9 files changed, 29 insertions, 570 deletions
diff --git a/contrib/Makefile b/contrib/Makefile
index c6c48e78a..eaf7fe2fd 100644
--- a/contrib/Makefile
+++ b/contrib/Makefile
@@ -4,12 +4,12 @@ all:
        @echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2"
 gnome-ssh-askpass1: gnome-ssh-askpass1.c
-        $(CC) `gnome-config --cflags gnome gnomeui` \
+        $(CC) $(CFLAGS) `gnome-config --cflags gnome gnomeui` \
                gnome-ssh-askpass1.c -o gnome-ssh-askpass1 \
                `gnome-config --libs gnome gnomeui`
 gnome-ssh-askpass2: gnome-ssh-askpass2.c
-        $(CC) `$(PKG_CONFIG) --cflags gtk+-2.0` \
+        $(CC) $(CFLAGS) `$(PKG_CONFIG) --cflags gtk+-2.0` \
                gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \
                `$(PKG_CONFIG) --libs gtk+-2.0 x11`
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
deleted file mode 100644
index 0011b4dea..000000000
--- a/contrib/caldera/openssh.spec
+++ /dev/null
@@ -1,365 +0,0 @@
-# Some of this will need re-evaluation post-LSB.  The SVIdir is there
-# because the link appeared broken.  The rest is for easy compilation,
-# the tradeoff open to discussion.  (LC957)
-%define SVIdir          /etc/rc.d/init.d
-%{!?_defaultdocdir:%define      _defaultdocdir  %{_prefix}/share/doc/packages}
-%{!?SVIcdir:%define             SVIcdir         /etc/sysconfig/daemons}
-%define _mandir         %{_prefix}/share/man/en
-%define _sysconfdir     /etc/ssh
-%define _libexecdir     %{_libdir}/ssh
-# Do we want to disable root_login? (1=yes 0=no)
-%define no_root_login 0
-#old cvs stuff.  please update before use.  may be deprecated.
-%define use_stable      1
-%define version         6.7p1
-%if %{use_stable}
-  %define cvs           %{nil}
-  %define release       1
-%else
-  %define cvs           cvs20050315
-  %define release       0r1
-%endif
-%define xsa             x11-ssh-askpass         
-%define askpass         %{xsa}-1.2.4.1
-# OpenSSH privilege separation requires a user & group ID
-%define sshd_uid    67
-%define sshd_gid    67
-Name            : openssh
-Version         : %{version}%{cvs}
-Release         : %{release}
-Group           : System/Network
-Summary         : OpenSSH free Secure Shell (SSH) implementation.
-Summary(de)     : OpenSSH - freie Implementation der Secure Shell (SSH).
-Summary(es)     : OpenSSH implementaci�n libre de Secure Shell (SSH).
-Summary(fr)     : Impl�mentation libre du shell s�curis� OpenSSH (SSH).
-Summary(it)     : Implementazione gratuita OpenSSH della Secure Shell.
-Summary(pt)     : Implementa��o livre OpenSSH do protocolo 'Secure Shell' (SSH).
-Summary(pt_BR)  : Implementa��o livre OpenSSH do protocolo Secure Shell (SSH).
-Copyright       : BSD
-Packager        : Raymund Will <ray@caldera.de>
-URL             : http://www.openssh.com/
-Obsoletes       : ssh, ssh-clients, openssh-clients
-BuildRoot       : /tmp/%{name}-%{version}
-BuildRequires   : XFree86-imake
-# %{use_stable}==1:     ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
-# %{use_stable}==0:     :pserver:cvs@bass.directhit.com:/cvs/openssh_cvs
-Source0: see-above:/.../openssh-%{version}.tar.gz
-%if %{use_stable}
-Source1: see-above:/.../openssh-%{version}.tar.gz.asc
-%endif
-Source2: http://www.jmknoble.net/software/%{xsa}/%{askpass}.tar.gz
-Source3: http://www.openssh.com/faq.html
-%Package server
-Group           : System/Network
-Requires        : openssh = %{version}
-Obsoletes       : ssh-server
-Summary         : OpenSSH Secure Shell protocol server (sshd).
-Summary(de)     : OpenSSH Secure Shell Protocol-Server (sshd).
-Summary(es)     : Servidor del protocolo OpenSSH Secure Shell (sshd).
-Summary(fr)     : Serveur de protocole du shell s�curis� OpenSSH (sshd).
-Summary(it)     : Server OpenSSH per il protocollo Secure Shell (sshd).
-Summary(pt)     : Servidor do protocolo 'Secure Shell' OpenSSH (sshd).
-Summary(pt_BR)  : Servidor do protocolo Secure Shell OpenSSH (sshd).
-%Package askpass
-Group           : System/Network
-Requires        : openssh = %{version}
-URL             : http://www.jmknoble.net/software/x11-ssh-askpass/
-Obsoletes       : ssh-extras
-Summary         : OpenSSH X11 pass-phrase dialog.
-Summary(de)     : OpenSSH X11 Passwort-Dialog.
-Summary(es)     : Aplicaci�n de petici�n de frase clave OpenSSH X11.
-Summary(fr)     : Dialogue pass-phrase X11 d'OpenSSH.
-Summary(it)     : Finestra di dialogo X11 per la frase segreta di OpenSSH.
-Summary(pt)     : Di�logo de pedido de senha para X11 do OpenSSH.
-Summary(pt_BR)  : Di�logo de pedido de senha para X11 do OpenSSH.
-%Description
-OpenSSH (Secure Shell) provides access to a remote system. It replaces
-telnet, rlogin,  rexec, and rsh, and provides secure encrypted 
-communications between two untrusted hosts over an insecure network.  
-X11 connections and arbitrary TCP/IP ports can also be forwarded over 
-the secure channel.
-%Description -l de
-OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es ersetzt
-telnet, rlogin, rexec und rsh und stellt eine sichere, verschl�sselte
-Verbindung zwischen zwei nicht vertrauensw�rdigen Hosts �ber eine unsicheres
-Netzwerk her. X11 Verbindungen und beliebige andere TCP/IP Ports k�nnen ebenso
-�ber den sicheren Channel weitergeleitet werden.
-%Description -l es
-OpenSSH (Secure Shell) proporciona acceso a sistemas remotos. Reemplaza a
-telnet, rlogin, rexec, y rsh, y proporciona comunicaciones seguras encriptadas
-entre dos equipos entre los que no se ha establecido confianza a trav�s de una
-red insegura. Las conexiones X11 y puertos TCP/IP arbitrarios tambi�n pueden
-ser canalizadas sobre el canal seguro.
-%Description -l fr
-OpenSSH (Secure Shell) fournit un acc�s � un syst�me distant. Il remplace
-telnet, rlogin, rexec et rsh, tout en assurant des communications crypt�es
-securis�es entre deux h�tes non fiabilis�s sur un r�seau non s�curis�. Des
-connexions X11 et des ports TCP/IP arbitraires peuvent �galement �tre
-transmis sur le canal s�curis�.
-%Description -l it
-OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
-Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni sicure
-e crittate tra due host non fidati su una rete non sicura. Le connessioni
-X11 ad una porta TCP/IP arbitraria possono essere inoltrate attraverso
-un canale sicuro.
-%Description -l pt
-OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
-telnet, rlogin, rexec, e o rsh e fornece comunica��es seguras e cifradas
-entre duas m�quinas sem confian�a m�tua sobre uma rede insegura.
-Liga��es X11 e portos TCP/IP arbitr�rios tamb�m poder ser reenviados
-pelo canal seguro.
-%Description -l pt_BR
-O OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
-telnet, rlogin, rexec, e o rsh e fornece comunica��es seguras e criptografadas
-entre duas m�quinas sem confian�a m�tua sobre uma rede insegura.
-Liga��es X11 e portas TCP/IP arbitr�rias tamb�m podem ser reenviadas
-pelo canal seguro.
-%Description server
-This package installs the sshd, the server portion of OpenSSH. 
-%Description -l de server
-Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
-%Description -l es server
-Este paquete instala sshd, la parte servidor de OpenSSH.
-%Description -l fr server
-Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
-%Description -l it server
-Questo pacchetto installa sshd, il server di OpenSSH.
-%Description -l pt server
-Este pacote intala o sshd, o servidor do OpenSSH.
-%Description -l pt_BR server
-Este pacote intala o sshd, o servidor do OpenSSH.
-%Description askpass
-This package contains an X11-based pass-phrase dialog used per
-default by ssh-add(1). It is based on %{askpass}
-by Jim Knoble <jmknoble@pobox.com>.
-%Prep
-%setup %([ -z "%{cvs}" ] || echo "-n %{name}_cvs") -a2
-%if ! %{use_stable}
-  autoreconf
-%endif
-%Build
-CFLAGS="$RPM_OPT_FLAGS" \
-%configure \
-            --with-pam \
-            --with-privsep-path=%{_var}/empty/sshd \
-            #leave this line for easy edits.
-%__make
-cd %{askpass}
-%configure \
-            #leave this line for easy edits.
-xmkmf
-%__make includes
-%__make
-%Install
-[ %{buildroot} != "/" ] && rm -rf %{buildroot}
-make install DESTDIR=%{buildroot}
-%makeinstall -C %{askpass} \
-    BINDIR=%{_libexecdir} \
-    MANPATH=%{_mandir} \
-    DESTDIR=%{buildroot}
-# OpenLinux specific configuration
-mkdir -p %{buildroot}{/etc/pam.d,%{SVIcdir},%{SVIdir}}
-mkdir -p %{buildroot}%{_var}/empty/sshd
-# enabling X11 forwarding on the server is convenient and okay,
-# on the client side it's a potential security risk!
-%__perl -pi -e 's:#X11Forwarding no:X11Forwarding yes:g' \
-    %{buildroot}%{_sysconfdir}/sshd_config
-%if %{no_root_login}
-%__perl -pi -e 's:#PermitRootLogin yes:PermitRootLogin no:g' \
-    %{buildroot}%{_sysconfdir}/sshd_config
-%endif
-install -m644 contrib/caldera/sshd.pam %{buildroot}/etc/pam.d/sshd
-# FIXME: disabled, find out why this doesn't work with nis
-%__perl -pi -e 's:(.*pam_limits.*):#$1:' \
-    %{buildroot}/etc/pam.d/sshd
-install -m 0755 contrib/caldera/sshd.init %{buildroot}%{SVIdir}/sshd
-# the last one is needless, but more future-proof
-find %{buildroot}%{SVIdir} -type f -exec \
-    %__perl -pi -e 's:\@SVIdir\@:%{SVIdir}:g;\
-                    s:\@sysconfdir\@:%{_sysconfdir}:g; \
-                    s:/usr/sbin:%{_sbindir}:g'\
-    \{\} \;
-cat <<-EoD > %{buildroot}%{SVIcdir}/sshd
-        IDENT=sshd
-        DESCRIPTIVE="OpenSSH secure shell daemon"
-        # This service will be marked as 'skipped' on boot if there
-        # is no host key. Use ssh-host-keygen to generate one
-        ONBOOT="yes"
-        OPTIONS=""
-EoD
-SKG=%{buildroot}%{_sbindir}/ssh-host-keygen
-install -m 0755 contrib/caldera/ssh-host-keygen $SKG
-# Fix up some path names in the keygen toy^Hol
-    %__perl -pi -e 's:\@sysconfdir\@:%{_sysconfdir}:g; \
-                    s:\@sshkeygen\@:%{_bindir}/ssh-keygen:g' \
-        %{buildroot}%{_sbindir}/ssh-host-keygen
-# This looks terrible.  Expect it to change.
-# install remaining docs
-DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}"
-mkdir -p $DocD/%{askpass}
-cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO PROTOCOL* $DocD
-install -p -m 0444 %{SOURCE3}  $DocD/faq.html
-cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad}  $DocD/%{askpass}
-%if %{use_stable}
-  cp -p %{askpass}/%{xsa}.man $DocD/%{askpass}/%{xsa}.1
-%else
-  cp -p %{askpass}/%{xsa}.man %{buildroot}%{_mandir}man1/%{xsa}.1
-  ln -s  %{xsa}.1 %{buildroot}%{_mandir}man1/ssh-askpass.1
-%endif
-find %{buildroot}%{_mandir} -type f -not -name  '*.gz' -print0 | xargs -0r %__gzip -9nf
-rm %{buildroot}%{_mandir}/man1/slogin.1 && \
-    ln -s %{_mandir}/man1/ssh.1.gz \
-    %{buildroot}%{_mandir}/man1/slogin.1.gz
-%Clean
-#%{rmDESTDIR}
-[ %{buildroot} != "/" ] && rm -rf %{buildroot}
-%Post
-# Generate host key when none is present to get up and running,
-# both client and server require this for host-based auth!
-# ssh-host-keygen checks for existing keys.
-/usr/sbin/ssh-host-keygen
-: # to protect the rpm database
-%pre server
-%{_sbindir}/groupadd -g %{sshd_gid} sshd 2>/dev/null || :
-%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
-        -c "SSH Daemon virtual user" -g sshd sshd 2>/dev/null || :
-: # to protect the rpm database
-%Post server
-if [ -x %{LSBinit}-install ]; then
-  %{LSBinit}-install sshd
-else
-  lisa --SysV-init install sshd S55 2:3:4:5 K45 0:1:6
-fi
-! %{SVIdir}/sshd status || %{SVIdir}/sshd restart
-: # to protect the rpm database
-%PreUn server
-[ "$1" = 0 ] || exit 0
-! %{SVIdir}/sshd status || %{SVIdir}/sshd stop
-if [ -x %{LSBinit}-remove ]; then
-  %{LSBinit}-remove sshd
-else
-  lisa --SysV-init remove sshd $1
-fi
-: # to protect the rpm database
-%Files 
-%defattr(-,root,root)
-%dir %{_sysconfdir}
-%config %{_sysconfdir}/ssh_config
-%{_bindir}/scp
-%{_bindir}/sftp
-%{_bindir}/ssh
-%{_bindir}/slogin
-%{_bindir}/ssh-add
-%attr(2755,root,nobody) %{_bindir}/ssh-agent
-%{_bindir}/ssh-keygen
-%{_bindir}/ssh-keyscan
-%dir %{_libexecdir}
-%attr(4711,root,root) %{_libexecdir}/ssh-keysign
-%{_libexecdir}/ssh-pkcs11-helper
-%{_sbindir}/ssh-host-keygen
-%dir %{_defaultdocdir}/%{name}-%{version}
-%{_defaultdocdir}/%{name}-%{version}/CREDITS
-%{_defaultdocdir}/%{name}-%{version}/ChangeLog
-%{_defaultdocdir}/%{name}-%{version}/LICENCE
-%{_defaultdocdir}/%{name}-%{version}/OVERVIEW
-%{_defaultdocdir}/%{name}-%{version}/README*
-%{_defaultdocdir}/%{name}-%{version}/TODO
-%{_defaultdocdir}/%{name}-%{version}/faq.html
-%{_mandir}/man1/*
-%{_mandir}/man8/ssh-keysign.8.gz
-%{_mandir}/man8/ssh-pkcs11-helper.8.gz
-%{_mandir}/man5/ssh_config.5.gz
- 
-%Files server
-%defattr(-,root,root)
-%dir %{_var}/empty/sshd
-%config %{SVIdir}/sshd
-%config /etc/pam.d/sshd
-%config %{_sysconfdir}/moduli
-%config %{_sysconfdir}/sshd_config
-%config %{SVIcdir}/sshd
-%{_libexecdir}/sftp-server
-%{_sbindir}/sshd
-%{_mandir}/man5/moduli.5.gz
-%{_mandir}/man5/sshd_config.5.gz
-%{_mandir}/man8/sftp-server.8.gz
-%{_mandir}/man8/sshd.8.gz
- 
-%Files askpass
-%defattr(-,root,root)
-%{_libexecdir}/ssh-askpass
-%{_libexecdir}/x11-ssh-askpass
-%{_defaultdocdir}/%{name}-%{version}/%{askpass}
- 
-%ChangeLog
-* Tue Jan 18 2011 Tim Rice <tim@multitalents.net>
- Use CFLAGS from Makefile instead of RPM so build completes.
- Signatures were changed to .asc since 4.1p1.
-* Mon Jan 01 1998 ...
-Template Version: 1.31
-$Id: openssh.spec,v 1.85 2014/08/19 01:36:08 djm Exp $
diff --git a/contrib/caldera/ssh-host-keygen b/contrib/caldera/ssh-host-keygen
deleted file mode 100755
index 86382ddfb..000000000
--- a/contrib/caldera/ssh-host-keygen
+++ /dev/null
@@ -1,36 +0,0 @@
-#! /bin/sh
-#
-# $Id: ssh-host-keygen,v 1.3 2008/11/03 09:16:01 djm Exp $
-#
-# This script is normally run only *once* for a given host
-# (in a given period of time) -- on updates/upgrades/recovery
-# the ssh_host_key* files _should_ be retained! Otherwise false
-# "man-in-the-middle-attack" alerts will frighten unsuspecting
-# clients...
-keydir=@sysconfdir@
-keygen=@sshkeygen@
-if [ -f $keydir/ssh_host_key -o \
-             -f $keydir/ssh_host_key.pub ]; then
-  echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key."
-else
-  echo "Generating SSH1 RSA host key."
-  $keygen -t rsa1 -f $keydir/ssh_host_key -C '' -N ''
-fi
-if [ -f $keydir/ssh_host_rsa_key -o \
-             -f $keydir/ssh_host_rsa_key.pub ]; then
-  echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key."
-else
-  echo "Generating SSH2 RSA host key."
-  $keygen -t rsa -f $keydir/ssh_host_rsa_key -C '' -N ''
-fi
-if [ -f $keydir/ssh_host_dsa_key -o \
-             -f $keydir/ssh_host_dsa_key.pub ]; then
-  echo "You already have an SSH2 DSA host key in $keydir/ssh_host_dsa_key."
-else
-  echo "Generating SSH2 DSA host key."
-  $keygen -t dsa -f $keydir/ssh_host_dsa_key -C '' -N ''
-fi
diff --git a/contrib/caldera/sshd.init b/contrib/caldera/sshd.init
deleted file mode 100755
index 983146f4f..000000000
--- a/contrib/caldera/sshd.init
+++ /dev/null
@@ -1,125 +0,0 @@
-#! /bin/bash
-#
-# $Id: sshd.init,v 1.4 2003/11/21 12:48:57 djm Exp $
-#
-### BEGIN INIT INFO
-# Provides:
-# Required-Start: $network
-# Required-Stop:
-# Default-Start:  3 4 5
-# Default-Stop:   0 1 2 6
-# Description: sshd
-#                Bring up/down the OpenSSH secure shell daemon.
-### END INIT INFO
-#
-# Written by Miquel van Smoorenburg <miquels@drinkel.ow.org>.
-# Modified for Debian GNU/Linux by Ian Murdock <imurdock@gnu.ai.mit.edu>.
-# Modified for OpenLinux by Raymund Will <ray@caldera.de>
-NAME=sshd
-DAEMON=/usr/sbin/$NAME
-# Hack-Alert(TM)!  This is necessary to get around the 'reload'-problem
-# created by recent OpenSSH daemon/ssd combinations. See Caldera internal
-# PR [linux/8278] for details...
-PIDF=/var/run/$NAME.pid
-NAME=$DAEMON
-_status() {
-  [ -z "$1" ] || local pidf="$1"
-  local ret=-1
-  local pid
-  if [ -n "$pidf" ] && [  -r "$pidf" ]; then
-    pid=$(head -1 $pidf)
-  else
-    pid=$(pidof $NAME)
-  fi
-  if [ ! -e $SVIlock ]; then
-    # no lock-file => not started == stopped?
-    ret=3
-  elif [ -n "$pidf" -a ! -f "$pidf" ] || [ -z "$pid" ]; then
-    # pid-file given but not present or no pid => died, but was not stopped
-    ret=2
-  elif [ -r /proc/$pid/cmdline ] &&
-       echo -ne $NAME'\000' | cmp -s - /proc/$pid/cmdline; then
-    # pid-file given and present or pid found => check process...
-    # but don't compare exe, as this will fail after an update!
-    # compares OK => all's well, that ends well...
-    ret=0
-  else
-    # no such process or exe does not match => stale pid-file or process died
-    #   just recently...
-    ret=1
-  fi
-  return $ret
-}
-# Source function library (and set vital variables).
-. @SVIdir@/functions
-case "$1" in
- start)
-  [ ! -e $SVIlock ] || exit 0
-  [ -x $DAEMON ] || exit 5
-  SVIemptyConfig @sysconfdir@/sshd_config && exit 6
-  if [ ! \( -f @sysconfdir@/ssh_host_key -a            \
-            -f @sysconfdir@/ssh_host_key.pub \) -a     \
-       ! \( -f @sysconfdir@/ssh_host_rsa_key -a        \
-            -f @sysconfdir@/ssh_host_rsa_key.pub \) -a \
-       ! \( -f @sysconfdir@/ssh_host_dsa_key -a        \
-            -f @sysconfdir@/ssh_host_dsa_key.pub \) ]; then
-    echo "$SVIsubsys: host key not initialized: skipped!"
-    echo "$SVIsubsys: use ssh-host-keygen to generate one!"
-    exit 6
-  fi
-  echo -n "Starting $SVIsubsys services: "
-  ssd -S -x $DAEMON -n $NAME -- $OPTIONS
-  ret=$?
-  echo  "."
-  touch $SVIlock
-  ;;
- stop)
-  [ -e $SVIlock ] || exit 0
-  echo -n "Stopping $SVIsubsys services: "
-  ssd -K -p $PIDF -n $NAME
-  ret=$?
-  echo "."
-  rm -f $SVIlock
-  ;;
- force-reload|reload)
-  [ -e $SVIlock ] || exit 0
-  echo "Reloading $SVIsubsys configuration files: "
-  ssd -K --signal 1 -q -p $PIDF -n $NAME
-  ret=$?
-  echo "done."
-  ;;
- restart)
-  $0 stop
-  $0 start
-  ret=$?
-  ;;
- status)
-  _status $PIDF
-  ret=$?
-  ;;
- *)
-  echo "Usage: $SVIscript {[re]start|stop|[force-]reload|status}"
-  ret=2
-  ;;
-esac
-exit $ret
diff --git a/contrib/caldera/sshd.pam b/contrib/caldera/sshd.pam
deleted file mode 100644
index f050a9aee..000000000
--- a/contrib/caldera/sshd.pam
+++ /dev/null
@@ -1,8 +0,0 @@
-#%PAM-1.0
-auth       required     /lib/security/pam_pwdb.so shadow nodelay
-account    required     /lib/security/pam_nologin.so
-account    required     /lib/security/pam_pwdb.so
-password   required     /lib/security/pam_cracklib.so
-password   required     /lib/security/pam_pwdb.so shadow nullok use_authtok
-session    required     /lib/security/pam_pwdb.so
-session    required     /lib/security/pam_limits.so
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index a7ea3e0d2..d934d09b5 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# ssh-host-config, Copyright 2000-2011 Red Hat Inc.
+# ssh-host-config, Copyright 2000-2014 Red Hat Inc.
 #
 # This file is part of the Cygwin port of OpenSSH.
 #
@@ -61,6 +61,7 @@ LOCALSTATEDIR=/var
 sshd_config_configured=no
 port_number=22
+service_name=sshd
 strictmodes=yes
 privsep_used=yes
 cygwin_value=""
@@ -353,11 +354,9 @@ check_service_files_ownership() {
    fi
    if [ -z "${run_service_as}" ]
    then
-      csih_warning "Couldn't determine name of user running sshd service from /etc/passwd!"
+      csih_warning "Couldn't determine name of user running sshd service from account database!"
      csih_warning "As a result, this script cannot make sure that the files used"
      csih_warning "by the sshd service belong to the user running the service."
-      csih_warning "Please re-run the mkpasswd tool to make sure the /etc/passwd"
-      csih_warning "file is in a good shape."
      return 1
    fi
  fi
@@ -410,7 +409,7 @@ install_service() {
  local ret=0
  echo
-  if /usr/bin/cygrunsrv -Q sshd >/dev/null 2>&1
+  if /usr/bin/cygrunsrv -Q ${service_name} >/dev/null 2>&1
  then
    csih_inform "Sshd service is already installed."
    check_service_files_ownership "" || let ret+=$?
@@ -466,7 +465,7 @@ install_service() {
      fi
      if [ -z "${password}" ]
      then
-        if /usr/bin/cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \
+        if /usr/bin/cygrunsrv -I ${service_name} -d "CYGWIN ${service_name}" -p /usr/sbin/sshd \
                              -a "-D" -y tcpip "${cygwin_env[@]}"
        then
          echo
@@ -476,20 +475,20 @@ install_service() {
          csih_inform "will start automatically after the next reboot."
        fi
      else
-        if /usr/bin/cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \
+        if /usr/bin/cygrunsrv -I ${service_name} -d "CYGWIN ${service_name}" -p /usr/sbin/sshd \
                              -a "-D" -y tcpip "${cygwin_env[@]}" \
                              -u "${run_service_as}" -w "${password}"
        then
          /usr/bin/editrights -u "${run_service_as}" -a SeServiceLogonRight
          echo
          csih_inform "The sshd service has been installed under the '${run_service_as}'"
-          csih_inform "account.  To start the service now, call \`net start sshd' or"
+          csih_inform "account.  To start the service now, call \`net start ${service_name}' or"
-          csih_inform "\`cygrunsrv -S sshd'.  Otherwise, it will start automatically"
+          csih_inform "\`cygrunsrv -S ${service_name}'.  Otherwise, it will start automatically"
          csih_inform "after the next reboot."
        fi
      fi
-      if /usr/bin/cygrunsrv -Q sshd >/dev/null 2>&1
+      if /usr/bin/cygrunsrv -Q ${service_name} >/dev/null 2>&1
      then
        check_service_files_ownership "${run_service_as}" || let ret+=$?
      else
@@ -563,6 +562,11 @@ do
    shift
    ;;
+  -N | --name )
+    service_name=$1
+    shift
+    ;;
  -p | --port )
    port_number=$1
    shift
@@ -592,6 +596,7 @@ do
    echo "  --yes    -y            Answer all questions with \"yes\" automatically."
    echo "  --no     -n            Answer all questions with \"no\" automatically."
    echo "  --cygwin -c <options>  Use \"options\" as value for CYGWIN environment var."
+    echo "  --name   -N <name>     sshd windows service name."
    echo "  --port   -p <n>        sshd listens on port n."
    echo "  --user   -u <account>  privileged user for service, default 'cyg_server'."
    echo "  --pwd    -w <passwd>   Use \"pwd\" as password for privileged user."
@@ -625,10 +630,7 @@ then
  csih_warning "However, it seems your account does not have these privileges."
  csih_warning "Here's the list of groups in your user token:"
  echo
-  for i in $(/usr/bin/id -G)
+  /usr/bin/id -Gnz | xargs -0n1 echo "   "
-  do
-    /usr/bin/awk -F: "/[^:]*:[^:]*:$i:/{ print \"    \" \$1; }" /etc/group
-  done
  echo
  csih_warning "This usually means you're running this script from a non-admin"
  csih_warning "desktop session, or in a non-elevated shell under UAC control."
diff --git a/contrib/cygwin/ssh-user-config b/contrib/cygwin/ssh-user-config
index 8708b7a58..33dc0cbea 100644
--- a/contrib/cygwin/ssh-user-config
+++ b/contrib/cygwin/ssh-user-config
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# ssh-user-config, Copyright 2000-2008 Red Hat Inc.
+# ssh-user-config, Copyright 2000-2014 Red Hat Inc.
 #
 # This file is part of the Cygwin port of OpenSSH.
 #
@@ -75,19 +75,18 @@ readonly -f create_identity
 #   pwdhome
 # ======================================================================
 check_user_homedir() {
-  local uid=$(id -u)
+  pwdhome=$(getent passwd $UID | awk -F: '{ print $6; }')
-  pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd)
  if [ "X${pwdhome}" = "X" ]
  then
    csih_error_multi \
-      "There is no home directory set for you in ${SYSCONFDIR}/passwd." \
+      "There is no home directory set for you in the account database." \
      'Setting $HOME is not sufficient!'
  fi
  
  if [ ! -d "${pwdhome}" ]
  then
    csih_error_multi \
-      "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \
+      "${pwdhome} is set in the account database as your home directory" \
      'but it is not a valid directory. Cannot create user identity files.'
  fi
  
@@ -96,7 +95,7 @@ check_user_homedir() {
  if [ "X${pwdhome}" = "X/" ]
  then
    # But first raise a warning!
-    csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
+    csih_warning "Your home directory in the account database is set to root (/). This is not recommended!"
    if csih_request "Would you like to proceed anyway?"
    then
      pwdhome=''
@@ -106,7 +105,7 @@ check_user_homedir() {
    fi
  fi
  
-  if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
+  if [ -d "${pwdhome}" -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
  then
    echo
    csih_warning 'group and other have been revoked write permission to your home'
@@ -149,9 +148,10 @@ readonly -f check_user_dot_ssh_dir
 #   pwdhome   -- check_user_homedir()
 # ======================================================================
 fix_authorized_keys_perms() {
-  if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ]
+  if [ -e "${pwdhome}/.ssh/authorized_keys" ]
  then
-    if ! setfacl -m "u::rw-,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
+    setfacl -b "${pwdhome}/.ssh/authorized_keys" 2>/dev/null || echo -n
+    if ! chmod u-x,g-wx,o-wx "${pwdhome}/.ssh/authorized_keys"
    then
      csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
      csih_warning "failed.  Please care for the correct permissions.  The minimum requirement"
@@ -243,15 +243,6 @@ done
 # Action!
 # ======================================================================
-# Check passwd file
-if [ ! -f ${SYSCONFDIR}/passwd ]
-then
-  csih_error_multi \
-    "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \
-    'first using mkpasswd. Check if it contains an entry for you and' \
-    'please care for the home directory in your entry as well.'
-fi
 check_user_homedir
 check_user_dot_ssh_dir
 create_identity id_rsa rsa "SSH2 RSA"
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index 9bdce1e3c..7ac4ed0a5 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
-%define ver 6.7p1
+%define ver 6.8p1
 %define rel 1
 # OpenSSH privilege separation requires a user & group ID
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index f87674317..0eb779c9b 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -13,7 +13,7 @@
 Summary:        OpenSSH, a free Secure Shell (SSH) protocol implementation
 Name:           openssh
-Version:        6.7p1
+Version:        6.8p1
 URL:            http://www.openssh.com/
 Release:        1
 Source0:        openssh-%{version}.tar.gz