From 294df785b8f67a5890d1e49ba883d530cdfb534c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 23 Nov 1999 10:11:29 +1100 Subject: - Added SuSE package files from Chris Saia - Restructured package-related files under packages/ - Added generic PAM config --- ChangeLog | 5 + INSTALL | 7 +- README | 1 + openssh.spec | 185 ----------------------------------- packages/redhat/openssh.spec | 185 +++++++++++++++++++++++++++++++++++ packages/redhat/sshd.init | 50 ++++++++++ packages/redhat/sshd.pam | 7 ++ packages/suse/openssh.spec | 227 +++++++++++++++++++++++++++++++++++++++++++ packages/suse/rc.config.sshd | 5 + packages/suse/rc.sshd | 80 +++++++++++++++ sshd.init.redhat | 50 ---------- sshd.pam | 7 -- sshd.pam.generic | 7 ++ 13 files changed, 571 insertions(+), 245 deletions(-) delete mode 100644 openssh.spec create mode 100644 packages/redhat/openssh.spec create mode 100755 packages/redhat/sshd.init create mode 100644 packages/redhat/sshd.pam create mode 100644 packages/suse/openssh.spec create mode 100644 packages/suse/rc.config.sshd create mode 100644 packages/suse/rc.sshd delete mode 100755 sshd.init.redhat delete mode 100644 sshd.pam create mode 100644 sshd.pam.generic diff --git a/ChangeLog b/ChangeLog index b66bb4e20..819549bc5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +19991123 + - Added SuSE package files from Chris Saia + - Restructured package-related files under packages/ + - Added generic PAM config + 19991122 - Make close gnome-ssh-askpass (Debian bug #50299) - OpenBSD CVS Changes diff --git a/INSTALL b/INSTALL index ae2cf6936..4ff271247 100644 --- a/INSTALL +++ b/INSTALL @@ -57,9 +57,10 @@ make install This will install the binaries in /opt/{bin,lib,sbin}, but will place the configuration files in /etc/ssh. -If you are using PAM, you will need to manually install the sshd.pam -control file as "/etc/pam.d/sshd". This file is customised for Redhat -Linux, you may need to edit it before using it on your system. +If you are using PAM, you will need to manually install a PAM control +file as "/etc/pam.d/sshd" (or wherever your system prefers to keep +them). A generic PAM configuration is included as "sshd.pam.generic", +you may need to edit it before using it on your system. There are a few other options to the configure script: diff --git a/README b/README index f0cf0d8b0..1f96da22c 100644 --- a/README +++ b/README @@ -54,6 +54,7 @@ Theo de Raadt, and Dug Song - Creators of OpenSSH 'jonchen' - the original author of PAM support of SSH Ben Taylor - Solaris debugging and fixes Chip Salzenberg - Assorted patches +Chris Saia - SuSE packaging Dan Brosemer - Autoconf and build fixes & Debian scripts Jim Knoble - RPM spec file fixes Marc G. Fournier - Solaris patches diff --git a/openssh.spec b/openssh.spec deleted file mode 100644 index 3c244d956..000000000 --- a/openssh.spec +++ /dev/null @@ -1,185 +0,0 @@ -Summary: OpenSSH free Secure Shell (SSH) implementation -Name: openssh -Version: 1.2pre14 -Release: 1 -Packager: Damien Miller -Source0: openssh-%{version}.tar.gz -Copyright: BSD -Group: Applications/Internet -BuildRoot: /tmp/openssh-%{version}-buildroot -Obsoletes: ssh - -%package clients -Summary: OpenSSH Secure Shell protocol clients -Requires: openssh -Group: System Environment/Daemons -Obsoletes: ssh-clients - -%package server -Summary: OpenSSH Secure Shell protocol server (sshd) -Requires: openssh chkconfig >= 0.9 -Group: System Environment/Daemons -Obsoletes: ssh-server - -%package askpass -Summary: OpenSSH GNOME passphrase dialog -Group: Applications/Internet -Requires: openssh -Obsoletes: ssh-extras -Obsoletes: ssh-askpass - -%description -Ssh (Secure Shell) a program for logging into a remote machine and for -executing commands in a remote machine. It is intended to replace -rlogin and rsh, and provide secure encrypted communications between -two untrusted hosts over an insecure network. X11 connections and -arbitrary TCP/IP ports can also be forwarded over the secure channel. - -OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it -up to date in terms of security and features, as well as removing all -patented algorithms to seperate libraries (OpenSSL). - -This package includes the core files necessary for both the OpenSSH -client and server. To make this package useful, you should also -install openssh-clients, openssh-server, or both. - -%description clients -Ssh (Secure Shell) a program for logging into a remote machine and for -executing commands in a remote machine. It is intended to replace -rlogin and rsh, and provide secure encrypted communications between -two untrusted hosts over an insecure network. X11 connections and -arbitrary TCP/IP ports can also be forwarded over the secure channel. - -OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it -up to date in terms of security and features, as well as removing all -patented algorithms to seperate libraries (OpenSSL). - -This package includes the clients necessary to make encrypted connections -to SSH servers. - -%description server -Ssh (Secure Shell) a program for logging into a remote machine and for -executing commands in a remote machine. It is intended to replace -rlogin and rsh, and provide secure encrypted communications between -two untrusted hosts over an insecure network. X11 connections and -arbitrary TCP/IP ports can also be forwarded over the secure channel. - -OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it -up to date in terms of security and features, as well as removing all -patented algorithms to seperate libraries (OpenSSL). - -This package contains the secure shell daemon. The sshd is the server -part of the secure shell protocol and allows ssh clients to connect to -your host. - -%description askpass -Ssh (Secure Shell) a program for logging into a remote machine and for -executing commands in a remote machine. It is intended to replace -rlogin and rsh, and provide secure encrypted communications between -two untrusted hosts over an insecure network. X11 connections and -arbitrary TCP/IP ports can also be forwarded over the secure channel. - -OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it -up to date in terms of security and features, as well as removing all -patented algorithms to seperate libraries (OpenSSL). - -This package contains the GNOME passphrase dialog. - -%changelog -* Mon Nov 15 1999 Damien Miller -- Split subpackages further based on patch from jim knoble -* Sat Nov 13 1999 Damien Miller -- Added 'Obsoletes' directives -* Tue Nov 09 1999 Damien Miller -- Use make install -- Subpackages -* Mon Nov 08 1999 Damien Miller -- Added links for slogin -- Fixed perms on manpages -* Sat Oct 30 1999 Damien Miller -- Renamed init script -* Fri Oct 29 1999 Damien Miller -- Back to old binary names -* Thu Oct 28 1999 Damien Miller -- Use autoconf -- New binary names -* Wed Oct 27 1999 Damien Miller -- Initial RPMification, based on Jan "Yenya" Kasprzak's spec. - -%prep - -%setup - -%build - -CFLAGS="$RPM_OPT_FLAGS" \ - ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-gnome-askpass - -make - -%install -rm -rf $RPM_BUILD_ROOT -make install prefix="$RPM_BUILD_ROOT/usr" - -install -d $RPM_BUILD_ROOT/etc/ssh -install -d $RPM_BUILD_ROOT/etc/pam.d/ -install -d $RPM_BUILD_ROOT/etc/rc.d/init.d -install -m644 sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd -install -m755 sshd.init.redhat $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd -install -m600 ssh_config $RPM_BUILD_ROOT/etc/ssh/ssh_config -install -m600 sshd_config $RPM_BUILD_ROOT/etc/ssh/sshd_config - -%clean -rm -rf $RPM_BUILD_ROOT - -%post server -/sbin/chkconfig --add sshd -if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then - /usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' >&2 -fi -if test -r /var/run/sshd.pid -then - /etc/rc.d/init.d/sshd restart >&2 -fi - -%preun server -if [ "$1" = 0 ] -then - /etc/rc.d/init.d/sshd stop >&2 - /sbin/chkconfig --del sshd -fi - -%files -%defattr(-,root,root) -%doc ChangeLog OVERVIEW COPYING.Ylonen README README.Ylonen INSTALL UPGRADING -%attr(0755,root,root) /usr/bin/ssh-keygen -%attr(0755,root,root) /usr/bin/scp -%attr(0644,root,root) /usr/man/man1/ssh-keygen.1 -%attr(0644,root,root) /usr/man/man1/scp.1 -%attr(0755,root,root) %dir /etc/ssh - -%files clients -%defattr(-,root,root) -%attr(4755,root,root) /usr/bin/ssh -%attr(0755,root,root) /usr/bin/ssh-agent -%attr(0755,root,root) /usr/bin/ssh-add -%attr(0644,root,root) /usr/man/man1/ssh.1 -%attr(0644,root,root) /usr/man/man1/ssh-agent.1 -%attr(0644,root,root) /usr/man/man1/ssh-add.1 -%attr(0644,root,root) %config /etc/ssh/ssh_config -%attr(-,root,root) /usr/bin/slogin -%attr(-,root,root) /usr/man/man1/slogin.1 - -%files server -%defattr(-,root,root) -%attr(0755,root,root) /usr/sbin/sshd -%attr(0644,root,root) /usr/man/man8/sshd.8 -%attr(0600,root,root) %config /etc/ssh/sshd_config -%attr(0600,root,root) %config /etc/pam.d/sshd -%attr(0755,root,root) %config /etc/rc.d/init.d/sshd - -%files askpass -%defattr(-,root,root) -%attr(0755,root,root) /usr/libexec/ssh/ssh-askpass -%attr(0755,root,root) %dir /usr/libexec/ssh - diff --git a/packages/redhat/openssh.spec b/packages/redhat/openssh.spec new file mode 100644 index 000000000..870ffd8a3 --- /dev/null +++ b/packages/redhat/openssh.spec @@ -0,0 +1,185 @@ +Summary: OpenSSH free Secure Shell (SSH) implementation +Name: openssh +Version: 1.2pre14 +Release: 1 +Packager: Damien Miller +Source0: openssh-%{version}.tar.gz +Copyright: BSD +Group: Applications/Internet +BuildRoot: /tmp/openssh-%{version}-buildroot +Obsoletes: ssh + +%package clients +Summary: OpenSSH Secure Shell protocol clients +Requires: openssh +Group: System Environment/Daemons +Obsoletes: ssh-clients + +%package server +Summary: OpenSSH Secure Shell protocol server (sshd) +Requires: openssh chkconfig >= 0.9 +Group: System Environment/Daemons +Obsoletes: ssh-server + +%package askpass +Summary: OpenSSH GNOME passphrase dialog +Group: Applications/Internet +Requires: openssh +Obsoletes: ssh-extras +Obsoletes: ssh-askpass + +%description +Ssh (Secure Shell) a program for logging into a remote machine and for +executing commands in a remote machine. It is intended to replace +rlogin and rsh, and provide secure encrypted communications between +two untrusted hosts over an insecure network. X11 connections and +arbitrary TCP/IP ports can also be forwarded over the secure channel. + +OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it +up to date in terms of security and features, as well as removing all +patented algorithms to seperate libraries (OpenSSL). + +This package includes the core files necessary for both the OpenSSH +client and server. To make this package useful, you should also +install openssh-clients, openssh-server, or both. + +%description clients +Ssh (Secure Shell) a program for logging into a remote machine and for +executing commands in a remote machine. It is intended to replace +rlogin and rsh, and provide secure encrypted communications between +two untrusted hosts over an insecure network. X11 connections and +arbitrary TCP/IP ports can also be forwarded over the secure channel. + +OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it +up to date in terms of security and features, as well as removing all +patented algorithms to seperate libraries (OpenSSL). + +This package includes the clients necessary to make encrypted connections +to SSH servers. + +%description server +Ssh (Secure Shell) a program for logging into a remote machine and for +executing commands in a remote machine. It is intended to replace +rlogin and rsh, and provide secure encrypted communications between +two untrusted hosts over an insecure network. X11 connections and +arbitrary TCP/IP ports can also be forwarded over the secure channel. + +OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it +up to date in terms of security and features, as well as removing all +patented algorithms to seperate libraries (OpenSSL). + +This package contains the secure shell daemon. The sshd is the server +part of the secure shell protocol and allows ssh clients to connect to +your host. + +%description askpass +Ssh (Secure Shell) a program for logging into a remote machine and for +executing commands in a remote machine. It is intended to replace +rlogin and rsh, and provide secure encrypted communications between +two untrusted hosts over an insecure network. X11 connections and +arbitrary TCP/IP ports can also be forwarded over the secure channel. + +OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it +up to date in terms of security and features, as well as removing all +patented algorithms to seperate libraries (OpenSSL). + +This package contains the GNOME passphrase dialog. + +%changelog +* Mon Nov 15 1999 Damien Miller +- Split subpackages further based on patch from jim knoble +* Sat Nov 13 1999 Damien Miller +- Added 'Obsoletes' directives +* Tue Nov 09 1999 Damien Miller +- Use make install +- Subpackages +* Mon Nov 08 1999 Damien Miller +- Added links for slogin +- Fixed perms on manpages +* Sat Oct 30 1999 Damien Miller +- Renamed init script +* Fri Oct 29 1999 Damien Miller +- Back to old binary names +* Thu Oct 28 1999 Damien Miller +- Use autoconf +- New binary names +* Wed Oct 27 1999 Damien Miller +- Initial RPMification, based on Jan "Yenya" Kasprzak's spec. + +%prep + +%setup + +%build + +CFLAGS="$RPM_OPT_FLAGS" \ + ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-gnome-askpass + +make + +%install +rm -rf $RPM_BUILD_ROOT +make install prefix="$RPM_BUILD_ROOT/usr" + +install -d $RPM_BUILD_ROOT/etc/ssh +install -d $RPM_BUILD_ROOT/etc/pam.d/ +install -d $RPM_BUILD_ROOT/etc/rc.d/init.d +install -m644 packages/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd +install -m755 packages/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd +install -m600 ssh_config $RPM_BUILD_ROOT/etc/ssh/ssh_config +install -m600 sshd_config $RPM_BUILD_ROOT/etc/ssh/sshd_config + +%clean +rm -rf $RPM_BUILD_ROOT + +%post server +/sbin/chkconfig --add sshd +if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then + /usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' >&2 +fi +if test -r /var/run/sshd.pid +then + /etc/rc.d/init.d/sshd restart >&2 +fi + +%preun server +if [ "$1" = 0 ] +then + /etc/rc.d/init.d/sshd stop >&2 + /sbin/chkconfig --del sshd +fi + +%files +%defattr(-,root,root) +%doc ChangeLog OVERVIEW COPYING.Ylonen README README.Ylonen INSTALL UPGRADING +%attr(0755,root,root) /usr/bin/ssh-keygen +%attr(0755,root,root) /usr/bin/scp +%attr(0644,root,root) /usr/man/man1/ssh-keygen.1 +%attr(0644,root,root) /usr/man/man1/scp.1 +%attr(0755,root,root) %dir /etc/ssh + +%files clients +%defattr(-,root,root) +%attr(4755,root,root) /usr/bin/ssh +%attr(0755,root,root) /usr/bin/ssh-agent +%attr(0755,root,root) /usr/bin/ssh-add +%attr(0644,root,root) /usr/man/man1/ssh.1 +%attr(0644,root,root) /usr/man/man1/ssh-agent.1 +%attr(0644,root,root) /usr/man/man1/ssh-add.1 +%attr(0644,root,root) %config(noreplace) /etc/ssh/ssh_config +%attr(-,root,root) /usr/bin/slogin +%attr(-,root,root) /usr/man/man1/slogin.1 + +%files server +%defattr(-,root,root) +%attr(0755,root,root) /usr/sbin/sshd +%attr(0644,root,root) /usr/man/man8/sshd.8 +%attr(0600,root,root) %config(noreplace) /etc/ssh/sshd_config +%attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd +%attr(0755,root,root) %config /etc/rc.d/init.d/sshd + +%files askpass +%defattr(-,root,root) +%attr(0755,root,root) /usr/libexec/ssh/ssh-askpass +%attr(0755,root,root) %dir /usr/libexec/ssh + diff --git a/packages/redhat/sshd.init b/packages/redhat/sshd.init new file mode 100755 index 000000000..5e9194899 --- /dev/null +++ b/packages/redhat/sshd.init @@ -0,0 +1,50 @@ +#!/bin/bash + +# Init file for OpenSSH server daemon +# +# chkconfig: 2345 55 25 +# description: OpenSSH server daemon +# +# processname: sshd +# config: /etc/ssh/ssh_host_key +# config: /etc/ssh/ssh_host_key.pub +# config: /etc/ssh/ssh_random_seed +# config: /etc/ssh/sshd_config +# pidfile: /var/run/sshd.pid + +# source function library +. /etc/rc.d/init.d/functions + +RETVAL=0 + +case "$1" in + start) + echo -n "Starting sshd: " + if [ ! -f /var/run/sshd.pid ] ; then + /usr/sbin/sshd && success "sshd startup" || failure "sshd startup" + RETVAL=$? + fi + echo + ;; + stop) + echo -n "Shutting down sshd: " + if [ -f /var/run/sshd.pid ] ; then + killproc sshd + fi + echo + ;; + restart) + $0 stop + $0 start + RETVAL=$? + ;; + status) + status sshd + RETVAL=$? + ;; + *) + echo "Usage: sshd {start|stop|restart|status}" + exit 1 +esac + +exit $RETVAL diff --git a/packages/redhat/sshd.pam b/packages/redhat/sshd.pam new file mode 100644 index 000000000..2a7d1fbd7 --- /dev/null +++ b/packages/redhat/sshd.pam @@ -0,0 +1,7 @@ +#%PAM-1.0 +auth required /lib/security/pam_pwdb.so shadow +auth required /lib/security/pam_nologin.so +account required /lib/security/pam_pwdb.so +password required /lib/security/pam_cracklib.so +password required /lib/security/pam_pwdb.so shadow nullok use_authtok +session required /lib/security/pam_pwdb.so diff --git a/packages/suse/openssh.spec b/packages/suse/openssh.spec new file mode 100644 index 000000000..9bdde3b2c --- /dev/null +++ b/packages/suse/openssh.spec @@ -0,0 +1,227 @@ +Summary: OpenSSH, a free Secure Shell (SSH) implementation +Name: openssh +Version: 1.2pre14 +Release: 2RSAref +Source0: openssh-%{version}.tar.gz +Copyright: BSD +Group: Applications/Internet +BuildRoot: /tmp/openssh-%{version}-buildroot +Obsoletes: ssh +# +# building prerequisites -- stuff for TCP Wrappers and Gnome +# (This only works for RPM 2.95 and newer.) +# +BuildPrereq: nkitb +BuildPrereq: glibdev +BuildPrereq: gtkdev +BuildPrereq: gnlibsd + +%package clients +Summary: OpenSSH Secure Shell protocol clients +Requires: openssh +Group: Applications/Internet +Obsoletes: ssh-clients + +%package server +Summary: OpenSSH Secure Shell protocol server (sshd) +Requires: openssh +Group: System Environment/Daemons +Obsoletes: ssh-server + +%package askpass +Summary: OpenSSH GNOME passphrase dialog +Group: Applications/Internet +Requires: openssh +Obsoletes: ssh-extras +Obsoletes: ssh-askpass + +%description +Ssh (Secure Shell) a program for logging into a remote machine and for +executing commands in a remote machine. It is intended to replace +rlogin and rsh, and provide secure encrypted communications between +two untrusted hosts over an insecure network. X11 connections and +arbitrary TCP/IP ports can also be forwarded over the secure channel. + +OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it +up to date in terms of security and features, as well as removing all +patented algorithms to seperate libraries (OpenSSL). + +This package includes the core files necessary for both the OpenSSH +client and server. To make this package useful, you should also +install openssh-clients, openssh-server, or both. + +%description clients +Ssh (Secure Shell) a program for logging into a remote machine and for +executing commands in a remote machine. It is intended to replace +rlogin and rsh, and provide secure encrypted communications between +two untrusted hosts over an insecure network. X11 connections and +arbitrary TCP/IP ports can also be forwarded over the secure channel. + +OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it +up to date in terms of security and features, as well as removing all +patented algorithms to seperate libraries (OpenSSL). + +This package includes the clients necessary to make encrypted connections +to SSH servers. + +%description server +Ssh (Secure Shell) a program for logging into a remote machine and for +executing commands in a remote machine. It is intended to replace +rlogin and rsh, and provide secure encrypted communications between +two untrusted hosts over an insecure network. X11 connections and +arbitrary TCP/IP ports can also be forwarded over the secure channel. + +OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it +up to date in terms of security and features, as well as removing all +patented algorithms to seperate libraries (OpenSSL). + +This package contains the secure shell daemon. The sshd is the server +part of the secure shell protocol and allows ssh clients to connect to +your host. + +%description askpass +Ssh (Secure Shell) a program for logging into a remote machine and for +executing commands in a remote machine. It is intended to replace +rlogin and rsh, and provide secure encrypted communications between +two untrusted hosts over an insecure network. X11 connections and +arbitrary TCP/IP ports can also be forwarded over the secure channel. + +OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it +up to date in terms of security and features, as well as removing all +patented algorithms to seperate libraries (OpenSSL). + +This package contains the GNOME passphrase dialog. + +%changelog +* Mon Nov 22 1999 Chris Saia +- Added flag to configure daemon with TCP Wrappers support +- Added building prerequisites (works in RPM 3.0 and newer) +* Thu Nov 18 1999 Chris Saia +- Made this package correct for SuSE. +- Changed instances of pam_pwdb.so to pam_unix.so, since it works more properly + with SuSE, and lib_pwdb.so isn't installed by default. +* Mon Nov 15 1999 Damien Miller +- Split subpackages further based on patch from jim knoble +* Sat Nov 13 1999 Damien Miller +- Added 'Obsoletes' directives +* Tue Nov 09 1999 Damien Miller +- Use make install +- Subpackages +* Mon Nov 08 1999 Damien Miller +- Added links for slogin +- Fixed perms on manpages +* Sat Oct 30 1999 Damien Miller +- Renamed init script +* Fri Oct 29 1999 Damien Miller +- Back to old binary names +* Thu Oct 28 1999 Damien Miller +- Use autoconf +- New binary names +* Wed Oct 27 1999 Damien Miller +- Initial RPMification, based on Jan "Yenya" Kasprzak's spec. + +%prep + +%setup + +%build + +CFLAGS="$RPM_OPT_FLAGS" \ + ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-gnome-askpass --with-tcp-wrappers + +make + +%install +rm -rf $RPM_BUILD_ROOT +make install prefix="$RPM_BUILD_ROOT/usr" + +install -d $RPM_BUILD_ROOT/etc/ssh/ +install -d $RPM_BUILD_ROOT/etc/pam.d/ +install -d $RPM_BUILD_ROOT/sbin/init.d/ +install -d $RPM_BUILD_ROOT/sbin/init.d/rc2.d/ +install -d $RPM_BUILD_ROOT/sbin/init.d/rc3.d/ +install -m644 sshd.pam.generic $RPM_BUILD_ROOT/etc/pam.d/sshd +install -m744 packages/suse/rc.sshd $RPM_BUILD_ROOT/sbin/init.d/sshd +install -m600 ssh_config $RPM_BUILD_ROOT/etc/ssh/ssh_config +install -m600 sshd_config $RPM_BUILD_ROOT/etc/ssh/sshd_config +ln -s ../../sbin/init.d/sshd $RPM_BUILD_ROOT/usr/sbin/rcsshd +install -d $RPM_BUILD_ROOT/var/adm/fillup-templates +cp packages/suse/rc.config.sshd $RPM_BUILD_ROOT/var/adm/fillup-templates + +%clean +rm -rf $RPM_BUILD_ROOT + +%post server +if [ "$1" = 0 ]; then + echo "Creating SSH stop/start scripts in rc directories..." + ln -s ../sshd /sbin/init.d/rc2.d/K20sshd + ln -s ../sshd /sbin/init.d/rc2.d/S20sshd + ln -s ../sshd /sbin/init.d/rc3.d/K20sshd + ln -s ../sshd /sbin/init.d/rc3.d/S20sshd +fi +echo "Updating /etc/rc.config..." +if [ -x /bin/fillup ] ; then + /bin/fillup -q -d = etc/rc.config var/adm/fillup-templates/rc.config.sshd +else + echo "ERROR: fillup not found. This should NOT happen in SuSE Linux." + echo "Update /etc/rc.config by hand from the following template file:" + echo " /var/adm/fillup-templates/rc.config.sshd" +fi +echo "Generating SSH host key..." +if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then + /usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' >&2 +fi +if test -r /var/run/sshd.pid +then + /usr/sbin/rcsshd restart >&2 +fi + +%preun server +if [ "$1" = 0 ] +then + echo "Stopping SSH..." + /usr/sbin/rcsshd stop >&2 + echo "Removing SSH stop/start scripts from rc directories..." + rm /sbin/init.d/rc2.d/K20sshd + rm /sbin/init.d/rc2.d/S20sshd + rm /sbin/init.d/rc3.d/K20sshd + rm /sbin/init.d/rc3.d/S20sshd +fi + +%files +%defattr(-,root,root) +%doc COPYING.Ylonen ChangeLog OVERVIEW README README.Ylonen +%doc RFC.nroff TODO UPGRADING +%attr(0755,root,root) /usr/bin/ssh-keygen +%attr(0755,root,root) /usr/bin/scp +%attr(0644,root,root) /usr/man/man1/ssh-keygen.1 +%attr(0644,root,root) /usr/man/man1/scp.1 +%attr(0755,root,root) %dir /etc/ssh + +%files clients +%defattr(-,root,root) +%attr(4755,root,root) /usr/bin/ssh +%attr(0755,root,root) /usr/bin/ssh-agent +%attr(0755,root,root) /usr/bin/ssh-add +%attr(0644,root,root) /usr/man/man1/ssh.1 +%attr(0644,root,root) /usr/man/man1/ssh-agent.1 +%attr(0644,root,root) /usr/man/man1/ssh-add.1 +%attr(0644,root,root) %config(noreplace) /etc/ssh/ssh_config +%attr(-,root,root) /usr/bin/slogin +%attr(-,root,root) /usr/man/man1/slogin.1 + +%files server +%defattr(-,root,root) +%attr(0755,root,root) /usr/sbin/sshd +%attr(0644,root,root) /usr/man/man8/sshd.8 +%attr(0600,root,root) %config(noreplace) /etc/ssh/sshd_config +%attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd +%attr(0755,root,root) %config /sbin/init.d/sshd +%attr(-,root,root) /usr/sbin/rcsshd +%attr(0644,root,root) /var/adm/fillup-templates/rc.config.sshd + +%files askpass +%defattr(-,root,root) +%attr(0755,root,root) %dir /usr/libexec/ssh +%attr(0755,root,root) /usr/libexec/ssh/ssh-askpass + diff --git a/packages/suse/rc.config.sshd b/packages/suse/rc.config.sshd new file mode 100644 index 000000000..baaa7a5a1 --- /dev/null +++ b/packages/suse/rc.config.sshd @@ -0,0 +1,5 @@ +# +# Start the Secure Shell (SSH) Daemon? +# +START_SSHD="yes" + diff --git a/packages/suse/rc.sshd b/packages/suse/rc.sshd new file mode 100644 index 000000000..f7d431ebb --- /dev/null +++ b/packages/suse/rc.sshd @@ -0,0 +1,80 @@ +#! /bin/sh +# Copyright (c) 1995-1998 SuSE GmbH Nuernberg, Germany. +# +# Author: Chris Saia +# +# /sbin/init.d/sshd +# +# and symbolic its link +# +# /sbin/rcsshd +# + +. /etc/rc.config + +# Determine the base and follow a runlevel link name. +base=${0##*/} +link=${base#*[SK][0-9][0-9]} + +# Force execution if not called by a runlevel directory. +test $link = $base && START_SSHD=yes +test "$START_SSHD" = yes || exit 0 + +# The echo return value for success (defined in /etc/rc.config). +return=$rc_done +case "$1" in + start) + echo -n "Starting service sshd" + ## Start daemon with startproc(8). If this fails + ## the echo return value is set appropriate. + + startproc /usr/sbin/sshd || return=$rc_failed + + echo -e "$return" + ;; + stop) + echo -n "Stopping service sshd" + ## Stop daemon with killproc(8) and if this fails + ## set echo the echo return value. + + killproc -TERM /usr/sbin/sshd || return=$rc_failed + + echo -e "$return" + ;; + restart) + ## If first returns OK call the second, if first or + ## second command fails, set echo return value. + $0 stop && $0 start || return=$rc_failed + ;; + reload) + ## Choose ONE of the following two cases: + + ## First possibility: A few services accepts a signal + ## to reread the (changed) configuration. + + echo -n "Reload service sshd" + killproc -HUP /usr/sbin/sshd || return=$rc_failed + echo -e "$return" + ;; + status) + echo -n "Checking for service sshd" + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. + + checkproc /usr/sbin/sshd && echo OK || echo No process + ;; + probe) + ## Optional: Probe for the necessity of a reload, + ## give out the argument which is required for a reload. + + test /etc/ssh/sshd_config -nt /var/run/sshd.pid && echo reload + ;; + *) + echo "Usage: $0 {start|stop|status|restart|reload[|probe]}" + exit 1 + ;; +esac + +# Inform the caller not only verbosely and set an exit status. +test "$return" = "$rc_done" || exit 1 +exit 0 diff --git a/sshd.init.redhat b/sshd.init.redhat deleted file mode 100755 index 5e9194899..000000000 --- a/sshd.init.redhat +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash - -# Init file for OpenSSH server daemon -# -# chkconfig: 2345 55 25 -# description: OpenSSH server daemon -# -# processname: sshd -# config: /etc/ssh/ssh_host_key -# config: /etc/ssh/ssh_host_key.pub -# config: /etc/ssh/ssh_random_seed -# config: /etc/ssh/sshd_config -# pidfile: /var/run/sshd.pid - -# source function library -. /etc/rc.d/init.d/functions - -RETVAL=0 - -case "$1" in - start) - echo -n "Starting sshd: " - if [ ! -f /var/run/sshd.pid ] ; then - /usr/sbin/sshd && success "sshd startup" || failure "sshd startup" - RETVAL=$? - fi - echo - ;; - stop) - echo -n "Shutting down sshd: " - if [ -f /var/run/sshd.pid ] ; then - killproc sshd - fi - echo - ;; - restart) - $0 stop - $0 start - RETVAL=$? - ;; - status) - status sshd - RETVAL=$? - ;; - *) - echo "Usage: sshd {start|stop|restart|status}" - exit 1 -esac - -exit $RETVAL diff --git a/sshd.pam b/sshd.pam deleted file mode 100644 index 2a7d1fbd7..000000000 --- a/sshd.pam +++ /dev/null @@ -1,7 +0,0 @@ -#%PAM-1.0 -auth required /lib/security/pam_pwdb.so shadow -auth required /lib/security/pam_nologin.so -account required /lib/security/pam_pwdb.so -password required /lib/security/pam_cracklib.so -password required /lib/security/pam_pwdb.so shadow nullok use_authtok -session required /lib/security/pam_pwdb.so diff --git a/sshd.pam.generic b/sshd.pam.generic new file mode 100644 index 000000000..c67e7b637 --- /dev/null +++ b/sshd.pam.generic @@ -0,0 +1,7 @@ +#%PAM-1.0 +auth required /lib/security/pam_unix.so shadow +auth required /lib/security/pam_nologin.so +account required /lib/security/pam_unix.so +password required /lib/security/pam_cracklib.so +password required /lib/security/pam_unix.so shadow nullok use_authtok +session required /lib/security/pam_unix.so -- cgit v1.2.3