Accepting request 88642 from home:pcerny:factory
- Update to 5.9p1 * sandboxing privsep child through rlimit - spec files and sources cleanup - removed bogus key size from init script OBS-URL: https://build.opensuse.org/request/show/88642 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=14
This commit is contained in:
parent
2f1296c7be
commit
5a89c49d11
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:517e6b2b0c528a7300315db224cf8b2377f87d71d7a0775572f1ce811d6b218a
|
||||
size 900171
|
@ -60,34 +60,34 @@ Index: openssh-5.8p1/config.h.in
|
||||
+/* Define if you want Linux audit support. */
|
||||
+#undef HAVE_LINUX_AUDIT
|
||||
+
|
||||
/* Define to 1 if your processor stores words with the most significant byte
|
||||
first (like Motorola and SPARC, unlike Intel and VAX). */
|
||||
#undef WORDS_BIGENDIAN
|
||||
/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
|
||||
significant byte first (like Motorola and SPARC, unlike Intel). */
|
||||
#if defined AC_APPLE_UNIVERSAL_BUILD
|
||||
Index: openssh-5.8p1/configure.ac
|
||||
===================================================================
|
||||
--- openssh-5.8p1.orig/configure.ac
|
||||
+++ openssh-5.8p1/configure.ac
|
||||
@@ -3522,6 +3522,20 @@ AC_ARG_WITH(selinux,
|
||||
AC_SUBST(SSHLIBS)
|
||||
AC_SUBST(SSHDLIBS)
|
||||
AC_SUBST([SSHLIBS])
|
||||
AC_SUBST([SSHDLIBS])
|
||||
|
||||
+# Check whether user wants Linux audit support
|
||||
+LINUX_AUDIT_MSG="no"
|
||||
+LIBAUDIT=""
|
||||
+AC_ARG_WITH(linux-audit,
|
||||
+AC_ARG_WITH([linux-audit],
|
||||
+ [ --with-linux-audit Enable Linux audit support],
|
||||
+ [ if test "x$withval" != "xno" ; then
|
||||
+ AC_DEFINE(HAVE_LINUX_AUDIT,1,[Define if you want Linux audit support.])
|
||||
+ AC_DEFINE([HAVE_LINUX_AUDIT],[1],[Define if you want Linux audit support.])
|
||||
+ LINUX_AUDIT_MSG="yes"
|
||||
+ AC_CHECK_HEADERS(libaudit.h)
|
||||
+ AC_CHECK_HEADERS([libaudit.h])
|
||||
+ LIBAUDIT="-laudit"
|
||||
+ fi
|
||||
+ ])
|
||||
+AC_SUBST(LIBAUDIT)
|
||||
+AC_SUBST([LIBAUDIT])
|
||||
+
|
||||
# Check whether user wants Kerberos 5 support
|
||||
KRB5_MSG="no"
|
||||
AC_ARG_WITH(kerberos5,
|
||||
AC_ARG_WITH([kerberos5],
|
||||
@@ -4316,6 +4330,7 @@ echo " PAM support
|
||||
echo " OSF SIA support: $SIA_MSG"
|
||||
echo " KerberosV support: $KRB5_MSG"
|
@ -16,6 +16,7 @@ Index: log.c
|
||||
int pri = LOG_INFO;
|
||||
+ sigset_t nset, oset;
|
||||
int saved_errno = errno;
|
||||
log_handler_fn *tmp_handler;
|
||||
|
||||
if (level > log_level)
|
||||
@@ -387,6 +389,14 @@ do_log(LogLevel level, const char *fmt,
|
@ -42,8 +42,8 @@ Index: openssh-5.8p1/ssh-agent.c
|
||||
+ ENGINE_register_all_complete();
|
||||
+
|
||||
__progname = ssh_get_progname(av[0]);
|
||||
init_rng();
|
||||
seed_rng();
|
||||
|
||||
Index: openssh-5.8p1/ssh-keygen.c
|
||||
===================================================================
|
||||
--- openssh-5.8p1.orig/ssh-keygen.c
|
||||
@ -67,7 +67,7 @@ Index: openssh-5.8p1/ssh-keygen.c
|
||||
+
|
||||
log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
|
||||
|
||||
init_rng();
|
||||
seed_rng();
|
||||
Index: openssh-5.8p1/ssh-keysign.c
|
||||
===================================================================
|
||||
--- openssh-5.8p1.orig/ssh-keysign.c
|
@ -153,7 +153,7 @@ Index: servconf.c
|
||||
@@ -322,7 +325,7 @@ typedef enum {
|
||||
sBanner, sUseDNS, sHostbasedAuthentication,
|
||||
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
|
||||
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
|
||||
sClientAliveCountMax, sAuthorizedKeysFile,
|
||||
- sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
|
||||
+ sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sGssEnableMITM,
|
||||
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
|
@ -3,7 +3,7 @@ Index: openssh-5.7p1/sshconnect.c
|
||||
--- openssh-5.7p1.orig/sshconnect.c
|
||||
+++ openssh-5.7p1/sshconnect.c
|
||||
@@ -958,6 +958,11 @@ check_host_key(char *hostname, struct so
|
||||
user_hostfile);
|
||||
user_hostfiles[0]);
|
||||
error("Offending %s key in %s:%lu", key_type(host_found->key),
|
||||
host_found->file, host_found->line);
|
||||
+ error("You can use following command to remove all keys for this IP:");
|
3
openssh-5.9p1.tar.bz2
Normal file
3
openssh-5.9p1.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:478962a2757c61d73de051b8cf8ace9f8f5c4cff5910ca7ba5a7735c5a2ab980
|
||||
size 894158
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:f8266c1a050015a77ba8f6f1fd51aa1ce60d5b913564392bb205f94fedd4548c
|
||||
size 1965
|
@ -1,3 +1,8 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 19 00:40:15 UTC 2011 - pcerny@suse.com
|
||||
|
||||
- Update to 5.9p1
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 4 11:19:14 UTC 2011 - lchiquitto@novell.com
|
||||
|
||||
|
@ -21,24 +21,25 @@ Name: openssh-askpass-gnome
|
||||
BuildRequires: gtk2-devel krb5-devel openssh openssl-devel pam-devel tcpd-devel update-desktop-files
|
||||
License: BSD3c(or similar)
|
||||
Group: Productivity/Networking/SSH
|
||||
Version: 5.8p2
|
||||
Version: 5.9p1
|
||||
Release: 1
|
||||
Requires: openssh = %{version} openssh-askpass = %{version}
|
||||
AutoReqProv: on
|
||||
Summary: A GNOME-Based Passphrase Dialog for OpenSSH
|
||||
URL: http://www.openssh.com/
|
||||
Url: http://www.openssh.com/
|
||||
%define _name openssh
|
||||
Source: %{_name}-%{version}.tar.bz2
|
||||
Patch: %{_name}-5.8p1-sshd_config.diff
|
||||
Patch1: %{_name}-5.8p1-pam-fix2.diff
|
||||
Patch2: %{_name}-5.8p1-saveargv-fix.diff
|
||||
Patch3: %{_name}-5.8p1-pam-fix3.diff
|
||||
Patch4: %{_name}-5.8p1-gssapimitm.patch
|
||||
Patch5: %{_name}-5.8p1-eal3.diff
|
||||
Patch6: %{_name}-5.8p1-engines.diff
|
||||
Patch7: %{_name}-5.8p1-blocksigalrm.diff
|
||||
Patch: %{_name}-5.9p1-sshd_config.diff
|
||||
Patch1: %{_name}-5.9p1-pam-fix2.diff
|
||||
Patch2: %{_name}-5.9p1-saveargv-fix.diff
|
||||
Patch3: %{_name}-5.9p1-pam-fix3.diff
|
||||
Patch4: %{_name}-5.9p1-gssapimitm.patch
|
||||
Patch5: %{_name}-5.9p1-eal3.diff
|
||||
Patch6: %{_name}-5.9p1-engines.diff
|
||||
Patch7: %{_name}-5.9p1-blocksigalrm.diff
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
|
||||
%description
|
||||
SSH (Secure Shell) is a program for logging into a remote machine and
|
||||
for executing commands on a remote machine. This package contains a
|
||||
@ -55,14 +56,15 @@ GNOME-based passphrase dialog for OpenSSH.
|
||||
%patch6 -p1
|
||||
%patch7
|
||||
|
||||
|
||||
%build
|
||||
%{?suse_update_config:%{suse_update_config}}
|
||||
aclocal
|
||||
autoheader
|
||||
autoconf
|
||||
%configure \
|
||||
--sysconfdir=%_sysconfdir/ssh \
|
||||
--libexecdir=%_libexecdir/ssh \
|
||||
--sysconfdir=%{_sysconfdir}/ssh \
|
||||
--libexecdir=%{_libexecdir}/ssh \
|
||||
--with-tcp-wrappers \
|
||||
--with-pam \
|
||||
--with-kerberos5=/usr \
|
||||
@ -73,13 +75,17 @@ cd contrib
|
||||
make %{?_smp_mflags} gnome-ssh-askpass2
|
||||
mv gnome-ssh-askpass2 gnome-ssh-askpass
|
||||
|
||||
|
||||
%install
|
||||
install -d -m 755 %buildroot/%_libexecdir/ssh/
|
||||
install contrib/gnome-ssh-askpass %buildroot/%_libexecdir/ssh/gnome-ssh-askpass
|
||||
install -d -m 755 %{buildroot}%{_libexecdir}/ssh/
|
||||
install contrib/gnome-ssh-askpass %{buildroot}%{_libexecdir}/ssh/gnome-ssh-askpass
|
||||
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%dir %_libexecdir/ssh
|
||||
%attr(0755,root,root) %_libexecdir/ssh/gnome-ssh-askpass
|
||||
%dir %{_libexecdir}/ssh
|
||||
%attr(0755,root,root) %{_libexecdir}/ssh/gnome-ssh-askpass
|
||||
|
||||
|
||||
|
||||
%changelog
|
||||
|
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 19 00:32:20 UTC 2011 - pcerny@suse.com
|
||||
|
||||
- Update to 5.9p1
|
||||
* sandboxing privsep child through rlimit
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 16 09:43:47 UTC 2011 - jengelh@medozas.de
|
||||
|
||||
|
177
openssh.spec
177
openssh.spec
@ -18,7 +18,7 @@
|
||||
|
||||
|
||||
Name: openssh
|
||||
%define _fwdefdir %_sysconfdir/sysconfig/SuSEfirewall2.d/services
|
||||
%define _fwdefdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
|
||||
%define _appdefdir %{_prefix}/share/X11/app-defaults
|
||||
BuildRequires: audit-devel krb5-devel openssl-devel pam-devel tcpd-devel xorg-x11-devel
|
||||
BuildRequires: libselinux-devel
|
||||
@ -26,15 +26,15 @@ BuildRequires: libedit-devel
|
||||
License: BSD3c(or similar) ; MIT License (or similar)
|
||||
Group: Productivity/Networking/SSH
|
||||
Requires: /bin/netstat
|
||||
PreReq: pwdutils %insserv_prereq %fillup_prereq coreutils
|
||||
PreReq: pwdutils %{insserv_prereq} %{fillup_prereq} coreutils
|
||||
Conflicts: nonfreessh
|
||||
Version: 5.8p2
|
||||
Version: 5.9p1
|
||||
Release: 1
|
||||
%define xversion 1.2.4.1
|
||||
Summary: Secure Shell Client and Server (Remote Login Program)
|
||||
URL: http://www.openssh.com/
|
||||
Url: http://www.openssh.com/
|
||||
Source: %{name}-%{version}.tar.bz2
|
||||
Source1: %{name}-SuSE.tar.bz2
|
||||
Source1: sshd.init
|
||||
Source2: sshd.pamd
|
||||
Source3: x11-ssh-askpass-%{xversion}.tar.bz2
|
||||
Source4: README.SuSE
|
||||
@ -43,34 +43,37 @@ Source6: README.kerberos
|
||||
Source7: ssh.reg
|
||||
Source8: ssh-askpass
|
||||
Source9: sshd.fw
|
||||
Patch: %{name}-5.8p1-sshd_config.diff
|
||||
Patch1: %{name}-5.8p1-askpass-fix.diff
|
||||
Patch2: %{name}-5.8p1-pam-fix2.diff
|
||||
Patch3: %{name}-5.8p1-saveargv-fix.diff
|
||||
Patch4: %{name}-5.8p1-pam-fix3.diff
|
||||
Patch5: %{name}-5.8p1-gssapimitm.patch
|
||||
Patch6: %{name}-5.8p1-eal3.diff
|
||||
Patch7: %{name}-5.8p1-engines.diff
|
||||
Patch8: %{name}-5.8p1-blocksigalrm.diff
|
||||
Patch9: %{name}-5.8p1-send_locale.diff
|
||||
Patch10: %{name}-5.8p1-xauthlocalhostname.diff
|
||||
Patch12: %{name}-5.8p1-xauth.diff
|
||||
Patch14: %{name}-5.8p1-default-protocol.diff
|
||||
Patch15: %{name}-5.8p1-audit.patch
|
||||
Patch16: %{name}-5.8p1-pts.diff
|
||||
Patch17: %{name}-5.8p1-homechroot.patch
|
||||
Patch18: %{name}-5.8p1-sshconfig-knownhostschanges.diff
|
||||
Patch19: %{name}-5.8p1-host_ident.diff
|
||||
Source10: sysconfig.ssh
|
||||
Patch: %{name}-5.9p1-sshd_config.diff
|
||||
Patch1: %{name}-5.9p1-askpass-fix.diff
|
||||
Patch2: %{name}-5.9p1-pam-fix2.diff
|
||||
Patch3: %{name}-5.9p1-saveargv-fix.diff
|
||||
Patch4: %{name}-5.9p1-pam-fix3.diff
|
||||
Patch5: %{name}-5.9p1-gssapimitm.patch
|
||||
Patch6: %{name}-5.9p1-eal3.diff
|
||||
Patch7: %{name}-5.9p1-engines.diff
|
||||
Patch8: %{name}-5.9p1-blocksigalrm.diff
|
||||
Patch9: %{name}-5.9p1-send_locale.diff
|
||||
Patch10: %{name}-5.9p1-xauthlocalhostname.diff
|
||||
Patch12: %{name}-5.9p1-xauth.diff
|
||||
Patch14: %{name}-5.9p1-default-protocol.diff
|
||||
Patch15: %{name}-5.9p1-audit.patch
|
||||
Patch16: %{name}-5.9p1-pts.diff
|
||||
Patch17: %{name}-5.9p1-homechroot.patch
|
||||
Patch18: %{name}-5.9p1-sshconfig-knownhostschanges.diff
|
||||
Patch19: %{name}-5.9p1-host_ident.diff
|
||||
Patch20: converter-linking.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
|
||||
%package askpass
|
||||
License: BSD3c(or similar) ; MIT License (or similar)
|
||||
Summary: A passphrase dialog for OpenSSH and the X Window System
|
||||
Requires: openssh = %{version}
|
||||
Provides: openssh:%_libexecdir/ssh/ssh-askpass
|
||||
Provides: openssh:%{_libexecdir}/ssh/ssh-askpass
|
||||
Group: Productivity/Networking/SSH
|
||||
|
||||
|
||||
%description
|
||||
SSH (Secure Shell) is a program for logging into and executing commands
|
||||
on a remote machine. It is intended to replace rsh (rlogin and rsh) and
|
||||
@ -86,7 +89,7 @@ for executing commands on a remote machine. This package contains an X
|
||||
Window System passphrase dialog for OpenSSH.
|
||||
|
||||
%prep
|
||||
%setup -q -b 3 -a 1 -a 5
|
||||
%setup -q -b 3 -a 5
|
||||
%patch
|
||||
%patch2
|
||||
%patch3
|
||||
@ -110,6 +113,7 @@ cp -v %{SOURCE6} .
|
||||
cd ../x11-ssh-askpass-%{xversion}
|
||||
%patch1
|
||||
|
||||
|
||||
%build
|
||||
autoreconf -fiv
|
||||
%ifarch s390 s390x %sparc
|
||||
@ -117,20 +121,22 @@ PIEFLAGS="-fPIE"
|
||||
%else
|
||||
PIEFLAGS="-fpie"
|
||||
%endif
|
||||
%configure --with-ssl-engine \
|
||||
CFLAGS="%optflags $PIEFLAGS -fstack-protector" \
|
||||
CXXFLAGS="%optflags $PIEFLAGS -fstack-protector" \
|
||||
LDFLAGS="-pie" \
|
||||
export CFLAGS="%{optflags} $PIEFLAGS -fstack-protector"
|
||||
export CXXFLAGS="%{optflags} $PIEFLAGS -fstack-protector"
|
||||
export LDFLAGS="-pie"
|
||||
%configure \
|
||||
--with-ssl-engine \
|
||||
%if 0%{suse_version} >= 1140
|
||||
--with-libedit \
|
||||
%endif
|
||||
--sysconfdir=%_sysconfdir/ssh \
|
||||
--libexecdir=%_libexecdir/ssh \
|
||||
--sysconfdir=%{_sysconfdir}/ssh \
|
||||
--libexecdir=%{_libexecdir}/ssh \
|
||||
--with-tcp-wrappers \
|
||||
--with-selinux \
|
||||
--with-pam \
|
||||
--with-kerberos5=/usr \
|
||||
--with-privsep-path=/var/lib/empty \
|
||||
--with-sandbox=rlimit \
|
||||
--disable-strip \
|
||||
--with-linux-audit \
|
||||
--with-xauth=%{_prefix}/bin/xauth \
|
||||
@ -141,67 +147,77 @@ make %{?_smp_mflags}
|
||||
cd contrib
|
||||
cd ../../x11-ssh-askpass-%{xversion}
|
||||
%configure \
|
||||
--libexecdir=%_libdir/ssh
|
||||
--libexecdir=%{_libdir}/ssh
|
||||
xmkmf
|
||||
make includes USRLIBDIR=%_libdir
|
||||
make %{?_smp_mflags} USRLIBDIR=%_libdir CCOPTIONS="%optflags"
|
||||
make includes USRLIBDIR=%{_libdir}
|
||||
make %{?_smp_mflags} USRLIBDIR=%{_libdir} CCOPTIONS="%{optflags}"
|
||||
|
||||
|
||||
%install
|
||||
make DESTDIR=%buildroot/ install
|
||||
install -d -m 755 %buildroot%_sysconfdir/pam.d
|
||||
install -d -m 755 %buildroot/var/lib/sshd
|
||||
install -m 644 %{S:2} %buildroot%_sysconfdir/pam.d/sshd
|
||||
install -d -m 755 %buildroot%_sysconfdir/slp.reg.d/
|
||||
install -m 644 %{S:7} %buildroot%_sysconfdir/slp.reg.d/
|
||||
cp -a SuSE/* %buildroot
|
||||
make DESTDIR=%{buildroot}/ install
|
||||
install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d
|
||||
install -d -m 755 %{buildroot}/var/lib/sshd
|
||||
install -m 644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/sshd
|
||||
install -d -m 755 %{buildroot}%{_sysconfdir}/slp.reg.d/
|
||||
install -m 644 %{S:7} %{buildroot}%{_sysconfdir}/slp.reg.d/
|
||||
install -d -m 755 %{buildroot}/etc/init.d
|
||||
install -m 755 %{S:1} %{buildroot}/etc/init.d/sshd
|
||||
ln -vs ../../etc/init.d/sshd %{buildroot}/usr/sbin/rcsshd
|
||||
install -d -m 755 %{buildroot}/var/adm/fillup-templates
|
||||
install -m 644 %{S:10} %{buildroot}/var/adm/fillup-templates
|
||||
# install shell script to automate the process of adding your public key to a remote machine
|
||||
install -m 755 contrib/ssh-copy-id %buildroot%_bindir
|
||||
install -m 644 contrib/ssh-copy-id.1 %buildroot/%_mandir/man1
|
||||
(cd converter; make install DESTDIR=%buildroot/)
|
||||
cd ../x11-ssh-askpass-%xversion
|
||||
make BINDIR=%_libexecdir/ssh DESTDIR=%buildroot install install.man
|
||||
rm -rf %buildroot/%_libexecdir/ssh/ssh-askpass
|
||||
sed -e "s@usr/lib/ssh@usr/%_lib/ssh@" < %{S:8} > %buildroot/%_libexecdir/ssh/ssh-askpass
|
||||
rm -f %buildroot%_datadir/Ssh.bin
|
||||
sed -i -e s@/usr/libexec@%_libexecdir@g %buildroot%_sysconfdir/ssh/sshd_config
|
||||
install -m 755 contrib/ssh-copy-id %{buildroot}%{_bindir}
|
||||
install -m 644 contrib/ssh-copy-id.1 %{buildroot}/%{_mandir}/man1
|
||||
(cd converter; make install DESTDIR=%{buildroot}/)
|
||||
cd ../x11-ssh-askpass-%{xversion}
|
||||
make BINDIR=%{_libexecdir}/ssh DESTDIR=%{buildroot} install install.man
|
||||
rm -rf %{buildroot}/%{_libexecdir}/ssh/ssh-askpass
|
||||
sed -e "s@usr/lib/ssh@usr/%{_lib}/ssh@" < %{S:8} > %{buildroot}/%{_libexecdir}/ssh/ssh-askpass
|
||||
rm -f %{buildroot}%{_datadir}/Ssh.bin
|
||||
sed -i -e s@/usr/libexec@%{_libexecdir}@g %{buildroot}%{_sysconfdir}/ssh/sshd_config
|
||||
#install firewall definitions format is described here:
|
||||
#%_datadir/SuSEfirewall2/services/TEMPLATE
|
||||
mkdir -p %buildroot/%{_fwdefdir}
|
||||
install -m 644 %{S:9} %buildroot/%{_fwdefdir}/sshd
|
||||
#%{_datadir}/SuSEfirewall2/services/TEMPLATE
|
||||
mkdir -p %{buildroot}/%{_fwdefdir}
|
||||
install -m 644 %{S:9} %{buildroot}/%{_fwdefdir}/sshd
|
||||
|
||||
|
||||
%pre
|
||||
getent group sshd >/dev/null || %_sbindir/groupadd -o -r sshd
|
||||
getent passwd sshd >/dev/null || %_sbindir/useradd -r -g sshd -d /var/lib/sshd -s /bin/false -c "SSH daemon" sshd
|
||||
getent group sshd >/dev/null || %{_sbindir}/groupadd -o -r sshd
|
||||
getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d /var/lib/sshd -s /bin/false -c "SSH daemon" sshd
|
||||
|
||||
|
||||
%post
|
||||
%{fillup_and_insserv -n ssh sshd}
|
||||
|
||||
|
||||
%preun
|
||||
%stop_on_removal sshd
|
||||
|
||||
|
||||
%postun
|
||||
%restart_on_update sshd
|
||||
%{insserv_cleanup}
|
||||
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%dir %attr(755,root,root) /var/lib/sshd
|
||||
%doc README.SuSE README.kerberos ChangeLog OVERVIEW README TODO LICENCE CREDITS
|
||||
%attr(0755,root,root) %dir %_sysconfdir/ssh
|
||||
%attr(0600,root,root) %config(noreplace) %_sysconfdir/ssh/moduli
|
||||
%attr(0644,root,root) %config(noreplace) %_sysconfdir/ssh/ssh_config
|
||||
%attr(0640,root,root) %config(noreplace) %_sysconfdir/ssh/sshd_config
|
||||
%attr(0644,root,root) %config %_sysconfdir/pam.d/sshd
|
||||
%attr(0755,root,root) %config %_initddir/sshd
|
||||
%attr(0755,root,root) %_bindir/ssh
|
||||
%_bindir/scp
|
||||
%_bindir/sftp
|
||||
%_bindir/slogin
|
||||
%_bindir/ssh-*
|
||||
%_sbindir/*
|
||||
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
|
||||
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
|
||||
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
|
||||
%attr(0644,root,root) %config %{_sysconfdir}/pam.d/sshd
|
||||
%attr(0755,root,root) %config %{_initddir}/sshd
|
||||
%attr(0755,root,root) %{_bindir}/ssh
|
||||
%{_bindir}/scp
|
||||
%{_bindir}/sftp
|
||||
%{_bindir}/slogin
|
||||
%{_bindir}/ssh-*
|
||||
%{_sbindir}/*
|
||||
%attr(444,root,root) %doc %{_mandir}/man1/scp.1.gz
|
||||
%attr(444,root,root) %doc %{_mandir}/man1/ssh-keygen.1.gz
|
||||
%attr(444,root,root) %doc %_mandir/man1/ssh-keyconverter.1.gz
|
||||
%attr(444,root,root) %doc %{_mandir}/man1/ssh-keyconverter.1.gz
|
||||
%attr(444,root,root) %doc %{_mandir}/man1/ssh.1.gz
|
||||
%attr(444,root,root) %doc %{_mandir}/man1/slogin.1.gz
|
||||
%attr(444,root,root) %doc %{_mandir}/man1/ssh-agent.1*
|
||||
@ -211,21 +227,24 @@ getent passwd sshd >/dev/null || %_sbindir/useradd -r -g sshd -d /var/lib/sshd -
|
||||
%attr(444,root,root) %doc %{_mandir}/man1/ssh-copy-id.1*
|
||||
%attr(444,root,root) %doc %{_mandir}/man5/*
|
||||
%attr(444,root,root) %doc %{_mandir}/man8/*
|
||||
%attr(0755,root,root) %dir %_libexecdir/ssh
|
||||
%attr(0755,root,root) %_libexecdir/ssh/sftp-server
|
||||
%attr(0755,root,root) %_libexecdir/ssh/ssh-keysign
|
||||
%attr(0755,root,root) %_libexecdir/ssh/ssh-pkcs11-helper
|
||||
%dir %_sysconfdir/slp.reg.d
|
||||
%config %_sysconfdir/slp.reg.d/ssh.reg
|
||||
%attr(0755,root,root) %dir %{_libexecdir}/ssh
|
||||
%attr(0755,root,root) %{_libexecdir}/ssh/sftp-server
|
||||
%attr(0755,root,root) %{_libexecdir}/ssh/ssh-keysign
|
||||
%attr(0755,root,root) %{_libexecdir}/ssh/ssh-pkcs11-helper
|
||||
%dir %{_sysconfdir}/slp.reg.d
|
||||
%config %{_sysconfdir}/slp.reg.d/ssh.reg
|
||||
/var/adm/fillup-templates/sysconfig.ssh
|
||||
%config %{_fwdefdir}/sshd
|
||||
|
||||
|
||||
%files askpass
|
||||
%defattr(-,root,root)
|
||||
%attr(0755,root,root) %_libexecdir/ssh/ssh-askpass
|
||||
%attr(0755,root,root) %_libexecdir/ssh/x11-ssh-askpass
|
||||
%doc %_mandir/man1/ssh-askpass.1x.gz
|
||||
%doc %_mandir/man1/x11-ssh-askpass.1x.gz
|
||||
%_appdefdir/SshAskpass
|
||||
%attr(0755,root,root) %{_libexecdir}/ssh/ssh-askpass
|
||||
%attr(0755,root,root) %{_libexecdir}/ssh/x11-ssh-askpass
|
||||
%doc %{_mandir}/man1/ssh-askpass.1x.gz
|
||||
%doc %{_mandir}/man1/x11-ssh-askpass.1x.gz
|
||||
%{_appdefdir}/SshAskpass
|
||||
|
||||
|
||||
|
||||
%changelog
|
||||
|
137
sshd.init
Normal file
137
sshd.init
Normal file
@ -0,0 +1,137 @@
|
||||
#! /bin/sh
|
||||
# Copyright (c) 1995-2000 SuSE GmbH Nuernberg, Germany.
|
||||
#
|
||||
# Author: Jiri Smid <feedback@suse.de>
|
||||
#
|
||||
# /etc/init.d/sshd
|
||||
#
|
||||
# and symbolic its link
|
||||
#
|
||||
# /usr/sbin/rcsshd
|
||||
#
|
||||
### BEGIN INIT INFO
|
||||
# Provides: sshd
|
||||
# Required-Start: $network $remote_fs
|
||||
# Required-Stop: $network $remote_fs
|
||||
# Default-Start: 3 5
|
||||
# Default-Stop: 0 1 2 6
|
||||
# Description: Start the sshd daemon
|
||||
### END INIT INFO
|
||||
|
||||
SSHD_BIN=/usr/sbin/sshd
|
||||
test -x $SSHD_BIN || exit 5
|
||||
|
||||
SSHD_SYSCONFIG=/etc/sysconfig/ssh
|
||||
test -r $SSHD_SYSCONFIG || exit 6
|
||||
. $SSHD_SYSCONFIG
|
||||
|
||||
SSHD_PIDFILE=/var/run/sshd.init.pid
|
||||
|
||||
. /etc/rc.status
|
||||
|
||||
# Shell functions sourced from /etc/rc.status:
|
||||
# rc_check check and set local and overall rc status
|
||||
# rc_status check and set local and overall rc status
|
||||
# rc_status -v ditto but be verbose in local rc status
|
||||
# rc_status -v -r ditto and clear the local rc status
|
||||
# rc_failed set local and overall rc status to failed
|
||||
# rc_reset clear local rc status (overall remains)
|
||||
# rc_exit exit appropriate to overall rc status
|
||||
|
||||
# First reset status of this service
|
||||
rc_reset
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
if ! grep -q '^[[:space:]]*HostKey[[:space:]]' /etc/ssh/sshd_config; then
|
||||
if ! test -f /etc/ssh/ssh_host_key ; then
|
||||
echo Generating /etc/ssh/ssh_host_key.
|
||||
ssh-keygen -t rsa1 -b 2048 -f /etc/ssh/ssh_host_key -N ''
|
||||
fi
|
||||
if ! test -f /etc/ssh/ssh_host_dsa_key ; then
|
||||
echo Generating /etc/ssh/ssh_host_dsa_key.
|
||||
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
|
||||
fi
|
||||
if ! test -f /etc/ssh/ssh_host_rsa_key ; then
|
||||
echo Generating /etc/ssh/ssh_host_rsa_key.
|
||||
ssh-keygen -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''
|
||||
fi
|
||||
if ! test -f /etc/ssh/ssh_host_ecdsa_key ; then
|
||||
echo Generating /etc/ssh/ssh_host_ecdsa_key.
|
||||
ssh-keygen -t ecdsa -b 256 -f /etc/ssh/ssh_host_ecdsa_key -N ''
|
||||
fi
|
||||
fi
|
||||
echo -n "Starting SSH daemon"
|
||||
## Start daemon with startproc(8). If this fails
|
||||
## the echo return value is set appropriate.
|
||||
|
||||
startproc -f $SSHD_BIN $SSHD_OPTS -o "PidFile=$SSHD_PIDFILE"
|
||||
|
||||
# Remember status and be verbose
|
||||
rc_status -v
|
||||
;;
|
||||
stop)
|
||||
echo -n "Shutting down SSH daemon"
|
||||
## Stop daemon with killproc(8) and if this fails
|
||||
## set echo the echo return value.
|
||||
|
||||
killproc -p $SSHD_PIDFILE -TERM $SSHD_BIN
|
||||
|
||||
# Remember status and be verbose
|
||||
rc_status -v
|
||||
;;
|
||||
try-restart)
|
||||
## Stop the service and if this succeeds (i.e. the
|
||||
## service was running before), start it again.
|
||||
$0 status >/dev/null && $0 restart
|
||||
|
||||
# Remember status and be quiet
|
||||
rc_status
|
||||
;;
|
||||
restart)
|
||||
## Stop the service and regardless of whether it was
|
||||
## running or not, start it again.
|
||||
$0 stop
|
||||
$0 start
|
||||
|
||||
# Remember status and be quiet
|
||||
rc_status
|
||||
;;
|
||||
force-reload|reload)
|
||||
## Signal the daemon to reload its config. Most daemons
|
||||
## do this on signal 1 (SIGHUP).
|
||||
|
||||
echo -n "Reload service sshd"
|
||||
|
||||
killproc -p $SSHD_PIDFILE -HUP $SSHD_BIN
|
||||
|
||||
rc_status -v
|
||||
|
||||
;;
|
||||
status)
|
||||
echo -n "Checking for service sshd "
|
||||
## Check status with checkproc(8), if process is running
|
||||
## checkproc will return with exit status 0.
|
||||
|
||||
# Status has a slightly different for the status command:
|
||||
# 0 - service running
|
||||
# 1 - service dead, but /var/run/ pid file exists
|
||||
# 2 - service dead, but /var/lock/ lock file exists
|
||||
# 3 - service not running
|
||||
|
||||
checkproc -p $SSHD_PIDFILE $SSHD_BIN
|
||||
|
||||
rc_status -v
|
||||
;;
|
||||
probe)
|
||||
## Optional: Probe for the necessity of a reload,
|
||||
## give out the argument which is required for a reload.
|
||||
|
||||
test /etc/ssh/sshd_config -nt $SSHD_PIDFILE && echo reload
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
rc_exit
|
9
sysconfig.ssh
Normal file
9
sysconfig.ssh
Normal file
@ -0,0 +1,9 @@
|
||||
## Path: Network/Remote access/SSH
|
||||
## Description: SSH server settings
|
||||
## Type: string
|
||||
## Default: ""
|
||||
## ServiceRestart: sshd
|
||||
#
|
||||
# Options for sshd
|
||||
#
|
||||
SSHD_OPTS=""
|
Loading…
Reference in New Issue
Block a user