Accepting request 88642 from home:pcerny:factory

- Update to 5.9p1 
  * sandboxing privsep child through rlimit
- spec files and sources cleanup
- removed bogus key size from init script

OBS-URL: https://build.opensuse.org/request/show/88642
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=14

openssh-5.8p2.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:517e6b2b0c528a7300315db224cf8b2377f87d71d7a0775572f1ce811d6b218a
-size 900171

openssh-5.9p1-audit.patch

@@ -60,34 +60,34 @@ Index: openssh-5.8p1/config.h.in
 +/* Define if you want Linux audit support. */
 +#undef HAVE_LINUX_AUDIT
 +
- /* Define to 1 if your processor stores words with the most significant byte
-    first (like Motorola and SPARC, unlike Intel and VAX). */
- #undef WORDS_BIGENDIAN
+ /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+    significant byte first (like Motorola and SPARC, unlike Intel). */
+ #if defined AC_APPLE_UNIVERSAL_BUILD
 Index: openssh-5.8p1/configure.ac
 ===================================================================
 --- openssh-5.8p1.orig/configure.ac
 +++ openssh-5.8p1/configure.ac
 @@ -3522,6 +3522,20 @@ AC_ARG_WITH(selinux,
- AC_SUBST(SSHLIBS)
- AC_SUBST(SSHDLIBS)
+ AC_SUBST([SSHLIBS])
+ AC_SUBST([SSHDLIBS])
  
 +# Check whether user wants Linux audit support
 +LINUX_AUDIT_MSG="no"
 +LIBAUDIT=""
-+AC_ARG_WITH(linux-audit,
++AC_ARG_WITH([linux-audit],
 +	[  --with-linux-audit   Enable Linux audit support],
 +	[ if test "x$withval" != "xno" ; then
-+		AC_DEFINE(HAVE_LINUX_AUDIT,1,[Define if you want Linux audit support.])
++		AC_DEFINE([HAVE_LINUX_AUDIT],[1],[Define if you want Linux audit support.])
 +		LINUX_AUDIT_MSG="yes"
-+		AC_CHECK_HEADERS(libaudit.h)
++		AC_CHECK_HEADERS([libaudit.h])
 +		LIBAUDIT="-laudit"
 +	fi
 +	])
-+AC_SUBST(LIBAUDIT)
++AC_SUBST([LIBAUDIT])
 +
  # Check whether user wants Kerberos 5 support
  KRB5_MSG="no"
- AC_ARG_WITH(kerberos5,
+ AC_ARG_WITH([kerberos5],
 @@ -4316,6 +4330,7 @@ echo "                       PAM support
  echo "                   OSF SIA support: $SIA_MSG"
  echo "                 KerberosV support: $KRB5_MSG"

openssh-5.9p1-blocksigalrm.diff

@@ -16,6 +16,7 @@ Index: log.c
  	int pri = LOG_INFO;
 +	sigset_t nset, oset;
  	int saved_errno = errno;
+ 	log_handler_fn *tmp_handler;
  
  	if (level > log_level)
 @@ -387,6 +389,14 @@ do_log(LogLevel level, const char *fmt,

openssh-5.9p1-engines.diff

@@ -42,8 +42,8 @@ Index: openssh-5.8p1/ssh-agent.c
 +	ENGINE_register_all_complete();
 +
  	__progname = ssh_get_progname(av[0]);
- 	init_rng();
  	seed_rng();
+ 
 Index: openssh-5.8p1/ssh-keygen.c
 ===================================================================
 --- openssh-5.8p1.orig/ssh-keygen.c
@@ -67,7 +67,7 @@ Index: openssh-5.8p1/ssh-keygen.c
 +
  	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
  
- 	init_rng();
+ 	seed_rng();
 Index: openssh-5.8p1/ssh-keysign.c
 ===================================================================
 --- openssh-5.8p1.orig/ssh-keysign.c

openssh-5.9p1-gssapimitm.patch

@@ -153,7 +153,7 @@ Index: servconf.c
 @@ -322,7 +325,7 @@ typedef enum {
  	sBanner, sUseDNS, sHostbasedAuthentication,
  	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
- 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
+ 	sClientAliveCountMax, sAuthorizedKeysFile,
 -	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
 +	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sGssEnableMITM,
  	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,

openssh-5.9p1-host_ident.diff

@@ -3,7 +3,7 @@ Index: openssh-5.7p1/sshconnect.c
 --- openssh-5.7p1.orig/sshconnect.c
 +++ openssh-5.7p1/sshconnect.c
 @@ -958,6 +958,11 @@ check_host_key(char *hostname, struct so
- 		    user_hostfile);
+ 		    user_hostfiles[0]);
  		error("Offending %s key in %s:%lu", key_type(host_found->key),
  		    host_found->file, host_found->line);
 +		error("You can use following command to remove all keys for this IP:");

openssh-5.9p1.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:478962a2757c61d73de051b8cf8ace9f8f5c4cff5910ca7ba5a7735c5a2ab980
+size 894158

openssh-SuSE.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f8266c1a050015a77ba8f6f1fd51aa1ce60d5b913564392bb205f94fedd4548c
-size 1965

openssh-askpass-gnome.changes

@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Oct 19 00:40:15 UTC 2011 - pcerny@suse.com
+
+- Update to 5.9p1 
+
 -------------------------------------------------------------------
 Fri Feb  4 11:19:14 UTC 2011 - lchiquitto@novell.com
 

openssh-askpass-gnome.spec

@@ -21,24 +21,25 @@ Name:           openssh-askpass-gnome
 BuildRequires:  gtk2-devel krb5-devel openssh openssl-devel pam-devel tcpd-devel update-desktop-files
 License:        BSD3c(or similar)
 Group:          Productivity/Networking/SSH
-Version:        5.8p2
+Version:        5.9p1
 Release:        1
 Requires:       openssh = %{version} openssh-askpass = %{version}
 AutoReqProv:    on
 Summary:        A GNOME-Based Passphrase Dialog for OpenSSH
-URL:            http://www.openssh.com/
+Url:            http://www.openssh.com/
 %define _name openssh
 Source:         %{_name}-%{version}.tar.bz2
-Patch:          %{_name}-5.8p1-sshd_config.diff
-Patch1:         %{_name}-5.8p1-pam-fix2.diff
-Patch2:         %{_name}-5.8p1-saveargv-fix.diff
-Patch3:         %{_name}-5.8p1-pam-fix3.diff
-Patch4:         %{_name}-5.8p1-gssapimitm.patch
-Patch5:         %{_name}-5.8p1-eal3.diff
-Patch6:         %{_name}-5.8p1-engines.diff
-Patch7:         %{_name}-5.8p1-blocksigalrm.diff
+Patch:          %{_name}-5.9p1-sshd_config.diff
+Patch1:         %{_name}-5.9p1-pam-fix2.diff
+Patch2:         %{_name}-5.9p1-saveargv-fix.diff
+Patch3:         %{_name}-5.9p1-pam-fix3.diff
+Patch4:         %{_name}-5.9p1-gssapimitm.patch
+Patch5:         %{_name}-5.9p1-eal3.diff
+Patch6:         %{_name}-5.9p1-engines.diff
+Patch7:         %{_name}-5.9p1-blocksigalrm.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
+
 %description
 SSH (Secure Shell) is a program for logging into a remote machine and
 for executing commands on a remote machine. This package contains a
@@ -55,14 +56,15 @@ GNOME-based passphrase dialog for OpenSSH.
 %patch6 -p1
 %patch7
 
+
 %build
 %{?suse_update_config:%{suse_update_config}}
 aclocal
 autoheader
 autoconf
 %configure \
-	--sysconfdir=%_sysconfdir/ssh \
-	--libexecdir=%_libexecdir/ssh \
+	--sysconfdir=%{_sysconfdir}/ssh \
+	--libexecdir=%{_libexecdir}/ssh \
 	--with-tcp-wrappers \
 	--with-pam \
 	--with-kerberos5=/usr \
@@ -73,13 +75,17 @@ cd contrib
 make %{?_smp_mflags} gnome-ssh-askpass2
 mv gnome-ssh-askpass2 gnome-ssh-askpass
 
+
 %install
-install -d -m 755 %buildroot/%_libexecdir/ssh/
-install contrib/gnome-ssh-askpass %buildroot/%_libexecdir/ssh/gnome-ssh-askpass
+install -d -m 755 %{buildroot}%{_libexecdir}/ssh/
+install contrib/gnome-ssh-askpass %{buildroot}%{_libexecdir}/ssh/gnome-ssh-askpass
+
 
 %files
 %defattr(-,root,root)
-%dir %_libexecdir/ssh
-%attr(0755,root,root) %_libexecdir/ssh/gnome-ssh-askpass
+%dir %{_libexecdir}/ssh
+%attr(0755,root,root) %{_libexecdir}/ssh/gnome-ssh-askpass
+
+
 
 %changelog

openssh.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Oct 19 00:32:20 UTC 2011 - pcerny@suse.com
+
+- Update to 5.9p1
+  * sandboxing privsep child through rlimit
+
 -------------------------------------------------------------------
 Fri Sep 16 09:43:47 UTC 2011 - jengelh@medozas.de
 

openssh.spec

@@ -18,7 +18,7 @@
 
 
 Name:           openssh
-%define _fwdefdir %_sysconfdir/sysconfig/SuSEfirewall2.d/services
+%define _fwdefdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
 %define _appdefdir      %{_prefix}/share/X11/app-defaults
 BuildRequires:  audit-devel krb5-devel openssl-devel pam-devel tcpd-devel xorg-x11-devel
 BuildRequires:  libselinux-devel
@@ -26,15 +26,15 @@ BuildRequires:  libedit-devel
 License:        BSD3c(or similar) ; MIT License (or similar)
 Group:          Productivity/Networking/SSH
 Requires:       /bin/netstat
-PreReq:         pwdutils %insserv_prereq  %fillup_prereq coreutils
+PreReq:         pwdutils %{insserv_prereq} %{fillup_prereq} coreutils
 Conflicts:      nonfreessh
-Version:        5.8p2
+Version:        5.9p1
 Release:        1
 %define xversion 1.2.4.1
 Summary:        Secure Shell Client and Server (Remote Login Program)
-URL:            http://www.openssh.com/
+Url:            http://www.openssh.com/
 Source:         %{name}-%{version}.tar.bz2
-Source1:        %{name}-SuSE.tar.bz2
+Source1:        sshd.init
 Source2:        sshd.pamd
 Source3:        x11-ssh-askpass-%{xversion}.tar.bz2
 Source4:        README.SuSE
@@ -43,34 +43,37 @@ Source6:        README.kerberos
 Source7:        ssh.reg
 Source8:        ssh-askpass
 Source9:        sshd.fw
-Patch:          %{name}-5.8p1-sshd_config.diff
-Patch1:         %{name}-5.8p1-askpass-fix.diff
-Patch2:         %{name}-5.8p1-pam-fix2.diff
-Patch3:         %{name}-5.8p1-saveargv-fix.diff
-Patch4:         %{name}-5.8p1-pam-fix3.diff
-Patch5:         %{name}-5.8p1-gssapimitm.patch
-Patch6:         %{name}-5.8p1-eal3.diff
-Patch7:         %{name}-5.8p1-engines.diff
-Patch8:         %{name}-5.8p1-blocksigalrm.diff
-Patch9:         %{name}-5.8p1-send_locale.diff
-Patch10:        %{name}-5.8p1-xauthlocalhostname.diff
-Patch12:        %{name}-5.8p1-xauth.diff
-Patch14:        %{name}-5.8p1-default-protocol.diff
-Patch15:        %{name}-5.8p1-audit.patch
-Patch16:        %{name}-5.8p1-pts.diff
-Patch17:        %{name}-5.8p1-homechroot.patch
-Patch18:        %{name}-5.8p1-sshconfig-knownhostschanges.diff
-Patch19:        %{name}-5.8p1-host_ident.diff
+Source10:       sysconfig.ssh
+Patch:          %{name}-5.9p1-sshd_config.diff
+Patch1:         %{name}-5.9p1-askpass-fix.diff
+Patch2:         %{name}-5.9p1-pam-fix2.diff
+Patch3:         %{name}-5.9p1-saveargv-fix.diff
+Patch4:         %{name}-5.9p1-pam-fix3.diff
+Patch5:         %{name}-5.9p1-gssapimitm.patch
+Patch6:         %{name}-5.9p1-eal3.diff
+Patch7:         %{name}-5.9p1-engines.diff
+Patch8:         %{name}-5.9p1-blocksigalrm.diff
+Patch9:         %{name}-5.9p1-send_locale.diff
+Patch10:        %{name}-5.9p1-xauthlocalhostname.diff
+Patch12:        %{name}-5.9p1-xauth.diff
+Patch14:        %{name}-5.9p1-default-protocol.diff
+Patch15:        %{name}-5.9p1-audit.patch
+Patch16:        %{name}-5.9p1-pts.diff
+Patch17:        %{name}-5.9p1-homechroot.patch
+Patch18:        %{name}-5.9p1-sshconfig-knownhostschanges.diff
+Patch19:        %{name}-5.9p1-host_ident.diff
 Patch20:        converter-linking.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
+
 %package        askpass
 License:        BSD3c(or similar) ; MIT License (or similar)
 Summary:        A passphrase dialog for OpenSSH and the X Window System
 Requires:       openssh = %{version}
-Provides:       openssh:%_libexecdir/ssh/ssh-askpass
+Provides:       openssh:%{_libexecdir}/ssh/ssh-askpass
 Group:          Productivity/Networking/SSH
 
+
 %description
 SSH (Secure Shell) is a program for logging into and executing commands
 on a remote machine. It is intended to replace rsh (rlogin and rsh) and
@@ -86,7 +89,7 @@ for executing commands on a remote machine. This package contains an X
 Window System passphrase dialog for OpenSSH.
 
 %prep
-%setup -q -b 3 -a 1 -a 5
+%setup -q -b 3 -a 5
 %patch 
 %patch2
 %patch3
@@ -110,6 +113,7 @@ cp -v %{SOURCE6} .
 cd ../x11-ssh-askpass-%{xversion}
 %patch1
 
+
 %build
 autoreconf -fiv
 %ifarch s390 s390x %sparc
@@ -117,20 +121,22 @@ PIEFLAGS="-fPIE"
 %else
 PIEFLAGS="-fpie"
 %endif
-%configure --with-ssl-engine \
-    CFLAGS="%optflags $PIEFLAGS -fstack-protector" \
-    CXXFLAGS="%optflags $PIEFLAGS -fstack-protector" \
-    LDFLAGS="-pie" \
+export CFLAGS="%{optflags} $PIEFLAGS -fstack-protector"
+export CXXFLAGS="%{optflags} $PIEFLAGS -fstack-protector"
+export LDFLAGS="-pie"
+%configure \
+    --with-ssl-engine \
 %if 0%{suse_version} >= 1140
     --with-libedit \
 %endif
-    --sysconfdir=%_sysconfdir/ssh \
-    --libexecdir=%_libexecdir/ssh \
+    --sysconfdir=%{_sysconfdir}/ssh \
+    --libexecdir=%{_libexecdir}/ssh \
     --with-tcp-wrappers \
     --with-selinux \
     --with-pam \
     --with-kerberos5=/usr \
     --with-privsep-path=/var/lib/empty \
+    --with-sandbox=rlimit \
     --disable-strip \
     --with-linux-audit \
     --with-xauth=%{_prefix}/bin/xauth \
@@ -141,67 +147,77 @@ make %{?_smp_mflags}
 cd contrib
 cd ../../x11-ssh-askpass-%{xversion}
 %configure \
-    --libexecdir=%_libdir/ssh
+    --libexecdir=%{_libdir}/ssh
 xmkmf
-make includes USRLIBDIR=%_libdir
-make %{?_smp_mflags} USRLIBDIR=%_libdir CCOPTIONS="%optflags"
+make includes USRLIBDIR=%{_libdir}
+make %{?_smp_mflags} USRLIBDIR=%{_libdir} CCOPTIONS="%{optflags}"
+
 
 %install
-make DESTDIR=%buildroot/ install
-install -d -m 755 %buildroot%_sysconfdir/pam.d
-install -d -m 755 %buildroot/var/lib/sshd
-install -m 644 %{S:2} %buildroot%_sysconfdir/pam.d/sshd
-install -d -m 755 %buildroot%_sysconfdir/slp.reg.d/
-install -m 644 %{S:7} %buildroot%_sysconfdir/slp.reg.d/
-cp -a SuSE/* %buildroot
+make DESTDIR=%{buildroot}/ install
+install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d
+install -d -m 755 %{buildroot}/var/lib/sshd
+install -m 644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/sshd
+install -d -m 755 %{buildroot}%{_sysconfdir}/slp.reg.d/
+install -m 644 %{S:7} %{buildroot}%{_sysconfdir}/slp.reg.d/
+install -d -m 755 %{buildroot}/etc/init.d
+install -m 755 %{S:1} %{buildroot}/etc/init.d/sshd
+ln -vs ../../etc/init.d/sshd %{buildroot}/usr/sbin/rcsshd
+install -d -m 755 %{buildroot}/var/adm/fillup-templates
+install -m 644 %{S:10} %{buildroot}/var/adm/fillup-templates
 # install shell script to automate the process of adding your public key to a remote machine
-install -m 755 contrib/ssh-copy-id %buildroot%_bindir
-install -m 644 contrib/ssh-copy-id.1 %buildroot/%_mandir/man1
-(cd converter; make install DESTDIR=%buildroot/)
-cd ../x11-ssh-askpass-%xversion
-make BINDIR=%_libexecdir/ssh DESTDIR=%buildroot install install.man
-rm -rf %buildroot/%_libexecdir/ssh/ssh-askpass
-sed -e "s@usr/lib/ssh@usr/%_lib/ssh@" < %{S:8} > %buildroot/%_libexecdir/ssh/ssh-askpass
-rm -f %buildroot%_datadir/Ssh.bin
-sed -i -e s@/usr/libexec@%_libexecdir@g %buildroot%_sysconfdir/ssh/sshd_config
+install -m 755 contrib/ssh-copy-id %{buildroot}%{_bindir}
+install -m 644 contrib/ssh-copy-id.1 %{buildroot}/%{_mandir}/man1
+(cd converter; make install DESTDIR=%{buildroot}/)
+cd ../x11-ssh-askpass-%{xversion}
+make BINDIR=%{_libexecdir}/ssh DESTDIR=%{buildroot} install install.man
+rm -rf %{buildroot}/%{_libexecdir}/ssh/ssh-askpass
+sed -e "s@usr/lib/ssh@usr/%{_lib}/ssh@" < %{S:8} > %{buildroot}/%{_libexecdir}/ssh/ssh-askpass
+rm -f %{buildroot}%{_datadir}/Ssh.bin
+sed -i -e s@/usr/libexec@%{_libexecdir}@g %{buildroot}%{_sysconfdir}/ssh/sshd_config
 #install firewall definitions format is described here:
-#%_datadir/SuSEfirewall2/services/TEMPLATE
-mkdir -p %buildroot/%{_fwdefdir}
-install -m 644 %{S:9} %buildroot/%{_fwdefdir}/sshd
+#%{_datadir}/SuSEfirewall2/services/TEMPLATE
+mkdir -p %{buildroot}/%{_fwdefdir}
+install -m 644 %{S:9} %{buildroot}/%{_fwdefdir}/sshd
+
 
 %pre
-getent group sshd >/dev/null || %_sbindir/groupadd -o -r sshd
-getent passwd sshd >/dev/null || %_sbindir/useradd -r -g sshd -d /var/lib/sshd -s /bin/false -c "SSH daemon" sshd
+getent group sshd >/dev/null || %{_sbindir}/groupadd -o -r sshd
+getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d /var/lib/sshd -s /bin/false -c "SSH daemon" sshd
+
 
 %post
 %{fillup_and_insserv -n ssh sshd}
 
+
 %preun
 %stop_on_removal sshd
 
+
 %postun
 %restart_on_update sshd
 %{insserv_cleanup}
 
+
 %files
 %defattr(-,root,root)
 %dir %attr(755,root,root) /var/lib/sshd
 %doc README.SuSE README.kerberos ChangeLog OVERVIEW README TODO LICENCE CREDITS
-%attr(0755,root,root) %dir %_sysconfdir/ssh
-%attr(0600,root,root) %config(noreplace) %_sysconfdir/ssh/moduli
-%attr(0644,root,root) %config(noreplace) %_sysconfdir/ssh/ssh_config
-%attr(0640,root,root) %config(noreplace) %_sysconfdir/ssh/sshd_config
-%attr(0644,root,root) %config %_sysconfdir/pam.d/sshd
-%attr(0755,root,root) %config %_initddir/sshd
-%attr(0755,root,root) %_bindir/ssh
-%_bindir/scp
-%_bindir/sftp
-%_bindir/slogin
-%_bindir/ssh-*
-%_sbindir/*
+%attr(0755,root,root) %dir %{_sysconfdir}/ssh
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
+%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
+%attr(0644,root,root) %config %{_sysconfdir}/pam.d/sshd
+%attr(0755,root,root) %config %{_initddir}/sshd
+%attr(0755,root,root) %{_bindir}/ssh
+%{_bindir}/scp
+%{_bindir}/sftp
+%{_bindir}/slogin
+%{_bindir}/ssh-*
+%{_sbindir}/*
 %attr(444,root,root) %doc %{_mandir}/man1/scp.1.gz
 %attr(444,root,root) %doc %{_mandir}/man1/ssh-keygen.1.gz
-%attr(444,root,root) %doc %_mandir/man1/ssh-keyconverter.1.gz
+%attr(444,root,root) %doc %{_mandir}/man1/ssh-keyconverter.1.gz
 %attr(444,root,root) %doc %{_mandir}/man1/ssh.1.gz
 %attr(444,root,root) %doc %{_mandir}/man1/slogin.1.gz
 %attr(444,root,root) %doc %{_mandir}/man1/ssh-agent.1*
@@ -211,21 +227,24 @@ getent passwd sshd >/dev/null || %_sbindir/useradd -r -g sshd -d /var/lib/sshd -
 %attr(444,root,root) %doc %{_mandir}/man1/ssh-copy-id.1*
 %attr(444,root,root) %doc %{_mandir}/man5/*
 %attr(444,root,root) %doc %{_mandir}/man8/*
-%attr(0755,root,root) %dir %_libexecdir/ssh
-%attr(0755,root,root) %_libexecdir/ssh/sftp-server
-%attr(0755,root,root) %_libexecdir/ssh/ssh-keysign
-%attr(0755,root,root) %_libexecdir/ssh/ssh-pkcs11-helper
-%dir %_sysconfdir/slp.reg.d
-%config %_sysconfdir/slp.reg.d/ssh.reg
+%attr(0755,root,root) %dir %{_libexecdir}/ssh
+%attr(0755,root,root) %{_libexecdir}/ssh/sftp-server
+%attr(0755,root,root) %{_libexecdir}/ssh/ssh-keysign
+%attr(0755,root,root) %{_libexecdir}/ssh/ssh-pkcs11-helper
+%dir %{_sysconfdir}/slp.reg.d
+%config %{_sysconfdir}/slp.reg.d/ssh.reg
 /var/adm/fillup-templates/sysconfig.ssh
 %config %{_fwdefdir}/sshd
 
+
 %files askpass
 %defattr(-,root,root)
-%attr(0755,root,root) %_libexecdir/ssh/ssh-askpass
-%attr(0755,root,root) %_libexecdir/ssh/x11-ssh-askpass
-%doc %_mandir/man1/ssh-askpass.1x.gz
-%doc %_mandir/man1/x11-ssh-askpass.1x.gz
-%_appdefdir/SshAskpass
+%attr(0755,root,root) %{_libexecdir}/ssh/ssh-askpass
+%attr(0755,root,root) %{_libexecdir}/ssh/x11-ssh-askpass
+%doc %{_mandir}/man1/ssh-askpass.1x.gz
+%doc %{_mandir}/man1/x11-ssh-askpass.1x.gz
+%{_appdefdir}/SshAskpass
+
+
 
 %changelog

sshd.init

@@ -0,0 +1,137 @@
+#! /bin/sh
+# Copyright (c) 1995-2000 SuSE GmbH Nuernberg, Germany.
+#
+# Author: Jiri Smid <feedback@suse.de>
+#
+# /etc/init.d/sshd
+#
+#   and symbolic its link
+#
+# /usr/sbin/rcsshd
+#
+### BEGIN INIT INFO
+# Provides: sshd
+# Required-Start: $network $remote_fs
+# Required-Stop: $network $remote_fs
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 6
+# Description: Start the sshd daemon
+### END INIT INFO
+
+SSHD_BIN=/usr/sbin/sshd
+test -x $SSHD_BIN || exit 5
+
+SSHD_SYSCONFIG=/etc/sysconfig/ssh
+test -r $SSHD_SYSCONFIG || exit 6
+. $SSHD_SYSCONFIG
+
+SSHD_PIDFILE=/var/run/sshd.init.pid
+
+. /etc/rc.status
+
+# Shell functions sourced from /etc/rc.status:
+#      rc_check         check and set local and overall rc status
+#      rc_status        check and set local and overall rc status
+#      rc_status -v     ditto but be verbose in local rc status
+#      rc_status -v -r  ditto and clear the local rc status
+#      rc_failed        set local and overall rc status to failed
+#      rc_reset         clear local rc status (overall remains)
+#      rc_exit          exit appropriate to overall rc status
+
+# First reset status of this service
+rc_reset
+
+case "$1" in
+    start)
+        if ! grep -q '^[[:space:]]*HostKey[[:space:]]' /etc/ssh/sshd_config; then
+                if ! test -f /etc/ssh/ssh_host_key ; then
+                    echo Generating /etc/ssh/ssh_host_key.
+                    ssh-keygen -t rsa1 -b 2048 -f /etc/ssh/ssh_host_key -N ''
+                fi
+                if ! test -f /etc/ssh/ssh_host_dsa_key ; then
+                    echo Generating /etc/ssh/ssh_host_dsa_key.
+                    ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
+                fi
+                if ! test -f /etc/ssh/ssh_host_rsa_key ; then
+                    echo Generating /etc/ssh/ssh_host_rsa_key.
+                    ssh-keygen -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''
+                fi
+                if ! test -f /etc/ssh/ssh_host_ecdsa_key ; then
+                    echo Generating /etc/ssh/ssh_host_ecdsa_key.
+                    ssh-keygen -t ecdsa -b 256 -f /etc/ssh/ssh_host_ecdsa_key -N ''
+                fi
+        fi
+	echo -n "Starting SSH daemon"
+	## Start daemon with startproc(8). If this fails
+	## the echo return value is set appropriate.
+
+	startproc -f $SSHD_BIN $SSHD_OPTS -o "PidFile=$SSHD_PIDFILE" 
+
+	# Remember status and be verbose
+	rc_status -v
+	;;
+    stop)
+	echo -n "Shutting down SSH daemon"
+	## Stop daemon with killproc(8) and if this fails
+	## set echo the echo return value.
+
+	killproc -p $SSHD_PIDFILE -TERM $SSHD_BIN
+
+	# Remember status and be verbose
+	rc_status -v
+	;;
+    try-restart)
+        ## Stop the service and if this succeeds (i.e. the 
+        ## service was running before), start it again.
+        $0 status >/dev/null &&  $0 restart
+
+        # Remember status and be quiet
+        rc_status
+        ;;
+    restart)
+        ## Stop the service and regardless of whether it was
+        ## running or not, start it again.
+        $0 stop
+        $0 start
+
+        # Remember status and be quiet
+        rc_status
+        ;;
+    force-reload|reload)
+	## Signal the daemon to reload its config. Most daemons
+	## do this on signal 1 (SIGHUP).
+
+	echo -n "Reload service sshd"
+
+	killproc -p $SSHD_PIDFILE -HUP $SSHD_BIN
+
+        rc_status -v
+
+        ;;
+    status)
+	echo -n "Checking for service sshd "
+        ## Check status with checkproc(8), if process is running
+        ## checkproc will return with exit status 0.
+
+        # Status has a slightly different for the status command:
+        # 0 - service running
+        # 1 - service dead, but /var/run/  pid  file exists
+        # 2 - service dead, but /var/lock/ lock file exists
+        # 3 - service not running
+
+	checkproc -p $SSHD_PIDFILE $SSHD_BIN
+
+	rc_status -v
+	;;
+    probe)
+	## Optional: Probe for the necessity of a reload,
+	## give out the argument which is required for a reload.
+
+        test /etc/ssh/sshd_config -nt $SSHD_PIDFILE && echo reload
+	;;
+    *)
+	echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
+	exit 1
+	;;
+esac
+rc_exit

sysconfig.ssh

@@ -0,0 +1,9 @@
+## Path:	Network/Remote access/SSH
+## Description:	SSH server settings
+## Type:	string
+## Default:	""
+## ServiceRestart: sshd
+#
+# Options for sshd
+#
+SSHD_OPTS=""