diff options
-rw-r--r-- | CREDITS | 27 | ||||
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | Makefile.in | 14 | ||||
-rw-r--r-- | README | 16 | ||||
-rwxr-xr-x | fixpaths | 47 | ||||
-rw-r--r-- | packages/redhat/openssh.spec | 6 | ||||
-rw-r--r-- | packages/suse/openssh.spec | 4 | ||||
-rw-r--r-- | scp.1.in (renamed from scp.1) | 2 | ||||
-rw-r--r-- | ssh-add.1.in (renamed from ssh-add.1) | 2 | ||||
-rw-r--r-- | ssh-agent.1.in (renamed from ssh-agent.1) | 0 | ||||
-rw-r--r-- | ssh-keygen.1.in (renamed from ssh-keygen.1) | 2 | ||||
-rw-r--r-- | ssh.1.in (renamed from ssh.1) | 28 | ||||
-rw-r--r-- | ssh_config.in (renamed from ssh_config) | 0 | ||||
-rw-r--r-- | sshd.8.in (renamed from sshd.8) | 36 | ||||
-rw-r--r-- | sshd_config.in (renamed from sshd_config) | 2 |
15 files changed, 133 insertions, 58 deletions
diff --git a/CREDITS b/CREDITS new file mode 100644 index 000000000..e505c5051 --- /dev/null +++ b/CREDITS | |||
@@ -0,0 +1,27 @@ | |||
1 | Tatu Ylonen <ylo@cs.hut.fi> - Creator of SSH | ||
2 | |||
3 | Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, | ||
4 | Theo de Raadt, and Dug Song - Creators of OpenSSH | ||
5 | |||
6 | Andre Lucas <andre.lucas@dial.pipex.com> - Many portability fixes | ||
7 | Ben Taylor <bent@clark.net> - Solaris debugging and fixes | ||
8 | Chip Salzenberg <chip@valinux.com> - Assorted patches | ||
9 | Chris Saia <csaia@wtower.com> - SuSE packaging | ||
10 | "Chris, the Young One" <cky@pobox.com> - Password auth fixes | ||
11 | Chun-Chung Chen <cjj@u.washington.edu> - RPM fixes | ||
12 | Dan Brosemer <odin@linuxfreak.com> - Autoconf support, build fixes | ||
13 | David Agraz <dagraz@jahoopa.com> - Build fixes | ||
14 | David Rankin <drankin@bohemians.lexington.ky.us> - libwrap fixes | ||
15 | Jani Hakala <jahakala@cc.jyu.fi> - Patches | ||
16 | Jim Knoble <jmknoble@pobox.com> - Many patches | ||
17 | 'jonchen' - the original author of PAM support of SSH | ||
18 | Juergen Keil <jk@tools.de> - scp bugfixing | ||
19 | Kees Cook <cook@cpoint.net> - scp fixes | ||
20 | Marc G. Fournier <marc.fournier@acadiau.ca> - Solaris patches | ||
21 | Nalin Dahyabhai <nalin.dahyabhai@pobox.com> - PAM environment patch | ||
22 | Niels Kristian Bech Jensen <nkbj@image.dk> - Assorted patches | ||
23 | Peter Kocks <peter.kocks@baygate.com> - Makefile fixes | ||
24 | Phil Hands <phil@hands.com> - Debian scripts, assorted patches | ||
25 | Thomas Neumann <tom@smart.ruhr.de> - Shadow passwords | ||
26 | Tor-Ake Fransson <torake@hotmail.com> - AIX support | ||
27 | Tudor Bosman <tudorb@jm.nu> - MD5 password support | ||
@@ -1,3 +1,8 @@ | |||
1 | 19991227 | ||
2 | - Automatically correct paths in manpages and configuration files. Patch | ||
3 | and script from Andre Lucas <andre.lucas@dial.pipex.com> | ||
4 | - Removed credits from README to CREDITS file, updated. | ||
5 | |||
1 | 19991226 | 6 | 19991226 |
2 | - Enabled utmpx support by default for Solaris | 7 | - Enabled utmpx support by default for Solaris |
3 | - Cleanup sshd.c PAM a little more | 8 | - Cleanup sshd.c PAM a little more |
diff --git a/Makefile.in b/Makefile.in index a13c55195..f4e3ff4eb 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -6,9 +6,14 @@ libexecdir=@libexecdir@ | |||
6 | mandir=@mandir@ | 6 | mandir=@mandir@ |
7 | sysconfdir=@sysconfdir@ | 7 | sysconfdir=@sysconfdir@ |
8 | 8 | ||
9 | srcdir = @srcdir@ | ||
10 | top_srcdir = @top_srcdir@ | ||
11 | VPATH=@srcdir@ | ||
12 | |||
9 | SSH_PROGRAM=@bindir@/ssh | 13 | SSH_PROGRAM=@bindir@/ssh |
10 | ASKPASS_LOCATION=@libexecdir@/ssh | 14 | ASKPASS_LOCATION=@libexecdir@/ssh |
11 | ASKPASS_PROGRAM=$(ASKPASS_LOCATION)/ssh-askpass | 15 | ASKPASS_PROGRAM=$(ASKPASS_LOCATION)/ssh-askpass |
16 | FIXPATHS=@top_srcdir@/fixpaths | ||
12 | 17 | ||
13 | CC=@CC@ | 18 | CC=@CC@ |
14 | PATHS=-DETCDIR=\"$(sysconfdir)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DSSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" | 19 | PATHS=-DETCDIR=\"$(sysconfdir)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DSSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" |
@@ -43,7 +48,7 @@ LIBOBJS= atomicio.o authfd.o authfile.o bsd-daemon.o bsd-mktemp.o \ | |||
43 | radix.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o \ | 48 | radix.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o \ |
44 | xmalloc.o | 49 | xmalloc.o |
45 | 50 | ||
46 | all: $(OBJS) $(TARGETS) | 51 | all: $(OBJS) $(TARGETS) manpages |
47 | 52 | ||
48 | $(OBJS): config.h | 53 | $(OBJS): config.h |
49 | 54 | ||
@@ -80,7 +85,12 @@ gnome-ssh-askpass: gnome-ssh-askpass.c | |||
80 | $(CC) $(CFLAGS) $(GNOME_CFLAGS) -o $@ gnome-ssh-askpass.c $(GNOME_LIBS) | 85 | $(CC) $(CFLAGS) $(GNOME_CFLAGS) -o $@ gnome-ssh-askpass.c $(GNOME_LIBS) |
81 | 86 | ||
82 | clean: | 87 | clean: |
83 | rm -f *.o core $(TARGETS) config.status config.cache config.log | 88 | rm -f $(OBJS) $(TARGETS) config.status config.cache config.log core \ |
89 | *.1 *.8 sshd_config ssh_config | ||
90 | |||
91 | manpages: | ||
92 | $(FIXPATHS) -Dsysconfdir=${sysconfdir} $(srcdir)/*.1.in $(srcdir)/*.8.in \ | ||
93 | $(srcdir)/ssh_config.in $(srcdir)/sshd_config.in | ||
84 | 94 | ||
85 | install: all | 95 | install: all |
86 | $(INSTALL) -d $(bindir) | 96 | $(INSTALL) -d $(bindir) |
@@ -50,22 +50,6 @@ Solaris support have already been included. | |||
50 | Damien Miller <djm@ibs.com.au> | 50 | Damien Miller <djm@ibs.com.au> |
51 | Internet Business Solutions | 51 | Internet Business Solutions |
52 | 52 | ||
53 | Credits - | ||
54 | |||
55 | Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, | ||
56 | Theo de Raadt, and Dug Song - Creators of OpenSSH | ||
57 | 'jonchen' - the original author of PAM support of SSH | ||
58 | Ben Taylor <bent@clark.net> - Solaris debugging and fixes | ||
59 | Chip Salzenberg <chip@valinux.com> - Assorted patches | ||
60 | Chris Saia <csaia@wtower.com> - SuSE packaging | ||
61 | Dan Brosemer <odin@linuxfreak.com> - Autoconf and build fixes & Debian scripts | ||
62 | Jim Knoble <jmknoble@pobox.com> - RPM spec file fixes | ||
63 | Marc G. Fournier <marc.fournier@acadiau.ca> - Solaris patches | ||
64 | Nalin Dahyabhai <nalin.dahyabhai@pobox.com> - PAM environment patch | ||
65 | Niels Kristian Bech Jensen <nkbj@image.dk> - Assorted patches | ||
66 | Phil Hands <phil@hands.com> - Debian scripts, assorted patches | ||
67 | Thomas Neumann <tom@smart.ruhr.de> - Shadow passwords | ||
68 | Tudor Bosman <tudorb@jm.nu> - MD5 password support | ||
69 | 53 | ||
70 | Miscellania - | 54 | Miscellania - |
71 | 55 | ||
diff --git a/fixpaths b/fixpaths new file mode 100755 index 000000000..6a2a3a0b3 --- /dev/null +++ b/fixpaths | |||
@@ -0,0 +1,47 @@ | |||
1 | #!/usr/bin/perl -w | ||
2 | # | ||
3 | # fixpaths - substitute makefile variables into text files | ||
4 | |||
5 | |||
6 | $usage = "Usage: $0 [-D<variable>=<value>] [[infile] ...]\n"; | ||
7 | |||
8 | if (!defined(@ARGV)) { die ("$usage"); } | ||
9 | |||
10 | # read in the command line and get some definitions | ||
11 | while ($_=$ARGV[0], /^-/) { | ||
12 | if (/^-D/) { | ||
13 | # definition | ||
14 | shift(@ARGV); | ||
15 | if ( /-D(.*)=(.*)/ ) { | ||
16 | $def{"$1"}=$2; | ||
17 | } else { | ||
18 | die ("$usage$0: error in command line arguments.\n"); | ||
19 | } | ||
20 | } else { | ||
21 | &usage; die ("$usage$0: unknown option '-".$ARGV[0][1]."'\n"); | ||
22 | } | ||
23 | } # while parsing arguments | ||
24 | |||
25 | if (!defined(%def)) { | ||
26 | die ("$0: nothing to do - no substitutions listed!\n"); | ||
27 | } | ||
28 | |||
29 | for $f (@ARGV) { | ||
30 | |||
31 | $f =~ /(.*\/)*(.*)$/; | ||
32 | $of = $2; $of =~ s/.in$//; | ||
33 | |||
34 | print("Making substitutions for $of\n"); | ||
35 | |||
36 | open(IN, "<$f") || die ("$0: input file $f missing!\n"); | ||
37 | if (open(OUT, ">$of")) { | ||
38 | while (<IN>) { | ||
39 | for $s (keys(%def)) { | ||
40 | s#\@$s\@#$def{$s}#; | ||
41 | } # for $s | ||
42 | print OUT; | ||
43 | } # while <IN> | ||
44 | } # if (outfile open) | ||
45 | } # for $f | ||
46 | |||
47 | exit 0; | ||
diff --git a/packages/redhat/openssh.spec b/packages/redhat/openssh.spec index 85e2b9043..1b567c5c0 100644 --- a/packages/redhat/openssh.spec +++ b/packages/redhat/openssh.spec | |||
@@ -1,5 +1,5 @@ | |||
1 | # Version of OpenSSH | 1 | # Version of OpenSSH |
2 | %define oversion 1.2.1pre21 | 2 | %define oversion 1.2.1pre22 |
3 | 3 | ||
4 | # Version of ssh-askpass | 4 | # Version of ssh-askpass |
5 | %define aversion 0.99 | 5 | %define aversion 0.99 |
@@ -16,6 +16,7 @@ Group: Applications/Internet | |||
16 | BuildRoot: /tmp/openssh-%{version}-buildroot | 16 | BuildRoot: /tmp/openssh-%{version}-buildroot |
17 | Obsoletes: ssh | 17 | Obsoletes: ssh |
18 | Requires: openssl | 18 | Requires: openssl |
19 | BuildPreReq: perl | ||
19 | BuildPreReq: openssl-devel | 20 | BuildPreReq: openssl-devel |
20 | BuildPreReq: tcp_wrappers | 21 | BuildPreReq: tcp_wrappers |
21 | BuildPreReq: gnome-libs-devel | 22 | BuildPreReq: gnome-libs-devel |
@@ -192,7 +193,8 @@ fi | |||
192 | 193 | ||
193 | %files | 194 | %files |
194 | %defattr(-,root,root) | 195 | %defattr(-,root,root) |
195 | %doc ChangeLog OVERVIEW COPYING.Ylonen README README.Ylonen INSTALL UPGRADING | 196 | %doc ChangeLog OVERVIEW COPYING.Ylonen README README.Ylonen INSTALL |
197 | %doc CREDITS UPGRADING | ||
196 | %attr(0755,root,root) /usr/bin/ssh-keygen | 198 | %attr(0755,root,root) /usr/bin/ssh-keygen |
197 | %attr(0755,root,root) /usr/bin/scp | 199 | %attr(0755,root,root) /usr/bin/scp |
198 | %attr(0644,root,root) /usr/man/man1/ssh-keygen.1 | 200 | %attr(0644,root,root) /usr/man/man1/ssh-keygen.1 |
diff --git a/packages/suse/openssh.spec b/packages/suse/openssh.spec index 23926e017..1d0168ba6 100644 --- a/packages/suse/openssh.spec +++ b/packages/suse/openssh.spec | |||
@@ -1,6 +1,6 @@ | |||
1 | Summary: OpenSSH, a free Secure Shell (SSH) implementation | 1 | Summary: OpenSSH, a free Secure Shell (SSH) implementation |
2 | Name: openssh | 2 | Name: openssh |
3 | Version: 1.2.1pre21 | 3 | Version: 1.2.1pre22 |
4 | Release: 1 | 4 | Release: 1 |
5 | Source0: openssh-%{version}.tar.gz | 5 | Source0: openssh-%{version}.tar.gz |
6 | Copyright: BSD | 6 | Copyright: BSD |
@@ -203,7 +203,7 @@ fi | |||
203 | %files | 203 | %files |
204 | %defattr(-,root,root) | 204 | %defattr(-,root,root) |
205 | %doc COPYING.Ylonen ChangeLog OVERVIEW README README.Ylonen | 205 | %doc COPYING.Ylonen ChangeLog OVERVIEW README README.Ylonen |
206 | %doc RFC.nroff TODO UPGRADING | 206 | %doc RFC.nroff TODO UPGRADING CREDITS |
207 | %attr(0755,root,root) /usr/bin/ssh-keygen | 207 | %attr(0755,root,root) /usr/bin/ssh-keygen |
208 | %attr(0755,root,root) /usr/bin/scp | 208 | %attr(0755,root,root) /usr/bin/scp |
209 | %attr(0644,root,root) %doc /usr/man/man1/ssh-keygen.1 | 209 | %attr(0644,root,root) %doc /usr/man/man1/ssh-keygen.1 |
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sun May 7 00:14:37 1995 ylo | 10 | .\" Created: Sun May 7 00:14:37 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $Id: scp.1,v 1.3 1999/10/28 23:15:49 damien Exp $ | 12 | .\" $Id: scp.1.in,v 1.1 1999/12/26 22:23:58 damien Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SCP 1 | 15 | .Dt SCP 1 |
diff --git a/ssh-add.1 b/ssh-add.1.in index 444af9416..80ba28873 100644 --- a/ssh-add.1 +++ b/ssh-add.1.in | |||
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sat Apr 22 23:55:14 1995 ylo | 10 | .\" Created: Sat Apr 22 23:55:14 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $Id: ssh-add.1,v 1.6 1999/12/06 00:47:29 damien Exp $ | 12 | .\" $Id: ssh-add.1.in,v 1.1 1999/12/26 22:23:58 damien Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SSH-ADD 1 | 15 | .Dt SSH-ADD 1 |
diff --git a/ssh-agent.1 b/ssh-agent.1.in index f8084e299..f8084e299 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1.in | |||
diff --git a/ssh-keygen.1 b/ssh-keygen.1.in index dc244cd78..493484756 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1.in | |||
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sat Apr 22 23:55:14 1995 ylo | 10 | .\" Created: Sat Apr 22 23:55:14 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $Id: ssh-keygen.1,v 1.6 1999/12/26 03:24:41 damien Exp $ | 12 | .\" $Id: ssh-keygen.1.in,v 1.1 1999/12/26 22:23:58 damien Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SSH-KEYGEN 1 | 15 | .Dt SSH-KEYGEN 1 |
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sat Apr 22 21:55:14 1995 ylo | 10 | .\" Created: Sat Apr 22 21:55:14 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $Id: ssh.1,v 1.13 1999/12/26 03:24:41 damien Exp $ | 12 | .\" $Id: ssh.1.in,v 1.1 1999/12/26 22:23:58 damien Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SSH 1 | 15 | .Dt SSH 1 |
@@ -66,7 +66,7 @@ his/her identity to the remote machine using one of several methods. | |||
66 | First, if the machine the user logs in from is listed in | 66 | First, if the machine the user logs in from is listed in |
67 | .Pa /etc/hosts.equiv | 67 | .Pa /etc/hosts.equiv |
68 | or | 68 | or |
69 | .Pa /etc/ssh/shosts.equiv | 69 | .Pa @sysconfdir@/shosts.equiv |
70 | on the remote machine, and the user names are | 70 | on the remote machine, and the user names are |
71 | the same on both sides, the user is immediately permitted to log in. | 71 | the same on both sides, the user is immediately permitted to log in. |
72 | Second, if | 72 | Second, if |
@@ -89,10 +89,10 @@ means that if the login would be permitted by | |||
89 | .Pa \&.shosts , | 89 | .Pa \&.shosts , |
90 | .Pa /etc/hosts.equiv , | 90 | .Pa /etc/hosts.equiv , |
91 | or | 91 | or |
92 | .Pa /etc/ssh/shosts.equiv , | 92 | .Pa @sysconfdir@/shosts.equiv , |
93 | and if additionally the server can verify the client's | 93 | and if additionally the server can verify the client's |
94 | host key (see | 94 | host key (see |
95 | .Pa /etc/ssh/ssh_known_hosts | 95 | .Pa @sysconfdir@/ssh_known_hosts |
96 | and | 96 | and |
97 | .Pa $HOME/.ssh/known_hosts | 97 | .Pa $HOME/.ssh/known_hosts |
98 | in the | 98 | in the |
@@ -250,7 +250,7 @@ identifications for all hosts it has ever been used with. The | |||
250 | database is stored in | 250 | database is stored in |
251 | .Pa \&.ssh/known_hosts | 251 | .Pa \&.ssh/known_hosts |
252 | in the user's home directory. Additionally, the file | 252 | in the user's home directory. Additionally, the file |
253 | .Pa /etc/ssh/ssh_known_hosts | 253 | .Pa @sysconfdir@/ssh_known_hosts |
254 | is automatically checked for known hosts. Any new hosts are | 254 | is automatically checked for known hosts. Any new hosts are |
255 | automatically added to the user's file. If a host's identification | 255 | automatically added to the user's file. If a host's identification |
256 | ever changes, | 256 | ever changes, |
@@ -418,7 +418,7 @@ obtains configuration data from the following sources (in this order): | |||
418 | command line options, user's configuration file | 418 | command line options, user's configuration file |
419 | .Pq Pa $HOME/.ssh/config , | 419 | .Pq Pa $HOME/.ssh/config , |
420 | and system-wide configuration file | 420 | and system-wide configuration file |
421 | .Pq Pa /etc/ssh/ssh_config . | 421 | .Pq Pa @sysconfdir@/ssh_config . |
422 | For each parameter, the first obtained value | 422 | For each parameter, the first obtained value |
423 | will be used. The configuration files contain sections bracketed by | 423 | will be used. The configuration files contain sections bracketed by |
424 | "Host" specifications, and that section is only applied for hosts that | 424 | "Host" specifications, and that section is only applied for hosts that |
@@ -542,7 +542,7 @@ The default is | |||
542 | .Dq no . | 542 | .Dq no . |
543 | .It Cm GlobalKnownHostsFile | 543 | .It Cm GlobalKnownHostsFile |
544 | Specifies a file to use instead of | 544 | Specifies a file to use instead of |
545 | .Pa /etc/ssh/ssh_known_hosts . | 545 | .Pa @sysconfdir@/ssh_known_hosts . |
546 | .It Cm HostName | 546 | .It Cm HostName |
547 | Specifies the real host name to log into. This can be used to specify | 547 | Specifies the real host name to log into. This can be used to specify |
548 | nicnames or abbreviations for hosts. Default is the name given on the | 548 | nicnames or abbreviations for hosts. Default is the name given on the |
@@ -693,7 +693,7 @@ ssh will never automatically add host keys to the | |||
693 | file, and refuses to connect hosts whose host key has changed. This | 693 | file, and refuses to connect hosts whose host key has changed. This |
694 | provides maximum protection against trojan horse attacks. However, it | 694 | provides maximum protection against trojan horse attacks. However, it |
695 | can be somewhat annoying if you don't have good | 695 | can be somewhat annoying if you don't have good |
696 | .Pa /etc/ssh/ssh_known_hosts | 696 | .Pa @sysconfdir@/ssh_known_hosts |
697 | files installed and frequently | 697 | files installed and frequently |
698 | connect new hosts. Basically this option forces the user to manually | 698 | connect new hosts. Basically this option forces the user to manually |
699 | add any new hosts. Normally this option is disabled, and new hosts | 699 | add any new hosts. Normally this option is disabled, and new hosts |
@@ -800,7 +800,7 @@ to the environment. | |||
800 | .It Pa $HOME/.ssh/known_hosts | 800 | .It Pa $HOME/.ssh/known_hosts |
801 | Records host keys for all hosts the user has logged into (that are not | 801 | Records host keys for all hosts the user has logged into (that are not |
802 | in | 802 | in |
803 | .Pa /etc/ssh/ssh_known_hosts ) . | 803 | .Pa @sysconfdir@/ssh_known_hosts ) . |
804 | See | 804 | See |
805 | .Xr sshd 8 . | 805 | .Xr sshd 8 . |
806 | .It Pa $HOME/.ssh/identity | 806 | .It Pa $HOME/.ssh/identity |
@@ -839,7 +839,7 @@ identity files (that is, each line contains the number of bits in | |||
839 | modulus, public exponent, modulus, and comment fields, separated by | 839 | modulus, public exponent, modulus, and comment fields, separated by |
840 | spaces). This file is not highly sensitive, but the recommended | 840 | spaces). This file is not highly sensitive, but the recommended |
841 | permissions are read/write for the user, and not accessible by others. | 841 | permissions are read/write for the user, and not accessible by others. |
842 | .It Pa /etc/ssh/ssh_known_hosts | 842 | .It Pa @sysconfdir@/ssh_known_hosts |
843 | Systemwide list of known host keys. This file should be prepared by the | 843 | Systemwide list of known host keys. This file should be prepared by the |
844 | system administrator to contain the public host keys of all machines in the | 844 | system administrator to contain the public host keys of all machines in the |
845 | organization. This file should be world-readable. This file contains | 845 | organization. This file should be world-readable. This file contains |
@@ -858,7 +858,7 @@ to verify the client host when logging in; other names are needed because | |||
858 | does not convert the user-supplied name to a canonical name before | 858 | does not convert the user-supplied name to a canonical name before |
859 | checking the key, because someone with access to the name servers | 859 | checking the key, because someone with access to the name servers |
860 | would then be able to fool host authentication. | 860 | would then be able to fool host authentication. |
861 | .It Pa /etc/ssh/ssh_config | 861 | .It Pa @sysconfdir@/ssh_config |
862 | Systemwide configuration file. This file provides defaults for those | 862 | Systemwide configuration file. This file provides defaults for those |
863 | values that are not specified in the user's configuration file, and | 863 | values that are not specified in the user's configuration file, and |
864 | for those users who do not have a configuration file. This file must | 864 | for those users who do not have a configuration file. This file must |
@@ -885,7 +885,7 @@ Note that by default | |||
885 | will be installed so that it requires successful RSA host | 885 | will be installed so that it requires successful RSA host |
886 | authentication before permitting \s+2.\s0rhosts authentication. If your | 886 | authentication before permitting \s+2.\s0rhosts authentication. If your |
887 | server machine does not have the client's host key in | 887 | server machine does not have the client's host key in |
888 | .Pa /etc/ssh/ssh_known_hosts , | 888 | .Pa @sysconfdir@/ssh_known_hosts , |
889 | you can store it in | 889 | you can store it in |
890 | .Pa $HOME/.ssh/known_hosts . | 890 | .Pa $HOME/.ssh/known_hosts . |
891 | The easiest way to do this is to | 891 | The easiest way to do this is to |
@@ -912,13 +912,13 @@ manual page). If the client host is found in this file, login is | |||
912 | automatically permitted provided client and server user names are the | 912 | automatically permitted provided client and server user names are the |
913 | same. Additionally, successful RSA host authentication is normally | 913 | same. Additionally, successful RSA host authentication is normally |
914 | required. This file should only be writable by root. | 914 | required. This file should only be writable by root. |
915 | .It Pa /etc/ssh/shosts.equiv | 915 | .It Pa @sysconfdir@/shosts.equiv |
916 | This file is processed exactly as | 916 | This file is processed exactly as |
917 | .Pa /etc/hosts.equiv . | 917 | .Pa /etc/hosts.equiv . |
918 | This file may be useful to permit logins using | 918 | This file may be useful to permit logins using |
919 | .Nm | 919 | .Nm |
920 | but not using rsh/rlogin. | 920 | but not using rsh/rlogin. |
921 | .It Pa /etc/ssh/sshrc | 921 | .It Pa @sysconfdir@/sshrc |
922 | Commands in this file are executed by | 922 | Commands in this file are executed by |
923 | .Nm | 923 | .Nm |
924 | when the user logs in just before the user's shell (or command) is started. | 924 | when the user logs in just before the user's shell (or command) is started. |
diff --git a/ssh_config b/ssh_config.in index 9fb064deb..9fb064deb 100644 --- a/ssh_config +++ b/ssh_config.in | |||
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sat Apr 22 21:55:14 1995 ylo | 10 | .\" Created: Sat Apr 22 21:55:14 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $Id: sshd.8,v 1.9 1999/11/24 13:26:23 damien Exp $ | 12 | .\" $Id: sshd.8.in,v 1.1 1999/12/26 22:23:59 damien Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SSHD 8 | 15 | .Dt SSHD 8 |
@@ -123,7 +123,7 @@ not fork and will only process one connection. This option is only | |||
123 | intended for debugging for the server. | 123 | intended for debugging for the server. |
124 | .It Fl f Ar configuration_file | 124 | .It Fl f Ar configuration_file |
125 | Specifies the name of the configuration file. The default is | 125 | Specifies the name of the configuration file. The default is |
126 | .Pa /etc/ssh/sshd_config . | 126 | .Pa @sysconfdir@/sshd_config . |
127 | .Nm | 127 | .Nm |
128 | refuses to start if there is no configuration file. | 128 | refuses to start if there is no configuration file. |
129 | .It Fl g Ar login_grace_time | 129 | .It Fl g Ar login_grace_time |
@@ -133,7 +133,7 @@ this many seconds, the server disconnects and exits. A value of zero | |||
133 | indicates no limit. | 133 | indicates no limit. |
134 | .It Fl h Ar host_key_file | 134 | .It Fl h Ar host_key_file |
135 | Specifies the file from which the host key is read (default | 135 | Specifies the file from which the host key is read (default |
136 | .Pa /etc/ssh/ssh_host_key ) . | 136 | .Pa @sysconfdir@/ssh_host_key ) . |
137 | This option must be given if | 137 | This option must be given if |
138 | .Nm | 138 | .Nm |
139 | is not run as root (as the normal | 139 | is not run as root (as the normal |
@@ -177,7 +177,7 @@ Protocol Version Identification Exchange. | |||
177 | .Sh CONFIGURATION FILE | 177 | .Sh CONFIGURATION FILE |
178 | .Nm | 178 | .Nm |
179 | reads configuration data from | 179 | reads configuration data from |
180 | .Pa /etc/ssh/sshd_config | 180 | .Pa @sysconfdir@/sshd_config |
181 | (or the file specified with | 181 | (or the file specified with |
182 | .Fl f | 182 | .Fl f |
183 | on the command line). The file | 183 | on the command line). The file |
@@ -245,7 +245,7 @@ id isn't recognized. By default login is allowed regardless of | |||
245 | the user name. | 245 | the user name. |
246 | .It Cm HostKey | 246 | .It Cm HostKey |
247 | Specifies the file containing the private host key (default | 247 | Specifies the file containing the private host key (default |
248 | .Pa /etc/ssh/ssh_host_key ) . | 248 | .Pa @sysconfdir@/ssh_host_key ) . |
249 | Note that | 249 | Note that |
250 | .Nm | 250 | .Nm |
251 | does not start if this file is group/world-accessible. | 251 | does not start if this file is group/world-accessible. |
@@ -254,7 +254,7 @@ Specifies that rhosts and shosts files will not be used in | |||
254 | authentication. | 254 | authentication. |
255 | .Pa /etc/hosts.equiv | 255 | .Pa /etc/hosts.equiv |
256 | and | 256 | and |
257 | .Pa /etc/ssh/shosts.equiv | 257 | .Pa @sysconfdir@/shosts.equiv |
258 | are still used. The default is | 258 | are still used. The default is |
259 | .Dq no . | 259 | .Dq no . |
260 | .It Cm IgnoreUserKnownHosts | 260 | .It Cm IgnoreUserKnownHosts |
@@ -470,7 +470,7 @@ Changes to user's home directory. | |||
470 | If | 470 | If |
471 | .Pa $HOME/.ssh/rc | 471 | .Pa $HOME/.ssh/rc |
472 | exists, runs it; else if | 472 | exists, runs it; else if |
473 | .Pa /etc/ssh/sshrc | 473 | .Pa @sysconfdir@/sshrc |
474 | exists, runs | 474 | exists, runs |
475 | it; otherwise runs xauth. The | 475 | it; otherwise runs xauth. The |
476 | .Dq rc | 476 | .Dq rc |
@@ -556,7 +556,7 @@ from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula | |||
556 | command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi | 556 | command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi |
557 | .Sh SSH_KNOWN_HOSTS FILE FORMAT | 557 | .Sh SSH_KNOWN_HOSTS FILE FORMAT |
558 | The | 558 | The |
559 | .Pa /etc/ssh/ssh_known_hosts | 559 | .Pa @sysconfdir@/ssh_known_hosts |
560 | and | 560 | and |
561 | .Pa $HOME/.ssh/known_hosts | 561 | .Pa $HOME/.ssh/known_hosts |
562 | files contain host public keys for all known hosts. The global file should | 562 | files contain host public keys for all known hosts. The global file should |
@@ -579,7 +579,7 @@ pattern on the line. | |||
579 | .Pp | 579 | .Pp |
580 | Bits, exponent, and modulus are taken directly from the host key; they | 580 | Bits, exponent, and modulus are taken directly from the host key; they |
581 | can be obtained, e.g., from | 581 | can be obtained, e.g., from |
582 | .Pa /etc/ssh/ssh_host_key.pub . | 582 | .Pa @sysconfdir@/ssh_host_key.pub . |
583 | The optional comment field continues to the end of the line, and is not used. | 583 | The optional comment field continues to the end of the line, and is not used. |
584 | .Pp | 584 | .Pp |
585 | Lines starting with | 585 | Lines starting with |
@@ -598,25 +598,25 @@ Note that the lines in these files are typically hundreds of characters | |||
598 | long, and you definitely don't want to type in the host keys by hand. | 598 | long, and you definitely don't want to type in the host keys by hand. |
599 | Rather, generate them by a script | 599 | Rather, generate them by a script |
600 | or by taking | 600 | or by taking |
601 | .Pa /etc/ssh/ssh_host_key.pub | 601 | .Pa @sysconfdir@/ssh_host_key.pub |
602 | and adding the host names at the front. | 602 | and adding the host names at the front. |
603 | .Ss Examples | 603 | .Ss Examples |
604 | closenet,closenet.hut.fi,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi | 604 | closenet,closenet.hut.fi,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi |
605 | .Sh FILES | 605 | .Sh FILES |
606 | .Bl -tag -width Ds | 606 | .Bl -tag -width Ds |
607 | .It Pa /etc/ssh/sshd_config | 607 | .It Pa @sysconfdir@/sshd_config |
608 | Contains configuration data for | 608 | Contains configuration data for |
609 | .Nm sshd . | 609 | .Nm sshd . |
610 | This file should be writable by root only, but it is recommended | 610 | This file should be writable by root only, but it is recommended |
611 | (though not necessary) that it be world-readable. | 611 | (though not necessary) that it be world-readable. |
612 | .It Pa /etc/ssh/ssh_host_key | 612 | .It Pa @sysconfdir@/ssh_host_key |
613 | Contains the private part of the host key. | 613 | Contains the private part of the host key. |
614 | This file should only be owned by root, readable only by root, and not | 614 | This file should only be owned by root, readable only by root, and not |
615 | accessible to others. | 615 | accessible to others. |
616 | Note that | 616 | Note that |
617 | .Nm | 617 | .Nm |
618 | does not start if this file is group/world-accessible. | 618 | does not start if this file is group/world-accessible. |
619 | .It Pa /etc/ssh/ssh_host_key.pub | 619 | .It Pa @sysconfdir@/ssh_host_key.pub |
620 | Contains the public part of the host key. | 620 | Contains the public part of the host key. |
621 | This file should be world-readable but writable only by | 621 | This file should be world-readable but writable only by |
622 | root. Its contents should match the private part. This file is not | 622 | root. Its contents should match the private part. This file is not |
@@ -637,14 +637,14 @@ This file must be readable by root (which may on some machines imply | |||
637 | it being world-readable if the user's home directory resides on an NFS | 637 | it being world-readable if the user's home directory resides on an NFS |
638 | volume). It is recommended that it not be accessible by others. The | 638 | volume). It is recommended that it not be accessible by others. The |
639 | format of this file is described above. | 639 | format of this file is described above. |
640 | .It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts" | 640 | .It Pa "@sysconfdir@_known_hosts" and "$HOME/.ssh/known_hosts" |
641 | These files are consulted when using rhosts with RSA host | 641 | These files are consulted when using rhosts with RSA host |
642 | authentication to check the public key of the host. The key must be | 642 | authentication to check the public key of the host. The key must be |
643 | listed in one of these files to be accepted. | 643 | listed in one of these files to be accepted. |
644 | The client uses the same files | 644 | The client uses the same files |
645 | to verify that the remote host is the one we intended to | 645 | to verify that the remote host is the one we intended to |
646 | connect. These files should be writable only by root/the owner. | 646 | connect. These files should be writable only by root/the owner. |
647 | .Pa /etc/ssh/ssh_known_hosts | 647 | .Pa @sysconfdir@/ssh_known_hosts |
648 | should be world-readable, and | 648 | should be world-readable, and |
649 | .Pa $HOME/.ssh/known_hosts | 649 | .Pa $HOME/.ssh/known_hosts |
650 | can but need not be world-readable. | 650 | can but need not be world-readable. |
@@ -706,7 +706,7 @@ user root access. The only valid use for user names that I can think | |||
706 | of is in negative entries. | 706 | of is in negative entries. |
707 | .Pp | 707 | .Pp |
708 | Note that this warning also applies to rsh/rlogin. | 708 | Note that this warning also applies to rsh/rlogin. |
709 | .It Pa /etc/ssh/shosts.equiv | 709 | .It Pa @sysconfdir@/shosts.equiv |
710 | This is processed exactly as | 710 | This is processed exactly as |
711 | .Pa /etc/hosts.equiv . | 711 | .Pa /etc/hosts.equiv . |
712 | However, this file may be useful in environments that want to run both | 712 | However, this file may be useful in environments that want to run both |
@@ -736,13 +736,13 @@ something similar to: "if read proto cookie; then echo add $DISPLAY | |||
736 | $proto $cookie | xauth -q -; fi". | 736 | $proto $cookie | xauth -q -; fi". |
737 | .Pp | 737 | .Pp |
738 | If this file does not exist, | 738 | If this file does not exist, |
739 | .Pa /etc/ssh/sshrc | 739 | .Pa @sysconfdir@/sshrc |
740 | is run, and if that | 740 | is run, and if that |
741 | does not exist either, xauth is used to store the cookie. | 741 | does not exist either, xauth is used to store the cookie. |
742 | .Pp | 742 | .Pp |
743 | This file should be writable only by the user, and need not be | 743 | This file should be writable only by the user, and need not be |
744 | readable by anyone else. | 744 | readable by anyone else. |
745 | .It Pa /etc/ssh/sshrc | 745 | .It Pa @sysconfdir@/sshrc |
746 | Like | 746 | Like |
747 | .Pa $HOME/.ssh/rc . | 747 | .Pa $HOME/.ssh/rc . |
748 | This can be used to specify | 748 | This can be used to specify |
diff --git a/sshd_config b/sshd_config.in index ee6af5f8b..63e3d9829 100644 --- a/sshd_config +++ b/sshd_config.in | |||
@@ -2,7 +2,7 @@ | |||
2 | 2 | ||
3 | Port 22 | 3 | Port 22 |
4 | ListenAddress 0.0.0.0 | 4 | ListenAddress 0.0.0.0 |
5 | HostKey /etc/ssh/ssh_host_key | 5 | HostKey @sysconfdir@/ssh_host_key |
6 | ServerKeyBits 768 | 6 | ServerKeyBits 768 |
7 | LoginGraceTime 600 | 7 | LoginGraceTime 600 |
8 | KeyRegenerationInterval 3600 | 8 | KeyRegenerationInterval 3600 |