summaryrefslogtreecommitdiff
path: root/contrib
diff options
context:
space:
mode:
Diffstat (limited to 'contrib')
-rw-r--r--contrib/Makefile4
-rw-r--r--contrib/caldera/openssh.spec365
-rwxr-xr-xcontrib/caldera/ssh-host-keygen36
-rwxr-xr-xcontrib/caldera/sshd.init125
-rw-r--r--contrib/caldera/sshd.pam8
-rw-r--r--contrib/cygwin/ssh-host-config30
-rw-r--r--contrib/cygwin/ssh-user-config27
-rw-r--r--contrib/redhat/openssh.spec2
-rw-r--r--contrib/suse/openssh.spec2
9 files changed, 29 insertions, 570 deletions
diff --git a/contrib/Makefile b/contrib/Makefile
index c6c48e78a..eaf7fe2fd 100644
--- a/contrib/Makefile
+++ b/contrib/Makefile
@@ -4,12 +4,12 @@ all:
4 @echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2" 4 @echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2"
5 5
6gnome-ssh-askpass1: gnome-ssh-askpass1.c 6gnome-ssh-askpass1: gnome-ssh-askpass1.c
7 $(CC) `gnome-config --cflags gnome gnomeui` \ 7 $(CC) $(CFLAGS) `gnome-config --cflags gnome gnomeui` \
8 gnome-ssh-askpass1.c -o gnome-ssh-askpass1 \ 8 gnome-ssh-askpass1.c -o gnome-ssh-askpass1 \
9 `gnome-config --libs gnome gnomeui` 9 `gnome-config --libs gnome gnomeui`
10 10
11gnome-ssh-askpass2: gnome-ssh-askpass2.c 11gnome-ssh-askpass2: gnome-ssh-askpass2.c
12 $(CC) `$(PKG_CONFIG) --cflags gtk+-2.0` \ 12 $(CC) $(CFLAGS) `$(PKG_CONFIG) --cflags gtk+-2.0` \
13 gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \ 13 gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \
14 `$(PKG_CONFIG) --libs gtk+-2.0 x11` 14 `$(PKG_CONFIG) --libs gtk+-2.0 x11`
15 15
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
deleted file mode 100644
index 0011b4dea..000000000
--- a/contrib/caldera/openssh.spec
+++ /dev/null
@@ -1,365 +0,0 @@
1
2# Some of this will need re-evaluation post-LSB. The SVIdir is there
3# because the link appeared broken. The rest is for easy compilation,
4# the tradeoff open to discussion. (LC957)
5
6%define SVIdir /etc/rc.d/init.d
7%{!?_defaultdocdir:%define _defaultdocdir %{_prefix}/share/doc/packages}
8%{!?SVIcdir:%define SVIcdir /etc/sysconfig/daemons}
9
10%define _mandir %{_prefix}/share/man/en
11%define _sysconfdir /etc/ssh
12%define _libexecdir %{_libdir}/ssh
13
14# Do we want to disable root_login? (1=yes 0=no)
15%define no_root_login 0
16
17#old cvs stuff. please update before use. may be deprecated.
18%define use_stable 1
19%define version 6.7p1
20%if %{use_stable}
21 %define cvs %{nil}
22 %define release 1
23%else
24 %define cvs cvs20050315
25 %define release 0r1
26%endif
27%define xsa x11-ssh-askpass
28%define askpass %{xsa}-1.2.4.1
29
30# OpenSSH privilege separation requires a user & group ID
31%define sshd_uid 67
32%define sshd_gid 67
33
34Name : openssh
35Version : %{version}%{cvs}
36Release : %{release}
37Group : System/Network
38
39Summary : OpenSSH free Secure Shell (SSH) implementation.
40Summary(de) : OpenSSH - freie Implementation der Secure Shell (SSH).
41Summary(es) : OpenSSH implementación libre de Secure Shell (SSH).
42Summary(fr) : Implémentation libre du shell sécurisé OpenSSH (SSH).
43Summary(it) : Implementazione gratuita OpenSSH della Secure Shell.
44Summary(pt) : Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH).
45Summary(pt_BR) : Implementação livre OpenSSH do protocolo Secure Shell (SSH).
46
47Copyright : BSD
48Packager : Raymund Will <ray@caldera.de>
49URL : http://www.openssh.com/
50
51Obsoletes : ssh, ssh-clients, openssh-clients
52
53BuildRoot : /tmp/%{name}-%{version}
54BuildRequires : XFree86-imake
55
56# %{use_stable}==1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
57# %{use_stable}==0: :pserver:cvs@bass.directhit.com:/cvs/openssh_cvs
58Source0: see-above:/.../openssh-%{version}.tar.gz
59%if %{use_stable}
60Source1: see-above:/.../openssh-%{version}.tar.gz.asc
61%endif
62Source2: http://www.jmknoble.net/software/%{xsa}/%{askpass}.tar.gz
63Source3: http://www.openssh.com/faq.html
64
65%Package server
66Group : System/Network
67Requires : openssh = %{version}
68Obsoletes : ssh-server
69
70Summary : OpenSSH Secure Shell protocol server (sshd).
71Summary(de) : OpenSSH Secure Shell Protocol-Server (sshd).
72Summary(es) : Servidor del protocolo OpenSSH Secure Shell (sshd).
73Summary(fr) : Serveur de protocole du shell sécurisé OpenSSH (sshd).
74Summary(it) : Server OpenSSH per il protocollo Secure Shell (sshd).
75Summary(pt) : Servidor do protocolo 'Secure Shell' OpenSSH (sshd).
76Summary(pt_BR) : Servidor do protocolo Secure Shell OpenSSH (sshd).
77
78
79%Package askpass
80Group : System/Network
81Requires : openssh = %{version}
82URL : http://www.jmknoble.net/software/x11-ssh-askpass/
83Obsoletes : ssh-extras
84
85Summary : OpenSSH X11 pass-phrase dialog.
86Summary(de) : OpenSSH X11 Passwort-Dialog.
87Summary(es) : Aplicación de petición de frase clave OpenSSH X11.
88Summary(fr) : Dialogue pass-phrase X11 d'OpenSSH.
89Summary(it) : Finestra di dialogo X11 per la frase segreta di OpenSSH.
90Summary(pt) : Diálogo de pedido de senha para X11 do OpenSSH.
91Summary(pt_BR) : Diálogo de pedido de senha para X11 do OpenSSH.
92
93
94%Description
95OpenSSH (Secure Shell) provides access to a remote system. It replaces
96telnet, rlogin, rexec, and rsh, and provides secure encrypted
97communications between two untrusted hosts over an insecure network.
98X11 connections and arbitrary TCP/IP ports can also be forwarded over
99the secure channel.
100
101%Description -l de
102OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es ersetzt
103telnet, rlogin, rexec und rsh und stellt eine sichere, verschlüsselte
104Verbindung zwischen zwei nicht vertrauenswürdigen Hosts über eine unsicheres
105Netzwerk her. X11 Verbindungen und beliebige andere TCP/IP Ports können ebenso
106über den sicheren Channel weitergeleitet werden.
107
108%Description -l es
109OpenSSH (Secure Shell) proporciona acceso a sistemas remotos. Reemplaza a
110telnet, rlogin, rexec, y rsh, y proporciona comunicaciones seguras encriptadas
111entre dos equipos entre los que no se ha establecido confianza a través de una
112red insegura. Las conexiones X11 y puertos TCP/IP arbitrarios también pueden
113ser canalizadas sobre el canal seguro.
114
115%Description -l fr
116OpenSSH (Secure Shell) fournit un accès à un système distant. Il remplace
117telnet, rlogin, rexec et rsh, tout en assurant des communications cryptées
118securisées entre deux hôtes non fiabilisés sur un réseau non sécurisé. Des
119connexions X11 et des ports TCP/IP arbitraires peuvent également être
120transmis sur le canal sécurisé.
121
122%Description -l it
123OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
124Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni sicure
125e crittate tra due host non fidati su una rete non sicura. Le connessioni
126X11 ad una porta TCP/IP arbitraria possono essere inoltrate attraverso
127un canale sicuro.
128
129%Description -l pt
130OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
131telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e cifradas
132entre duas máquinas sem confiança mútua sobre uma rede insegura.
133Ligações X11 e portos TCP/IP arbitrários também poder ser reenviados
134pelo canal seguro.
135
136%Description -l pt_BR
137O OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
138telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e criptografadas
139entre duas máquinas sem confiança mútua sobre uma rede insegura.
140Ligações X11 e portas TCP/IP arbitrárias também podem ser reenviadas
141pelo canal seguro.
142
143%Description server
144This package installs the sshd, the server portion of OpenSSH.
145
146%Description -l de server
147Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
148
149%Description -l es server
150Este paquete instala sshd, la parte servidor de OpenSSH.
151
152%Description -l fr server
153Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
154
155%Description -l it server
156Questo pacchetto installa sshd, il server di OpenSSH.
157
158%Description -l pt server
159Este pacote intala o sshd, o servidor do OpenSSH.
160
161%Description -l pt_BR server
162Este pacote intala o sshd, o servidor do OpenSSH.
163
164%Description askpass
165This package contains an X11-based pass-phrase dialog used per
166default by ssh-add(1). It is based on %{askpass}
167by Jim Knoble <jmknoble@pobox.com>.
168
169
170%Prep
171%setup %([ -z "%{cvs}" ] || echo "-n %{name}_cvs") -a2
172%if ! %{use_stable}
173 autoreconf
174%endif
175
176
177%Build
178CFLAGS="$RPM_OPT_FLAGS" \
179%configure \
180 --with-pam \
181 --with-privsep-path=%{_var}/empty/sshd \
182 #leave this line for easy edits.
183
184%__make
185
186cd %{askpass}
187%configure \
188 #leave this line for easy edits.
189
190xmkmf
191%__make includes
192%__make
193
194
195%Install
196[ %{buildroot} != "/" ] && rm -rf %{buildroot}
197
198make install DESTDIR=%{buildroot}
199%makeinstall -C %{askpass} \
200 BINDIR=%{_libexecdir} \
201 MANPATH=%{_mandir} \
202 DESTDIR=%{buildroot}
203
204# OpenLinux specific configuration
205mkdir -p %{buildroot}{/etc/pam.d,%{SVIcdir},%{SVIdir}}
206mkdir -p %{buildroot}%{_var}/empty/sshd
207
208# enabling X11 forwarding on the server is convenient and okay,
209# on the client side it's a potential security risk!
210%__perl -pi -e 's:#X11Forwarding no:X11Forwarding yes:g' \
211 %{buildroot}%{_sysconfdir}/sshd_config
212
213%if %{no_root_login}
214%__perl -pi -e 's:#PermitRootLogin yes:PermitRootLogin no:g' \
215 %{buildroot}%{_sysconfdir}/sshd_config
216%endif
217
218install -m644 contrib/caldera/sshd.pam %{buildroot}/etc/pam.d/sshd
219# FIXME: disabled, find out why this doesn't work with nis
220%__perl -pi -e 's:(.*pam_limits.*):#$1:' \
221 %{buildroot}/etc/pam.d/sshd
222
223install -m 0755 contrib/caldera/sshd.init %{buildroot}%{SVIdir}/sshd
224
225# the last one is needless, but more future-proof
226find %{buildroot}%{SVIdir} -type f -exec \
227 %__perl -pi -e 's:\@SVIdir\@:%{SVIdir}:g;\
228 s:\@sysconfdir\@:%{_sysconfdir}:g; \
229 s:/usr/sbin:%{_sbindir}:g'\
230 \{\} \;
231
232cat <<-EoD > %{buildroot}%{SVIcdir}/sshd
233 IDENT=sshd
234 DESCRIPTIVE="OpenSSH secure shell daemon"
235 # This service will be marked as 'skipped' on boot if there
236 # is no host key. Use ssh-host-keygen to generate one
237 ONBOOT="yes"
238 OPTIONS=""
239EoD
240
241SKG=%{buildroot}%{_sbindir}/ssh-host-keygen
242install -m 0755 contrib/caldera/ssh-host-keygen $SKG
243# Fix up some path names in the keygen toy^Hol
244 %__perl -pi -e 's:\@sysconfdir\@:%{_sysconfdir}:g; \
245 s:\@sshkeygen\@:%{_bindir}/ssh-keygen:g' \
246 %{buildroot}%{_sbindir}/ssh-host-keygen
247
248# This looks terrible. Expect it to change.
249# install remaining docs
250DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}"
251mkdir -p $DocD/%{askpass}
252cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO PROTOCOL* $DocD
253install -p -m 0444 %{SOURCE3} $DocD/faq.html
254cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} $DocD/%{askpass}
255%if %{use_stable}
256 cp -p %{askpass}/%{xsa}.man $DocD/%{askpass}/%{xsa}.1
257%else
258 cp -p %{askpass}/%{xsa}.man %{buildroot}%{_mandir}man1/%{xsa}.1
259 ln -s %{xsa}.1 %{buildroot}%{_mandir}man1/ssh-askpass.1
260%endif
261
262find %{buildroot}%{_mandir} -type f -not -name '*.gz' -print0 | xargs -0r %__gzip -9nf
263rm %{buildroot}%{_mandir}/man1/slogin.1 && \
264 ln -s %{_mandir}/man1/ssh.1.gz \
265 %{buildroot}%{_mandir}/man1/slogin.1.gz
266
267
268%Clean
269#%{rmDESTDIR}
270[ %{buildroot} != "/" ] && rm -rf %{buildroot}
271
272%Post
273# Generate host key when none is present to get up and running,
274# both client and server require this for host-based auth!
275# ssh-host-keygen checks for existing keys.
276/usr/sbin/ssh-host-keygen
277: # to protect the rpm database
278
279%pre server
280%{_sbindir}/groupadd -g %{sshd_gid} sshd 2>/dev/null || :
281%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
282 -c "SSH Daemon virtual user" -g sshd sshd 2>/dev/null || :
283: # to protect the rpm database
284
285%Post server
286if [ -x %{LSBinit}-install ]; then
287 %{LSBinit}-install sshd
288else
289 lisa --SysV-init install sshd S55 2:3:4:5 K45 0:1:6
290fi
291
292! %{SVIdir}/sshd status || %{SVIdir}/sshd restart
293: # to protect the rpm database
294
295
296%PreUn server
297[ "$1" = 0 ] || exit 0
298! %{SVIdir}/sshd status || %{SVIdir}/sshd stop
299if [ -x %{LSBinit}-remove ]; then
300 %{LSBinit}-remove sshd
301else
302 lisa --SysV-init remove sshd $1
303fi
304: # to protect the rpm database
305
306%Files
307%defattr(-,root,root)
308%dir %{_sysconfdir}
309%config %{_sysconfdir}/ssh_config
310%{_bindir}/scp
311%{_bindir}/sftp
312%{_bindir}/ssh
313%{_bindir}/slogin
314%{_bindir}/ssh-add
315%attr(2755,root,nobody) %{_bindir}/ssh-agent
316%{_bindir}/ssh-keygen
317%{_bindir}/ssh-keyscan
318%dir %{_libexecdir}
319%attr(4711,root,root) %{_libexecdir}/ssh-keysign
320%{_libexecdir}/ssh-pkcs11-helper
321%{_sbindir}/ssh-host-keygen
322%dir %{_defaultdocdir}/%{name}-%{version}
323%{_defaultdocdir}/%{name}-%{version}/CREDITS
324%{_defaultdocdir}/%{name}-%{version}/ChangeLog
325%{_defaultdocdir}/%{name}-%{version}/LICENCE
326%{_defaultdocdir}/%{name}-%{version}/OVERVIEW
327%{_defaultdocdir}/%{name}-%{version}/README*
328%{_defaultdocdir}/%{name}-%{version}/TODO
329%{_defaultdocdir}/%{name}-%{version}/faq.html
330%{_mandir}/man1/*
331%{_mandir}/man8/ssh-keysign.8.gz
332%{_mandir}/man8/ssh-pkcs11-helper.8.gz
333%{_mandir}/man5/ssh_config.5.gz
334
335%Files server
336%defattr(-,root,root)
337%dir %{_var}/empty/sshd
338%config %{SVIdir}/sshd
339%config /etc/pam.d/sshd
340%config %{_sysconfdir}/moduli
341%config %{_sysconfdir}/sshd_config
342%config %{SVIcdir}/sshd
343%{_libexecdir}/sftp-server
344%{_sbindir}/sshd
345%{_mandir}/man5/moduli.5.gz
346%{_mandir}/man5/sshd_config.5.gz
347%{_mandir}/man8/sftp-server.8.gz
348%{_mandir}/man8/sshd.8.gz
349
350%Files askpass
351%defattr(-,root,root)
352%{_libexecdir}/ssh-askpass
353%{_libexecdir}/x11-ssh-askpass
354%{_defaultdocdir}/%{name}-%{version}/%{askpass}
355
356
357%ChangeLog
358* Tue Jan 18 2011 Tim Rice <tim@multitalents.net>
359- Use CFLAGS from Makefile instead of RPM so build completes.
360- Signatures were changed to .asc since 4.1p1.
361
362* Mon Jan 01 1998 ...
363Template Version: 1.31
364
365$Id: openssh.spec,v 1.85 2014/08/19 01:36:08 djm Exp $
diff --git a/contrib/caldera/ssh-host-keygen b/contrib/caldera/ssh-host-keygen
deleted file mode 100755
index 86382ddfb..000000000
--- a/contrib/caldera/ssh-host-keygen
+++ /dev/null
@@ -1,36 +0,0 @@
1#! /bin/sh
2#
3# $Id: ssh-host-keygen,v 1.3 2008/11/03 09:16:01 djm Exp $
4#
5# This script is normally run only *once* for a given host
6# (in a given period of time) -- on updates/upgrades/recovery
7# the ssh_host_key* files _should_ be retained! Otherwise false
8# "man-in-the-middle-attack" alerts will frighten unsuspecting
9# clients...
10
11keydir=@sysconfdir@
12keygen=@sshkeygen@
13
14if [ -f $keydir/ssh_host_key -o \
15 -f $keydir/ssh_host_key.pub ]; then
16 echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key."
17else
18 echo "Generating SSH1 RSA host key."
19 $keygen -t rsa1 -f $keydir/ssh_host_key -C '' -N ''
20fi
21
22if [ -f $keydir/ssh_host_rsa_key -o \
23 -f $keydir/ssh_host_rsa_key.pub ]; then
24 echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key."
25else
26 echo "Generating SSH2 RSA host key."
27 $keygen -t rsa -f $keydir/ssh_host_rsa_key -C '' -N ''
28fi
29
30if [ -f $keydir/ssh_host_dsa_key -o \
31 -f $keydir/ssh_host_dsa_key.pub ]; then
32 echo "You already have an SSH2 DSA host key in $keydir/ssh_host_dsa_key."
33else
34 echo "Generating SSH2 DSA host key."
35 $keygen -t dsa -f $keydir/ssh_host_dsa_key -C '' -N ''
36fi
diff --git a/contrib/caldera/sshd.init b/contrib/caldera/sshd.init
deleted file mode 100755
index 983146f4f..000000000
--- a/contrib/caldera/sshd.init
+++ /dev/null
@@ -1,125 +0,0 @@
1#! /bin/bash
2#
3# $Id: sshd.init,v 1.4 2003/11/21 12:48:57 djm Exp $
4#
5### BEGIN INIT INFO
6# Provides:
7# Required-Start: $network
8# Required-Stop:
9# Default-Start: 3 4 5
10# Default-Stop: 0 1 2 6
11# Description: sshd
12# Bring up/down the OpenSSH secure shell daemon.
13### END INIT INFO
14#
15# Written by Miquel van Smoorenburg <miquels@drinkel.ow.org>.
16# Modified for Debian GNU/Linux by Ian Murdock <imurdock@gnu.ai.mit.edu>.
17# Modified for OpenLinux by Raymund Will <ray@caldera.de>
18
19NAME=sshd
20DAEMON=/usr/sbin/$NAME
21# Hack-Alert(TM)! This is necessary to get around the 'reload'-problem
22# created by recent OpenSSH daemon/ssd combinations. See Caldera internal
23# PR [linux/8278] for details...
24PIDF=/var/run/$NAME.pid
25NAME=$DAEMON
26
27_status() {
28 [ -z "$1" ] || local pidf="$1"
29 local ret=-1
30 local pid
31 if [ -n "$pidf" ] && [ -r "$pidf" ]; then
32 pid=$(head -1 $pidf)
33 else
34 pid=$(pidof $NAME)
35 fi
36
37 if [ ! -e $SVIlock ]; then
38 # no lock-file => not started == stopped?
39 ret=3
40 elif [ -n "$pidf" -a ! -f "$pidf" ] || [ -z "$pid" ]; then
41 # pid-file given but not present or no pid => died, but was not stopped
42 ret=2
43 elif [ -r /proc/$pid/cmdline ] &&
44 echo -ne $NAME'\000' | cmp -s - /proc/$pid/cmdline; then
45 # pid-file given and present or pid found => check process...
46 # but don't compare exe, as this will fail after an update!
47 # compares OK => all's well, that ends well...
48 ret=0
49 else
50 # no such process or exe does not match => stale pid-file or process died
51 # just recently...
52 ret=1
53 fi
54 return $ret
55}
56
57# Source function library (and set vital variables).
58. @SVIdir@/functions
59
60case "$1" in
61 start)
62 [ ! -e $SVIlock ] || exit 0
63 [ -x $DAEMON ] || exit 5
64 SVIemptyConfig @sysconfdir@/sshd_config && exit 6
65
66 if [ ! \( -f @sysconfdir@/ssh_host_key -a \
67 -f @sysconfdir@/ssh_host_key.pub \) -a \
68 ! \( -f @sysconfdir@/ssh_host_rsa_key -a \
69 -f @sysconfdir@/ssh_host_rsa_key.pub \) -a \
70 ! \( -f @sysconfdir@/ssh_host_dsa_key -a \
71 -f @sysconfdir@/ssh_host_dsa_key.pub \) ]; then
72
73 echo "$SVIsubsys: host key not initialized: skipped!"
74 echo "$SVIsubsys: use ssh-host-keygen to generate one!"
75 exit 6
76 fi
77
78 echo -n "Starting $SVIsubsys services: "
79 ssd -S -x $DAEMON -n $NAME -- $OPTIONS
80 ret=$?
81
82 echo "."
83 touch $SVIlock
84 ;;
85
86 stop)
87 [ -e $SVIlock ] || exit 0
88
89 echo -n "Stopping $SVIsubsys services: "
90 ssd -K -p $PIDF -n $NAME
91 ret=$?
92
93 echo "."
94 rm -f $SVIlock
95 ;;
96
97 force-reload|reload)
98 [ -e $SVIlock ] || exit 0
99
100 echo "Reloading $SVIsubsys configuration files: "
101 ssd -K --signal 1 -q -p $PIDF -n $NAME
102 ret=$?
103 echo "done."
104 ;;
105
106 restart)
107 $0 stop
108 $0 start
109 ret=$?
110 ;;
111
112 status)
113 _status $PIDF
114 ret=$?
115 ;;
116
117 *)
118 echo "Usage: $SVIscript {[re]start|stop|[force-]reload|status}"
119 ret=2
120 ;;
121
122esac
123
124exit $ret
125
diff --git a/contrib/caldera/sshd.pam b/contrib/caldera/sshd.pam
deleted file mode 100644
index f050a9aee..000000000
--- a/contrib/caldera/sshd.pam
+++ /dev/null
@@ -1,8 +0,0 @@
1#%PAM-1.0
2auth required /lib/security/pam_pwdb.so shadow nodelay
3account required /lib/security/pam_nologin.so
4account required /lib/security/pam_pwdb.so
5password required /lib/security/pam_cracklib.so
6password required /lib/security/pam_pwdb.so shadow nullok use_authtok
7session required /lib/security/pam_pwdb.so
8session required /lib/security/pam_limits.so
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index a7ea3e0d2..d934d09b5 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -1,6 +1,6 @@
1#!/bin/bash 1#!/bin/bash
2# 2#
3# ssh-host-config, Copyright 2000-2011 Red Hat Inc. 3# ssh-host-config, Copyright 2000-2014 Red Hat Inc.
4# 4#
5# This file is part of the Cygwin port of OpenSSH. 5# This file is part of the Cygwin port of OpenSSH.
6# 6#
@@ -61,6 +61,7 @@ LOCALSTATEDIR=/var
61 61
62sshd_config_configured=no 62sshd_config_configured=no
63port_number=22 63port_number=22
64service_name=sshd
64strictmodes=yes 65strictmodes=yes
65privsep_used=yes 66privsep_used=yes
66cygwin_value="" 67cygwin_value=""
@@ -353,11 +354,9 @@ check_service_files_ownership() {
353 fi 354 fi
354 if [ -z "${run_service_as}" ] 355 if [ -z "${run_service_as}" ]
355 then 356 then
356 csih_warning "Couldn't determine name of user running sshd service from /etc/passwd!" 357 csih_warning "Couldn't determine name of user running sshd service from account database!"
357 csih_warning "As a result, this script cannot make sure that the files used" 358 csih_warning "As a result, this script cannot make sure that the files used"
358 csih_warning "by the sshd service belong to the user running the service." 359 csih_warning "by the sshd service belong to the user running the service."
359 csih_warning "Please re-run the mkpasswd tool to make sure the /etc/passwd"
360 csih_warning "file is in a good shape."
361 return 1 360 return 1
362 fi 361 fi
363 fi 362 fi
@@ -410,7 +409,7 @@ install_service() {
410 local ret=0 409 local ret=0
411 410
412 echo 411 echo
413 if /usr/bin/cygrunsrv -Q sshd >/dev/null 2>&1 412 if /usr/bin/cygrunsrv -Q ${service_name} >/dev/null 2>&1
414 then 413 then
415 csih_inform "Sshd service is already installed." 414 csih_inform "Sshd service is already installed."
416 check_service_files_ownership "" || let ret+=$? 415 check_service_files_ownership "" || let ret+=$?
@@ -466,7 +465,7 @@ install_service() {
466 fi 465 fi
467 if [ -z "${password}" ] 466 if [ -z "${password}" ]
468 then 467 then
469 if /usr/bin/cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \ 468 if /usr/bin/cygrunsrv -I ${service_name} -d "CYGWIN ${service_name}" -p /usr/sbin/sshd \
470 -a "-D" -y tcpip "${cygwin_env[@]}" 469 -a "-D" -y tcpip "${cygwin_env[@]}"
471 then 470 then
472 echo 471 echo
@@ -476,20 +475,20 @@ install_service() {
476 csih_inform "will start automatically after the next reboot." 475 csih_inform "will start automatically after the next reboot."
477 fi 476 fi
478 else 477 else
479 if /usr/bin/cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \ 478 if /usr/bin/cygrunsrv -I ${service_name} -d "CYGWIN ${service_name}" -p /usr/sbin/sshd \
480 -a "-D" -y tcpip "${cygwin_env[@]}" \ 479 -a "-D" -y tcpip "${cygwin_env[@]}" \
481 -u "${run_service_as}" -w "${password}" 480 -u "${run_service_as}" -w "${password}"
482 then 481 then
483 /usr/bin/editrights -u "${run_service_as}" -a SeServiceLogonRight 482 /usr/bin/editrights -u "${run_service_as}" -a SeServiceLogonRight
484 echo 483 echo
485 csih_inform "The sshd service has been installed under the '${run_service_as}'" 484 csih_inform "The sshd service has been installed under the '${run_service_as}'"
486 csih_inform "account. To start the service now, call \`net start sshd' or" 485 csih_inform "account. To start the service now, call \`net start ${service_name}' or"
487 csih_inform "\`cygrunsrv -S sshd'. Otherwise, it will start automatically" 486 csih_inform "\`cygrunsrv -S ${service_name}'. Otherwise, it will start automatically"
488 csih_inform "after the next reboot." 487 csih_inform "after the next reboot."
489 fi 488 fi
490 fi 489 fi
491 490
492 if /usr/bin/cygrunsrv -Q sshd >/dev/null 2>&1 491 if /usr/bin/cygrunsrv -Q ${service_name} >/dev/null 2>&1
493 then 492 then
494 check_service_files_ownership "${run_service_as}" || let ret+=$? 493 check_service_files_ownership "${run_service_as}" || let ret+=$?
495 else 494 else
@@ -563,6 +562,11 @@ do
563 shift 562 shift
564 ;; 563 ;;
565 564
565 -N | --name )
566 service_name=$1
567 shift
568 ;;
569
566 -p | --port ) 570 -p | --port )
567 port_number=$1 571 port_number=$1
568 shift 572 shift
@@ -592,6 +596,7 @@ do
592 echo " --yes -y Answer all questions with \"yes\" automatically." 596 echo " --yes -y Answer all questions with \"yes\" automatically."
593 echo " --no -n Answer all questions with \"no\" automatically." 597 echo " --no -n Answer all questions with \"no\" automatically."
594 echo " --cygwin -c <options> Use \"options\" as value for CYGWIN environment var." 598 echo " --cygwin -c <options> Use \"options\" as value for CYGWIN environment var."
599 echo " --name -N <name> sshd windows service name."
595 echo " --port -p <n> sshd listens on port n." 600 echo " --port -p <n> sshd listens on port n."
596 echo " --user -u <account> privileged user for service, default 'cyg_server'." 601 echo " --user -u <account> privileged user for service, default 'cyg_server'."
597 echo " --pwd -w <passwd> Use \"pwd\" as password for privileged user." 602 echo " --pwd -w <passwd> Use \"pwd\" as password for privileged user."
@@ -625,10 +630,7 @@ then
625 csih_warning "However, it seems your account does not have these privileges." 630 csih_warning "However, it seems your account does not have these privileges."
626 csih_warning "Here's the list of groups in your user token:" 631 csih_warning "Here's the list of groups in your user token:"
627 echo 632 echo
628 for i in $(/usr/bin/id -G) 633 /usr/bin/id -Gnz | xargs -0n1 echo " "
629 do
630 /usr/bin/awk -F: "/[^:]*:[^:]*:$i:/{ print \" \" \$1; }" /etc/group
631 done
632 echo 634 echo
633 csih_warning "This usually means you're running this script from a non-admin" 635 csih_warning "This usually means you're running this script from a non-admin"
634 csih_warning "desktop session, or in a non-elevated shell under UAC control." 636 csih_warning "desktop session, or in a non-elevated shell under UAC control."
diff --git a/contrib/cygwin/ssh-user-config b/contrib/cygwin/ssh-user-config
index 8708b7a58..33dc0cbea 100644
--- a/contrib/cygwin/ssh-user-config
+++ b/contrib/cygwin/ssh-user-config
@@ -1,6 +1,6 @@
1#!/bin/bash 1#!/bin/bash
2# 2#
3# ssh-user-config, Copyright 2000-2008 Red Hat Inc. 3# ssh-user-config, Copyright 2000-2014 Red Hat Inc.
4# 4#
5# This file is part of the Cygwin port of OpenSSH. 5# This file is part of the Cygwin port of OpenSSH.
6# 6#
@@ -75,19 +75,18 @@ readonly -f create_identity
75# pwdhome 75# pwdhome
76# ====================================================================== 76# ======================================================================
77check_user_homedir() { 77check_user_homedir() {
78 local uid=$(id -u) 78 pwdhome=$(getent passwd $UID | awk -F: '{ print $6; }')
79 pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd)
80 if [ "X${pwdhome}" = "X" ] 79 if [ "X${pwdhome}" = "X" ]
81 then 80 then
82 csih_error_multi \ 81 csih_error_multi \
83 "There is no home directory set for you in ${SYSCONFDIR}/passwd." \ 82 "There is no home directory set for you in the account database." \
84 'Setting $HOME is not sufficient!' 83 'Setting $HOME is not sufficient!'
85 fi 84 fi
86 85
87 if [ ! -d "${pwdhome}" ] 86 if [ ! -d "${pwdhome}" ]
88 then 87 then
89 csih_error_multi \ 88 csih_error_multi \
90 "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \ 89 "${pwdhome} is set in the account database as your home directory" \
91 'but it is not a valid directory. Cannot create user identity files.' 90 'but it is not a valid directory. Cannot create user identity files.'
92 fi 91 fi
93 92
@@ -96,7 +95,7 @@ check_user_homedir() {
96 if [ "X${pwdhome}" = "X/" ] 95 if [ "X${pwdhome}" = "X/" ]
97 then 96 then
98 # But first raise a warning! 97 # But first raise a warning!
99 csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!" 98 csih_warning "Your home directory in the account database is set to root (/). This is not recommended!"
100 if csih_request "Would you like to proceed anyway?" 99 if csih_request "Would you like to proceed anyway?"
101 then 100 then
102 pwdhome='' 101 pwdhome=''
@@ -106,7 +105,7 @@ check_user_homedir() {
106 fi 105 fi
107 fi 106 fi
108 107
109 if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ] 108 if [ -d "${pwdhome}" -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
110 then 109 then
111 echo 110 echo
112 csih_warning 'group and other have been revoked write permission to your home' 111 csih_warning 'group and other have been revoked write permission to your home'
@@ -149,9 +148,10 @@ readonly -f check_user_dot_ssh_dir
149# pwdhome -- check_user_homedir() 148# pwdhome -- check_user_homedir()
150# ====================================================================== 149# ======================================================================
151fix_authorized_keys_perms() { 150fix_authorized_keys_perms() {
152 if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ] 151 if [ -e "${pwdhome}/.ssh/authorized_keys" ]
153 then 152 then
154 if ! setfacl -m "u::rw-,g::---,o::---" "${pwdhome}/.ssh/authorized_keys" 153 setfacl -b "${pwdhome}/.ssh/authorized_keys" 2>/dev/null || echo -n
154 if ! chmod u-x,g-wx,o-wx "${pwdhome}/.ssh/authorized_keys"
155 then 155 then
156 csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys" 156 csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
157 csih_warning "failed. Please care for the correct permissions. The minimum requirement" 157 csih_warning "failed. Please care for the correct permissions. The minimum requirement"
@@ -243,15 +243,6 @@ done
243# Action! 243# Action!
244# ====================================================================== 244# ======================================================================
245 245
246# Check passwd file
247if [ ! -f ${SYSCONFDIR}/passwd ]
248then
249 csih_error_multi \
250 "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \
251 'first using mkpasswd. Check if it contains an entry for you and' \
252 'please care for the home directory in your entry as well.'
253fi
254
255check_user_homedir 246check_user_homedir
256check_user_dot_ssh_dir 247check_user_dot_ssh_dir
257create_identity id_rsa rsa "SSH2 RSA" 248create_identity id_rsa rsa "SSH2 RSA"
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index 9bdce1e3c..7ac4ed0a5 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
1%define ver 6.7p1 1%define ver 6.8p1
2%define rel 1 2%define rel 1
3 3
4# OpenSSH privilege separation requires a user & group ID 4# OpenSSH privilege separation requires a user & group ID
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index f87674317..0eb779c9b 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -13,7 +13,7 @@
13 13
14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation 14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
15Name: openssh 15Name: openssh
16Version: 6.7p1 16Version: 6.8p1
17URL: http://www.openssh.com/ 17URL: http://www.openssh.com/
18Release: 1 18Release: 1
19Source0: openssh-%{version}.tar.gz 19Source0: openssh-%{version}.tar.gz