Fill in some details, like prefix and sysconfdir -for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir -do - eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` -done - - -## Collect value of privsep user -for confvar in SSH_PRIVSEP_USER -do - eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h` -done - -## Set privsep defaults if not defined -if [ -z "$SSH_PRIVSEP_USER" ] -then - SSH_PRIVSEP_USER=sshd -fi - -## Extract common info requires for the 'info' part of the package. -VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'` - -UNAME_S=`uname -s` -case ${UNAME_S} in - SunOS) UNAME_S=Solaris - ARCH=`uname -p` - RCS_D=yes - DEF_MSG="(default: n)" - ;; - *) ARCH=`uname -m` - DEF_MSG="\n" ;; -esac - -## Setup our run level stuff while we are at it. -mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d - -## setup our initscript correctly -sed -e "s#%%configDir%%#${sysconfdir}#g" \ - -e "s#%%openSSHDir%%#$prefix#g" \ - -e "s#%%pidDir%%#${piddir}#g" \ - ${OPENSSHD_IN} > $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} -chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} - -[ "${PERMIT_ROOT_LOGIN}" = no ] && \ - perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \ - $FAKE_ROOT/${sysconfdir}/sshd_config -[ "${X11_FORWARDING}" = yes ] && \ - perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \ - $FAKE_ROOT/${sysconfdir}/sshd_config -# fix PrintMotd -perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \ - $FAKE_ROOT/${sysconfdir}/sshd_config - -# We don't want to overwrite config files on multiple installs -mv $FAKE_ROOT/${sysconfdir}/ssh_config $FAKE_ROOT/${sysconfdir}/ssh_config.default -mv $FAKE_ROOT/${sysconfdir}/sshd_config $FAKE_ROOT/${sysconfdir}/sshd_config.default -[ -f $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds ] && \ -mv $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds.default - -cd $FAKE_ROOT - -## Ok, this is outright wrong, but it will work. I'm tired of pkgmk -## whining. -for i in *; do - PROTO_ARGS="$PROTO_ARGS $i=/$i"; -done - -## Build info file -echo "Building pkginfo file..." -cat > pkginfo << _EOF -PKG=$PKGNAME -NAME="OpenSSH Portable for ${UNAME_S}" -DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh." -VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html" -ARCH=$ARCH -VERSION=$VERSION -CATEGORY="Security,application" -BASEDIR=/ -CLASSES="none" -_EOF - -## Build preinstall file -echo "Building preinstall file..." -cat > preinstall << _EOF -#! /sbin/sh -# -[ "\${PRE_INS_STOP}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop -exit 0 -_EOF - -## Build postinstall file -echo "Building postinstall file..." -cat > postinstall << _EOF -#! /sbin/sh -# -[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] || \\ - cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\ - \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config -[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\ - cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\ - \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config -[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && { - [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\ - cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\ - \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds -} - -# make rc?.d dirs only if we are doing a test install -[ -n "${TEST_DIR}" ] && { - [ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d - mkdir -p ${TEST_DIR}/etc/rc0.d - mkdir -p ${TEST_DIR}/etc/rc1.d - mkdir -p ${TEST_DIR}/etc/rc2.d -} - -if [ "\${USE_SYM_LINKS}" = yes ] -then - [ "$RCS_D" = yes ] && \ -installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s -else - [ "$RCS_D" = yes ] && \ -installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l -fi - -# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh) -[ -d $piddir ] || installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 755 root sys - -installf -f ${PKGNAME} - -# Use chroot to handle PKG_INSTALL_ROOT -if [ ! -z "\${PKG_INSTALL_ROOT}" ] -then - chroot="chroot \${PKG_INSTALL_ROOT}" -fi -# If this is a test build, we will skip the groupadd/useradd/passwd commands -if [ ! -z "${TEST_DIR}" ] -then - chroot=echo -fi - -if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null -then - echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user" - echo "or group." -else - echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." - - # create group if required - if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null - then - echo "PrivSep group $SSH_PRIVSEP_USER already exists." - else - # Use gid of 67 if possible - if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null - then - : - else - sshdgid="-g $SSHDGID" - fi - echo "Creating PrivSep group $SSH_PRIVSEP_USER." - \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER - fi - - # Create user if required - if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null - then - echo "PrivSep user $SSH_PRIVSEP_USER already exists." - else - # Use uid of 67 if possible - if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null - then - : - else - sshduid="-u $SSHDUID" - fi - echo "Creating PrivSep user $SSH_PRIVSEP_USER." - \$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER - \$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER - fi -fi - -[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start -exit 0 -_EOF - -## Build preremove file -echo "Building preremove file..." -cat > preremove << _EOF -#! /sbin/sh -# -${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop -exit 0 -_EOF - -## Build request file -echo "Building request file..." -cat > request << _EOF -trap 'exit 3' 15 -USE_SYM_LINKS=no -PRE_INS_STOP=no -POST_INS_START=no -# Use symbolic links? -ans=\`ckyorn -d n \ --p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` || exit \$? -case \$ans in - [y,Y]*) USE_SYM_LINKS=yes ;; -esac - -# determine if should restart the daemon -if [ -s ${piddir}/sshd.pid -a -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ] -then - ans=\`ckyorn -d n \ --p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$? - case \$ans in - [y,Y]*) PRE_INS_STOP=yes - POST_INS_START=yes - ;; - esac - -else - -# determine if we should start sshd - ans=\`ckyorn -d n \ --p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$? - case \$ans in - [y,Y]*) POST_INS_START=yes ;; - esac -fi - -# make parameters available to installation service, -# and so to any other packaging scripts -cat >\$1 <<! -USE_SYM_LINKS='\$USE_SYM_LINKS' -PRE_INS_STOP='\$PRE_INS_STOP' -POST_INS_START='\$POST_INS_START' -! -exit 0 - -_EOF - -## Build space file -echo "Building space file..." -cat > space << _EOF -# extra space required by start/stop links added by installf in postinstall -$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME} 0 1 -$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME} 0 1 -$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME} 0 1 -_EOF -[ "$RCS_D" = yes ] && \ -echo "$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME} 0 1" >> space - -## Next Build our prototype -echo "Building prototype file..." -cat >mk-proto.awk << _EOF - BEGIN { print "i pkginfo"; print "i preinstall"; \\ - print "i postinstall"; print "i preremove"; \\ - print "i request"; print "i space"; \\ - split("$SYSTEM_DIR",sys_files); } - { - for (dir in sys_files) { if ( \$3 != sys_files[dir] ) - { \$5="root"; \$6="sys"; } - else - { \$4="?"; \$5="?"; \$6="?"; break;} - } } - { print; } -_EOF -find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \ - pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype - -# /usr/local is a symlink on some systems -[ "${USR_LOCAL_IS_SYMLINK}" = yes ] && { - grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new - mv prototype.new prototype -} - -## Step back a directory and now build the package. -echo "Building package.." -cd .. -pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o -echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$UNAME_S-$ARCH-$VERSION.pkg -rm -rf $FAKE_ROOT - diff --git a/crypto/openssh/contrib/solaris/opensshd.in b/crypto/openssh/contrib/solaris/opensshd.in deleted file mode 100755 index 50e18de..0000000 --- a/crypto/openssh/contrib/solaris/opensshd.in +++ /dev/null @@ -1,82 +0,0 @@ -#!/sbin/sh -# Donated code that was put under PD license. -# -# Stripped PRNGd out of it for the time being. - -umask 022 - -CAT=/usr/bin/cat -KILL=/usr/bin/kill - -prefix=%%openSSHDir%% -etcdir=%%configDir%% -piddir=%%pidDir%% - -SSHD=$prefix/sbin/sshd -PIDFILE=$piddir/sshd.pid -SSH_KEYGEN=$prefix/bin/ssh-keygen -HOST_KEY_RSA1=$etcdir/ssh_host_key -HOST_KEY_DSA=$etcdir/ssh_host_dsa_key -HOST_KEY_RSA=$etcdir/ssh_host_rsa_key - - -checkkeys() { - if [ ! -f $HOST_KEY_RSA1 ]; then - ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N "" - fi - if [ ! -f $HOST_KEY_DSA ]; then - ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N "" - fi - if [ ! -f $HOST_KEY_RSA ]; then - ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N "" - fi -} - -stop_service() { - if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then - PID=`${CAT} ${PIDFILE}` - fi - if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then - ${KILL} ${PID} - else - echo "Unable to read PID file" - fi -} - -start_service() { - # XXX We really should check if the service is already going, but - # XXX we will opt out at this time. - Bal - - # Check to see if we have keys that need to be made - checkkeys - - # Start SSHD - echo "starting $SSHD... \c" ; $SSHD - - sshd_rc=$? - if [ $sshd_rc -ne 0 ]; then - echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing." - exit $sshd_rc - fi - echo done. -} - -case $1 in - -'start') - start_service - ;; - -'stop') - stop_service - ;; - -'restart') - stop_service - start_service - ;; - -*) - echo "$0: usage: $0 {start|stop|restart}" - ;; -esac diff --git a/crypto/openssh/contrib/ssh-copy-id b/crypto/openssh/contrib/ssh-copy-id deleted file mode 100644 index a1c0a92..0000000 --- a/crypto/openssh/contrib/ssh-copy-id +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/sh - -# Shell script to install your identity.pub on a remote machine -# Takes the remote machine name as an argument. -# Obviously, the remote machine must accept password authentication, -# or one of the other keys in your ssh-agent, for this to work. - -ID_FILE="${HOME}/.ssh/identity.pub" - -if [ "-i" = "$1" ]; then - shift - # check if we have 2 parameters left, if so the first is the new ID file - if [ -n "$2" ]; then - if expr "$1" : ".*\.pub" ; then - ID_FILE="$1" - else - ID_FILE="$1.pub" - fi - shift # and this should leave $1 as the target name - fi -else - if [ x$SSH_AUTH_SOCK != x ] ; then - GET_ID="$GET_ID ssh-add -L" - fi -fi - -if [ -z "`eval $GET_ID`" -a -r "${ID_FILE}" ] ; then - GET_ID="cat ${ID_FILE}" -fi - -if [ -z "`eval $GET_ID`" ]; then - echo "$0: ERROR: No identities found" >&2 - exit 1 -fi - -if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then - echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2 - exit 1 -fi - -{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1 - -cat <<EOF -Now try logging into the machine, with "ssh '$1'", and check in: - - .ssh/authorized_keys - -to make sure we haven't added extra keys that you weren't expecting. - -EOF diff --git a/crypto/openssh/contrib/ssh-copy-id.1 b/crypto/openssh/contrib/ssh-copy-id.1 deleted file mode 100644 index b331fa1..0000000 --- a/crypto/openssh/contrib/ssh-copy-id.1 +++ /dev/null @@ -1,67 +0,0 @@ -.ig \" -*- nroff -*- -Copyright (c) 1999 Philip Hands Computing <http://www.hands.com/> - -Permission is granted to make and distribute verbatim copies of -this manual provided the copyright notice and this permission notice -are preserved on all copies. - -Permission is granted to copy and distribute modified versions of this -manual under the conditions for verbatim copying, provided that the -entire resulting derived work is distributed under the terms of a -permission notice identical to this one. - -Permission is granted to copy and distribute translations of this -manual into another language, under the above conditions for modified -versions, except that this permission notice may be included in -translations approved by the Free Software Foundation instead of in -the original English. -.. -.TH SSH-COPY-ID 1 "14 November 1999" "OpenSSH" -.SH NAME -ssh-copy-id \- install your identity.pub in a remote machine's authorized_keys -.SH SYNOPSIS -.B ssh-copy-id [-i [identity_file]] -.I "[user@]machine" -.br -.SH DESCRIPTION -.BR ssh-copy-id -is a script that uses ssh to log into a remote machine (presumably -using a login password, so password authentication should be enabled, -unless you've done some clever use of multiple identities) -.PP -It also changes the permissions of the remote user's home, -.BR ~/.ssh , -and -.B ~/.ssh/authorized_keys -to remove group writability (which would otherwise prevent you from logging in, if the remote -.B sshd -has -.B StrictModes -set in its configuration). -.PP -If the -.B -i -option is given then the identity file (defaults to -.BR ~/.ssh/identity.pub ) -is used, regardless of whether there are any keys in your -.BR ssh-agent . -Otherwise, if this: -.PP -.B " ssh-add -L" -.PP -provides any output, it uses that in preference to the identity file. -.PP -If the -.B -i -option is used, or the -.B ssh-add -produced no output, then it uses the contents of the identity -file. Once it has one or more fingerprints (by whatever means) it -uses ssh to append them to -.B ~/.ssh/authorized_keys -on the remote machine (creating the file, and directory, if necessary) - -.SH "SEE ALSO" -.BR ssh (1), -.BR ssh-agent (1), -.BR sshd (8) diff --git a/crypto/openssh/contrib/sshd.pam.freebsd b/crypto/openssh/contrib/sshd.pam.freebsd deleted file mode 100644 index c0bc364..0000000 --- a/crypto/openssh/contrib/sshd.pam.freebsd +++ /dev/null @@ -1,5 +0,0 @@ -sshd auth required pam_unix.so try_first_pass -sshd account required pam_unix.so -sshd password required pam_permit.so -sshd session required pam_permit.so - diff --git a/crypto/openssh/contrib/sshd.pam.generic b/crypto/openssh/contrib/sshd.pam.generic deleted file mode 100644 index cf5af30..0000000 --- a/crypto/openssh/contrib/sshd.pam.generic +++ /dev/null @@ -1,8 +0,0 @@ -#%PAM-1.0 -auth required /lib/security/pam_unix.so shadow nodelay -auth required /lib/security/pam_nologin.so -account required /lib/security/pam_unix.so -password required /lib/security/pam_cracklib.so -password required /lib/security/pam_unix.so shadow nullok use_authtok -session required /lib/security/pam_unix.so -session required /lib/security/pam_limits.so diff --git a/crypto/openssh/contrib/suse/openssh.spec b/crypto/openssh/contrib/suse/openssh.spec deleted file mode 100644 index 2b43d03..0000000 --- a/crypto/openssh/contrib/suse/openssh.spec +++ /dev/null @@ -1,199 +0,0 @@ -Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation -Name: openssh -Version: 3.8.1p1 -URL: http://www.openssh.com/ -Release: 1 -Source0: openssh-%{version}.tar.gz -Copyright: BSD -Group: Applications/Internet -BuildRoot: /tmp/openssh-%{version}-buildroot -PreReq: openssl -Obsoletes: ssh -# -# (Build[ing] Prereq[uisites] only work for RPM 2.95 and newer.) -# building prerequisites -- stuff for -# OpenSSL (openssl-devel), -# TCP Wrappers (nkitb), -# and Gnome (glibdev, gtkdev, and gnlibsd) -# -BuildPrereq: openssl -BuildPrereq: nkitb -BuildPrereq: glibdev -BuildPrereq: gtkdev -BuildPrereq: gnlibsd - -%description -Ssh (Secure Shell) a program for logging into a remote machine and for -executing commands in a remote machine. It is intended to replace -rlogin and rsh, and provide secure encrypted communications between -two untrusted hosts over an insecure network. X11 connections and -arbitrary TCP/IP ports can also be forwarded over the secure channel. - -OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it -up to date in terms of security and features, as well as removing all -patented algorithms to seperate libraries (OpenSSL). - -This package includes all files necessary for both the OpenSSH -client and server. Additionally, this package contains the GNOME -passphrase dialog. - -%changelog -* Mon Jun 12 2000 Damien Miller <djm@mindrot.org> -- Glob manpages to catch compressed files -* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au> -- Updated for new location -- Updated for new gnome-ssh-askpass build -* Sun Dec 26 1999 Chris Saia <csaia@wtower.com> -- Made symlink to gnome-ssh-askpass called ssh-askpass -* Wed Nov 24 1999 Chris Saia <csaia@wtower.com> -- Removed patches that included /etc/pam.d/sshd, /sbin/init.d/rc.sshd, and - /var/adm/fillup-templates/rc.config.sshd, since Damien merged these into - his released tarfile -- Changed permissions on ssh_config in the install procedure to 644 from 600 - even though it was correct in the %files section and thus right in the RPMs -- Postinstall script for the server now only prints "Generating SSH host - key..." if we need to actually do this, in order to eliminate a confusing - message if an SSH host key is already in place -- Marked all manual pages as %doc(umentation) -* Mon Nov 22 1999 Chris Saia <csaia@wtower.com> -- Added flag to configure daemon with TCP Wrappers support -- Added building prerequisites (works in RPM 3.0 and newer) -* Thu Nov 18 1999 Chris Saia <csaia@wtower.com> -- Made this package correct for SuSE. -- Changed instances of pam_pwdb.so to pam_unix.so, since it works more properly - with SuSE, and lib_pwdb.so isn't installed by default. -* Mon Nov 15 1999 Damien Miller <djm@mindrot.org> -- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com> -* Sat Nov 13 1999 Damien Miller <djm@mindrot.org> -- Added 'Obsoletes' directives -* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au> -- Use make install -- Subpackages -* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au> -- Added links for slogin -- Fixed perms on manpages -* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au> -- Renamed init script -* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au> -- Back to old binary names -* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au> -- Use autoconf -- New binary names -* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au> -- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec. - -%prep - -%setup -q - -%build -CFLAGS="$RPM_OPT_FLAGS" \ -./configure --prefix=/usr \ - --sysconfdir=/etc/ssh \ - --datadir=/usr/share/openssh \ - --with-pam \ - --with-gnome-askpass \ - --with-tcp-wrappers \ - --with-ipv4-default \ - --libexecdir=/usr/lib/ssh -make - -cd contrib -gcc -O -g `gnome-config --cflags gnome gnomeui` \ - gnome-ssh-askpass.c -o gnome-ssh-askpass \ - `gnome-config --libs gnome gnomeui` -cd .. - -%install -rm -rf $RPM_BUILD_ROOT -make install DESTDIR=$RPM_BUILD_ROOT/ -install -d $RPM_BUILD_ROOT/etc/ssh/ -install -d $RPM_BUILD_ROOT/etc/pam.d/ -install -d $RPM_BUILD_ROOT/sbin/init.d/ -install -d $RPM_BUILD_ROOT/var/adm/fillup-templates -install -d $RPM_BUILD_ROOT/usr/lib/ssh -install -m644 contrib/sshd.pam.generic $RPM_BUILD_ROOT/etc/pam.d/sshd -install -m744 contrib/suse/rc.sshd $RPM_BUILD_ROOT/sbin/init.d/sshd -ln -s ../../sbin/init.d/sshd $RPM_BUILD_ROOT/usr/sbin/rcsshd -install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT/usr/lib/ssh/gnome-ssh-askpass -ln -s gnome-ssh-askpass $RPM_BUILD_ROOT/usr/lib/ssh/ssh-askpass -install -m744 contrib/suse/rc.config.sshd \ - $RPM_BUILD_ROOT/var/adm/fillup-templates - -%clean -rm -rf $RPM_BUILD_ROOT - -%post -if [ "$1" = 1 ]; then - echo "Creating SSH stop/start scripts in the rc directories..." - ln -s ../sshd /sbin/init.d/rc2.d/K20sshd - ln -s ../sshd /sbin/init.d/rc2.d/S20sshd - ln -s ../sshd /sbin/init.d/rc3.d/K20sshd - ln -s ../sshd /sbin/init.d/rc3.d/S20sshd -fi -echo "Updating /etc/rc.config..." -if [ -x /bin/fillup ] ; then - /bin/fillup -q -d = etc/rc.config var/adm/fillup-templates/rc.config.sshd -else - echo "ERROR: fillup not found. This should NOT happen in SuSE Linux." - echo "Update /etc/rc.config by hand from the following template file:" - echo " /var/adm/fillup-templates/rc.config.sshd" -fi -if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then - echo "Generating SSH host key..." - /usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' >&2 -fi -if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then - echo "Generating SSH DSA host key..." - /usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' >&2 -fi -if test -r /var/run/sshd.pid -then - echo "Restarting the running SSH daemon..." - /usr/sbin/rcsshd restart >&2 -fi - -%preun -if [ "$1" = 0 ] -then - echo "Stopping the SSH daemon..." - /usr/sbin/rcsshd stop >&2 - echo "Removing SSH stop/start scripts from the rc directories..." - rm /sbin/init.d/rc2.d/K20sshd - rm /sbin/init.d/rc2.d/S20sshd - rm /sbin/init.d/rc3.d/K20sshd - rm /sbin/init.d/rc3.d/S20sshd -fi - -%files -%defattr(-,root,root) -%doc ChangeLog OVERVIEW README* -%doc RFC.nroff TODO CREDITS LICENCE -%attr(0755,root,root) %dir /etc/ssh -%attr(0644,root,root) %config /etc/ssh/ssh_config -%attr(0600,root,root) %config /etc/ssh/sshd_config -%attr(0600,root,root) %config /etc/ssh/moduli -%attr(0644,root,root) %config /etc/pam.d/sshd -%attr(0755,root,root) %config /sbin/init.d/sshd -%attr(0755,root,root) /usr/bin/ssh-keygen -%attr(0755,root,root) /usr/bin/scp -%attr(4755,root,root) /usr/bin/ssh -%attr(-,root,root) /usr/bin/slogin -%attr(0755,root,root) /usr/bin/ssh-agent -%attr(0755,root,root) /usr/bin/ssh-add -%attr(0755,root,root) /usr/bin/ssh-keyscan -%attr(0755,root,root) /usr/bin/sftp -%attr(0755,root,root) /usr/sbin/sshd -%attr(-,root,root) /usr/sbin/rcsshd -%attr(0755,root,root) %dir /usr/lib/ssh -%attr(0755,root,root) /usr/lib/ssh/ssh-askpass -%attr(0755,root,root) /usr/lib/ssh/gnome-ssh-askpass -%attr(0644,root,root) %doc /usr/man/man1/scp.1* -%attr(0644,root,root) %doc /usr/man/man1/ssh.1* -%attr(-,root,root) %doc /usr/man/man1/slogin.1* -%attr(0644,root,root) %doc /usr/man/man1/ssh-agent.1* -%attr(0644,root,root) %doc /usr/man/man1/ssh-add.1* -%attr(0644,root,root) %doc /usr/man/man1/ssh-keygen.1* -%attr(0644,root,root) %doc /usr/man/man8/sshd.8* -%attr(0644,root,root) /var/adm/fillup-templates/rc.config.sshd - diff --git a/crypto/openssh/contrib/suse/rc.config.sshd b/crypto/openssh/contrib/suse/rc.config.sshd deleted file mode 100644 index baaa7a5..0000000 --- a/crypto/openssh/contrib/suse/rc.config.sshd +++ /dev/null @@ -1,5 +0,0 @@ -# -# Start the Secure Shell (SSH) Daemon? -# -START_SSHD="yes" - diff --git a/crypto/openssh/contrib/suse/rc.sshd b/crypto/openssh/contrib/suse/rc.sshd deleted file mode 100644 index f7d431e..0000000 --- a/crypto/openssh/contrib/suse/rc.sshd +++ /dev/null @@ -1,80 +0,0 @@ -#! /bin/sh -# Copyright (c) 1995-1998 SuSE GmbH Nuernberg, Germany. -# -# Author: Chris Saia <csaia@wtower.com> -# -# /sbin/init.d/sshd -# -# and symbolic its link -# -# /sbin/rcsshd -# - -. /etc/rc.config - -# Determine the base and follow a runlevel link name. -base=${0##*/} -link=${base#*[SK][0-9][0-9]} - -# Force execution if not called by a runlevel directory. -test $link = $base && START_SSHD=yes -test "$START_SSHD" = yes || exit 0 - -# The echo return value for success (defined in /etc/rc.config). -return=$rc_done -case "$1" in - start) - echo -n "Starting service sshd" - ## Start daemon with startproc(8). If this fails - ## the echo return value is set appropriate. - - startproc /usr/sbin/sshd || return=$rc_failed - - echo -e "$return" - ;; - stop) - echo -n "Stopping service sshd" - ## Stop daemon with killproc(8) and if this fails - ## set echo the echo return value. - - killproc -TERM /usr/sbin/sshd || return=$rc_failed - - echo -e "$return" - ;; - restart) - ## If first returns OK call the second, if first or - ## second command fails, set echo return value. - $0 stop && $0 start || return=$rc_failed - ;; - reload) - ## Choose ONE of the following two cases: - - ## First possibility: A few services accepts a signal - ## to reread the (changed) configuration. - - echo -n "Reload service sshd" - killproc -HUP /usr/sbin/sshd || return=$rc_failed - echo -e "$return" - ;; - status) - echo -n "Checking for service sshd" - ## Check status with checkproc(8), if process is running - ## checkproc will return with exit status 0. - - checkproc /usr/sbin/sshd && echo OK || echo No process - ;; - probe) - ## Optional: Probe for the necessity of a reload, - ## give out the argument which is required for a reload. - - test /etc/ssh/sshd_config -nt /var/run/sshd.pid && echo reload - ;; - *) - echo "Usage: $0 {start|stop|status|restart|reload[|probe]}" - exit 1 - ;; -esac - -# Inform the caller not only verbosely and set an exit status. -test "$return" = "$rc_done" || exit 1 -exit 0 |
