diff --git a/Makefile b/Makefile index 668900c3b..e09e1eb9f 100644 --- a/Makefile +++ b/Makefile @@ -1,13 +1,75 @@ -# $OpenBSD: Makefile,v 1.5 1999/10/25 20:27:26 markus Exp $ +# Generated automatically from Makefile.in by configure. +prefix=/usr/local +exec_prefix=${prefix} +bindir=${exec_prefix}/bin +sbindir=${exec_prefix}/sbin +libdir=${exec_prefix}/lib -.include +CC=gcc +OPT_FLAGS=-g +CFLAGS=$(OPT_FLAGS) -Wall -DETCDIR=\"${prefix}/etc\" -DHAVE_CONFIG_H +TARGETS=bin/libopenssh.a bin/openssh bin/opensshd bin/openssh-add bin/openssh-keygen bin/openssh-agent bin/openscp +LFLAGS=-L./bin +LIBS=-lopenssh -lpam -ldl -lpwdb -lz -lutil -lcrypto +AR=ar +RANLIB=ranlib -SUBDIR= lib ssh sshd ssh-add ssh-keygen ssh-agent scp +OBJS= authfd.o authfile.o auth-passwd.o auth-rhosts.o auth-rh-rsa.o \ + auth-rsa.o bufaux.o buffer.o canohost.o channels.o cipher.o \ + clientloop.o compress.o crc32.o deattack.o helper.o hostfile.o \ + log-client.o login.o log-server.o match.o mpaux.o packet.o pty.o \ + readconf.o readpass.o rsa.o servconf.o serverloop.o \ + sshconnect.o tildexpand.o ttymodes.o uidswap.o xmalloc.o \ + helper.o mktemp.o strlcpy.o rc4.o -distribution: - install -C -o root -g wheel -m 0644 ${.CURDIR}/ssh_config \ - ${DESTDIR}/etc/ssh_config - install -C -o root -g wheel -m 0644 ${.CURDIR}/sshd_config \ - ${DESTDIR}/etc/sshd_config +all: $(OBJS) $(TARGETS) -.include +bin/libopenssh.a: authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o hostfile.o match.o mpaux.o nchan.o packet.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o helper.o rc4.o mktemp.o strlcpy.o + [ -d bin ] || mkdir bin + $(AR) rv $@ $^ + $(RANLIB) $@ + +bin/openssh: ssh.o sshconnect.o log-client.o readconf.o clientloop.o + [ -d bin ] || mkdir bin + $(CC) -o $@ $^ $(LFLAGS) $(LIBS) + +bin/opensshd: sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o + [ -d bin ] || mkdir bin + $(CC) -o $@ $^ $(LFLAGS) $(LIBS) + +bin/openscp: scp.o + [ -d bin ] || mkdir bin + $(CC) -o $@ $^ $(LFLAGS) $(LIBS) + +bin/openssh-add: ssh-add.o log-client.o + [ -d bin ] || mkdir bin + $(CC) -o $@ $^ $(LFLAGS) $(LIBS) + +bin/openssh-agent: ssh-agent.o log-client.o + [ -d bin ] || mkdir bin + $(CC) -o $@ $^ $(LFLAGS) $(LIBS) + +bin/openssh-keygen: ssh-keygen.o log-client.o + [ -d bin ] || mkdir bin + $(CC) -o $@ $^ $(LFLAGS) $(LIBS) + +clean: + rm -f *.o core bin/* config.status config.cache config.log + +install: + install -d $(bindir) + install -d $(sbindir) + install -d $(libdir) + install -c bin/openssh $(bindir)/openssh + install -c bin/openscp $(bindir)/openscp + install -c bin/openssh-add $(bindir)/openssh-add + install -c bin/openssh-agent $(bindir)/openssh-agent + install -c bin/openssh-keygen $(bindir)/openssh-keygen + install -c bin/opensshd $(sbindir)/opensshd + install -c bin/libopenssh.a $(libdir)/libopenssh.a + +distclean: clean + rm -f Makefile config.h *~ + rm -rf bin + +mrproper: distclean diff --git a/Makefile.in b/Makefile.in index 8e1d2f1a1..2601404ce 100644 --- a/Makefile.in +++ b/Makefile.in @@ -5,7 +5,8 @@ sbindir=@sbindir@ libdir=@libdir@ CC=@CC@ -CFLAGS=-g -Wall -DETCDIR=\"/etc/ssh\" @DEFS@ +OPT_FLAGS=-g +CFLAGS=$(OPT_FLAGS) -Wall -DETCDIR=\"@sysconfdir@\" @DEFS@ TARGETS=bin/libopenssh.a bin/openssh bin/opensshd bin/openssh-add bin/openssh-keygen bin/openssh-agent bin/openscp LFLAGS=-L./bin LIBS=-lopenssh @LIBS@ diff --git a/includes.h b/includes.h index b2e8c1e78..609dd49b8 100644 --- a/includes.h +++ b/includes.h @@ -57,15 +57,17 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } #include "version.h" +#include "config.h" + #include "helper.h" #include "mktemp.h" #include "strlcpy.h" -#ifdef HAVE_PAM +#ifdef HAVE_LIBPAM #include #endif /* HAVE_PAM */ -#ifdef HAVE_PWDB +#ifdef HAVE_LIBPWDB #include #endif /* HAVE_PWDB */ @@ -83,10 +85,4 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } client program. Socketpairs do not seem to work on all systems. */ #define USE_PIPES 1 -#ifndef SHUT_RD -#define SHUT_RD 0 -#define SHUT_WR 1 -#define SHUT_RDWR 2 -#endif /* SHUT_RD */ - #endif /* INCLUDES_H */ diff --git a/scp.1 b/openscp.1 similarity index 97% rename from scp.1 rename to openscp.1 index 45cd2ad3d..6601ac654 100644 --- a/scp.1 +++ b/openscp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $Id: scp.1,v 1.1 1999/10/27 03:42:44 damien Exp $ +.\" $Id: openscp.1,v 1.1 1999/10/28 04:03:14 damien Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 diff --git a/ssh-add.1 b/openssh-add.1 similarity index 97% rename from ssh-add.1 rename to openssh-add.1 index 4c64ab2b3..fd0861fe0 100644 --- a/ssh-add.1 +++ b/openssh-add.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 23:55:14 1995 ylo .\" -.\" $Id: ssh-add.1,v 1.1 1999/10/27 03:42:45 damien Exp $ +.\" $Id: openssh-add.1,v 1.1 1999/10/28 04:03:14 damien Exp $ .\" .Dd September 25, 1999 .Dt SSH-ADD 1 diff --git a/ssh-agent.1 b/openssh-agent.1 similarity index 98% rename from ssh-agent.1 rename to openssh-agent.1 index 01c43cdee..df061df82 100644 --- a/ssh-agent.1 +++ b/openssh-agent.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 23 20:10:43 1995 ylo .\" -.\" $Id: ssh-agent.1,v 1.1 1999/10/27 03:42:45 damien Exp $ +.\" $Id: openssh-agent.1,v 1.1 1999/10/28 04:03:14 damien Exp $ .\" .Dd September 25, 1999 .Dt SSH-AGENT 1 diff --git a/ssh-keygen.1 b/openssh-keygen.1 similarity index 98% rename from ssh-keygen.1 rename to openssh-keygen.1 index 67fbfd2c7..c135be441 100644 --- a/ssh-keygen.1 +++ b/openssh-keygen.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 23:55:14 1995 ylo .\" -.\" $Id: ssh-keygen.1,v 1.1 1999/10/27 03:42:45 damien Exp $ +.\" $Id: openssh-keygen.1,v 1.1 1999/10/28 04:03:14 damien Exp $ .\" .Dd September 25, 1999 .Dt SSH-KEYGEN 1 diff --git a/ssh.1 b/openssh.1 similarity index 98% rename from ssh.1 rename to openssh.1 index a6d76a97f..21a4e63cb 100644 --- a/ssh.1 +++ b/openssh.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: ssh.1,v 1.1 1999/10/27 03:42:45 damien Exp $ +.\" $Id: openssh.1,v 1.1 1999/10/28 04:03:14 damien Exp $ .\" .Dd September 25, 1999 .Dt SSH 1 @@ -66,7 +66,7 @@ his/her identity to the remote machine using one of several methods. First, if the machine the user logs in from is listed in .Pa /etc/hosts.equiv or -.Pa /etc/shosts.equiv +.Pa /etc/openssh/shosts.equiv on the remote machine, and the user names are the same on both sides, the user is immediately permitted to log in. Second, if @@ -89,10 +89,10 @@ means that if the login would be permitted by .Pa \&.shosts , .Pa /etc/hosts.equiv , or -.Pa /etc/shosts.equiv , +.Pa /etc/openssh/shosts.equiv , and if additionally the server can verify the client's host key (see -.Pa /etc/ssh_known_hosts +.Pa /etc/openssh/ssh_known_hosts in the .Sx FILES section), only then login is @@ -248,7 +248,7 @@ identifications for all hosts it has ever been used with. The database is stored in .Pa \&.ssh/known_hosts in the user's home directory. Additionally, the file -.Pa /etc/ssh_known_hosts +.Pa /etc/openssh/ssh_known_hosts is automatically checked for known hosts. Any new hosts are automatically added to the user's file. If a host's identification ever changes, @@ -416,7 +416,7 @@ obtains configuration data from the following sources (in this order): command line options, user's configuration file .Pq Pa $HOME/.ssh/config , and system-wide configuration file -.Pq Pa /etc/ssh_config . +.Pq Pa /etc/openssh/ssh_config . For each parameter, the first obtained value will be used. The configuration files contain sections bracketed by "Host" specifications, and that section is only applied for hosts that @@ -540,7 +540,7 @@ The default is .Dq no . .It Cm GlobalKnownHostsFile Specifies a file to use instead of -.Pa /etc/ssh_known_hosts . +.Pa /etc/openssh/ssh_known_hosts . .It Cm HostName Specifies the real host name to log into. This can be used to specify nicnames or abbreviations for hosts. Default is the name given on the @@ -672,7 +672,7 @@ ssh will never automatically add host keys to the file, and refuses to connect hosts whose host key has changed. This provides maximum protection against trojan horse attacks. However, it can be somewhat annoying if you don't have good -.Pa /etc/ssh_known_hosts +.Pa /etc/openssh/ssh_known_hosts files installed and frequently connect new hosts. Basically this option forces the user to manually add any new hosts. Normally this option is disabled, and new hosts @@ -779,7 +779,7 @@ to the environment. .It Pa $HOME/.ssh/known_hosts Records host keys for all hosts the user has logged into (that are not in -.Pa /etc/ssh_known_hosts ) . +.Pa /etc/openssh/ssh_known_hosts ) . See .Xr sshd 8 . .It Pa $HOME/.ssh/random_seed @@ -824,7 +824,7 @@ identity files (that is, each line contains the number of bits in modulus, public exponent, modulus, and comment fields, separated by spaces). This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. -.It Pa /etc/ssh_known_hosts +.It Pa /etc/openssh/ssh_known_hosts Systemwide list of known host keys. This file should be prepared by the system administrator to contain the public host keys of all machines in the organization. This file should be world-readable. This file contains @@ -843,7 +843,7 @@ to verify the client host when logging in; other names are needed because does not convert the user-supplied name to a canonical name before checking the key, because someone with access to the name servers would then be able to fool host authentication. -.It Pa /etc/ssh_config +.It Pa /etc/openssh/ssh_config Systemwide configuration file. This file provides defaults for those values that are not specified in the user's configuration file, and for those users who do not have a configuration file. This file must @@ -870,7 +870,7 @@ Note that by default will be installed so that it requires successful RSA host authentication before permitting \s+2.\s0rhosts authentication. If your server machine does not have the client's host key in -.Pa /etc/ssh_known_hosts , +.Pa /etc/openssh/ssh_known_hosts , you can store it in .Pa $HOME/.ssh/known_hosts . The easiest way to do this is to @@ -897,13 +897,13 @@ manual page). If the client host is found in this file, login is automatically permitted provided client and server user names are the same. Additionally, successful RSA host authentication is normally required. This file should only be writable by root. -.It Pa /etc/shosts.equiv +.It Pa /etc/openssh/shosts.equiv This file is processed exactly as .Pa /etc/hosts.equiv . This file may be useful to permit logins using .Nm but not using rsh/rlogin. -.It Pa /etc/sshrc +.It Pa /etc/openssh/sshrc Commands in this file are executed by .Nm when the user logs in just before the user's shell (or command) is started. diff --git a/openssh.spec b/openssh.spec index 7ce58849f..817c0534e 100644 --- a/openssh.spec +++ b/openssh.spec @@ -1,6 +1,6 @@ Summary: OpenSSH free Secure Shell (SSH) implementation Name: openssh -Version: 1.2pre3 +Version: 1.2pre4 Release: 1 Packager: Damien Miller Source0: openssh-%{version}-linux.tar.gz @@ -20,6 +20,9 @@ up to date in terms of security and features, as well as removing all patented algorithms to seperate libraries (OpenSSL). %changelog +* Thu Oct 28 1999 Damien Miller +- Use autoconf +- New binary names * Wed Oct 27 1999 Damien Miller - Initial RPMification, based on Jan "Yenya" Kasprzak's spec. @@ -29,7 +32,8 @@ patented algorithms to seperate libraries (OpenSSL). %build -make -f Makefile.GNU OPT_FLAGS="$RPM_OPT_FLAGS" +./configure --prefix=/usr --sysconfdir=/etc/openssh +make OPT_FLAGS="$RPM_OPT_FLAGS" %install rm -rf $RPM_BUILD_ROOT @@ -37,69 +41,69 @@ mkdir -p $RPM_BUILD_ROOT/usr/bin mkdir -p $RPM_BUILD_ROOT/usr/sbin mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d mkdir -p $RPM_BUILD_ROOT/etc/pam.d -mkdir -p $RPM_BUILD_ROOT/etc/ssh +mkdir -p $RPM_BUILD_ROOT/etc/openssh mkdir -p $RPM_BUILD_ROOT/usr/man/man1 mkdir -p $RPM_BUILD_ROOT/usr/man/man8 -install -m644 ssh.pam $RPM_BUILD_ROOT/etc/pam.d/ssh -install -m755 sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd -install -m600 ssh_config $RPM_BUILD_ROOT/etc/ssh/ssh_config -install -m600 sshd_config $RPM_BUILD_ROOT/etc/ssh/sshd_config +install -m644 opensshd.pam $RPM_BUILD_ROOT/etc/pam.d/opensshd +install -m755 opensshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/opensshd +install -m600 ssh_config $RPM_BUILD_ROOT/etc/openssh/ssh_config +install -m600 sshd_config $RPM_BUILD_ROOT/etc/openssh/sshd_config -install -s -m755 bin/sshd $RPM_BUILD_ROOT/usr/sbin -install -s -m755 bin/ssh $RPM_BUILD_ROOT/usr/bin -install -s -m755 bin/scp $RPM_BUILD_ROOT/usr/bin -install -s -m755 bin/ssh-agent $RPM_BUILD_ROOT/usr/bin -install -s -m755 bin/ssh-add $RPM_BUILD_ROOT/usr/bin -install -s -m755 bin/ssh-keygen $RPM_BUILD_ROOT/usr/bin +install -s -m755 bin/opensshd $RPM_BUILD_ROOT/usr/sbin +install -s -m755 bin/openssh $RPM_BUILD_ROOT/usr/bin +install -s -m755 bin/openscp $RPM_BUILD_ROOT/usr/bin +install -s -m755 bin/openssh-agent $RPM_BUILD_ROOT/usr/bin +install -s -m755 bin/openssh-add $RPM_BUILD_ROOT/usr/bin +install -s -m755 bin/openssh-keygen $RPM_BUILD_ROOT/usr/bin -install -m644 sshd.8 $RPM_BUILD_ROOT/usr/man/man8 -install -m644 ssh.1 $RPM_BUILD_ROOT/usr/man/man1 -install -m644 scp.1 $RPM_BUILD_ROOT/usr/man/man1 -install -m644 ssh-agent.1 $RPM_BUILD_ROOT/usr/man/man1 -install -m644 ssh-add.1 $RPM_BUILD_ROOT/usr/man/man1 -install -m644 ssh-keygen.1 $RPM_BUILD_ROOT/usr/man/man1 +install -m644 opensshd.8 $RPM_BUILD_ROOT/usr/man/man8 +install -m644 openssh.1 $RPM_BUILD_ROOT/usr/man/man1 +install -m644 openscp.1 $RPM_BUILD_ROOT/usr/man/man1 +install -m644 openssh-agent.1 $RPM_BUILD_ROOT/usr/man/man1 +install -m644 openssh-add.1 $RPM_BUILD_ROOT/usr/man/man1 +install -m644 openssh-keygen.1 $RPM_BUILD_ROOT/usr/man/man1 %clean rm -rf $RPM_BUILD_ROOT %post -/sbin/chkconfig --add sshd -if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then - /usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' >&2 +/sbin/chkconfig --add opensshd +if [ ! -f /etc/openssh/ssh_host_key -o ! -s /etc/openssh/ssh_host_key ]; then + /usr/bin/openssh-keygen -b 1024 -f /etc/openssh/ssh_host_key -N '' >&2 fi -if test -r /var/run/sshd.pid +if test -r /var/run/opensshd.pid then - /etc/rc.d/init.d/sshd restart >&2 + /etc/rc.d/init.d/opensshd restart >&2 fi %preun if [ "$1" = 0 ] then - /etc/rc.d/init.d/sshd stop >&2 - /sbin/chkconfig --del sshd + /etc/rc.d/init.d/opensshd stop >&2 + /sbin/chkconfig --del opensshd fi %files %defattr(-,root,root) -%doc COPYING.Ylonen ChangeLog ChangeLog.linux OVERVIEW +%doc COPYING.Ylonen ChangeLog ChangeLog.Ylonen OVERVIEW %doc README README.openssh -%attr(0755,root,root) /usr/sbin/sshd -%attr(0755,root,root) /usr/bin/ssh -%attr(0755,root,root) /usr/bin/ssh-agent -%attr(0755,root,root) /usr/bin/ssh-keygen -%attr(0755,root,root) /usr/bin/ssh-add -%attr(0755,root,root) /usr/bin/scp +%attr(0755,root,root) /usr/sbin/opensshd +%attr(0755,root,root) /usr/bin/openssh +%attr(0755,root,root) /usr/bin/openssh-agent +%attr(0755,root,root) /usr/bin/openssh-keygen +%attr(0755,root,root) /usr/bin/openssh-add +%attr(0755,root,root) /usr/bin/openscp -%attr(0755,root,root) /usr/man/man8/sshd.8 -%attr(0755,root,root) /usr/man/man1/ssh.1 -%attr(0755,root,root) /usr/man/man1/ssh-agent.1 -%attr(0755,root,root) /usr/man/man1/ssh-keygen.1 -%attr(0755,root,root) /usr/man/man1/ssh-add.1 -%attr(0755,root,root) /usr/man/man1/scp.1 +%attr(0755,root,root) /usr/man/man8/opensshd.8 +%attr(0755,root,root) /usr/man/man1/openssh.1 +%attr(0755,root,root) /usr/man/man1/openssh-agent.1 +%attr(0755,root,root) /usr/man/man1/openssh-keygen.1 +%attr(0755,root,root) /usr/man/man1/openssh-add.1 +%attr(0755,root,root) /usr/man/man1/openscp.1 -%attr(0600,root,root) %config /etc/ssh/sshd_config -%attr(0600,root,root) %config /etc/pam.d/ssh -%attr(0755,root,root) %config /etc/rc.d/init.d/sshd -%attr(0644,root,root) %config /etc/ssh/ssh_config +%attr(0600,root,root) %config /etc/openssh/sshd_config +%attr(0600,root,root) %config /etc/pam.d/opensshd +%attr(0755,root,root) %config /etc/rc.d/init.d/opensshd +%attr(0644,root,root) %config /etc/openssh/ssh_config diff --git a/sshd.8 b/opensshd.8 similarity index 97% rename from sshd.8 rename to opensshd.8 index 981c5ff72..d96ae330c 100644 --- a/sshd.8 +++ b/opensshd.8 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: sshd.8,v 1.1 1999/10/27 03:42:46 damien Exp $ +.\" $Id: opensshd.8,v 1.1 1999/10/28 04:03:14 damien Exp $ .\" .Dd September 25, 1999 .Dt SSHD 8 @@ -118,7 +118,7 @@ not fork and will only process one connection. This option is only intended for debugging for the server. .It Fl f Ar configuration_file Specifies the name of the configuration file. The default is -.Pa /etc/sshd_config . +.Pa /etc/openssh/sshd_config . .Nm refuses to start if there is no configuration file. .It Fl g Ar login_grace_time @@ -128,7 +128,7 @@ this many seconds, the server disconnects and exits. A value of zero indicates no limit. .It Fl h Ar host_key_file Specifies the file from which the host key is read (default -.Pa /etc/ssh_host_key ) . +.Pa /etc/openssh/ssh_host_key ) . This option must be given if .Nm is not run as root (as the normal @@ -165,7 +165,7 @@ Do not print an error message if RSA support is missing. .Sh CONFIGURATION FILE .Nm reads configuration data from -.Pa /etc/sshd_config +.Pa /etc/openssh/sshd_config (or the file specified with .Fl f on the command line). The file @@ -242,7 +242,7 @@ The default is .Dq no . .It Cm HostKey Specifies the file containing the private host key (default -.Pa /etc/ssh_host_key ) . +.Pa /etc/openssh/ssh_host_key ) . Note that .Nm does not start if this file is group/world-accessible. @@ -251,7 +251,7 @@ Specifies that rhosts and shosts files will not be used in authentication. .Pa /etc/hosts.equiv and -.Pa /etc/shosts.equiv +.Pa /etc/openssh/shosts.equiv are still used. The default is .Dq no . .It Cm KeepAlive @@ -455,7 +455,7 @@ Changes to user's home directory. If .Pa $HOME/.ssh/rc exists, runs it; else if -.Pa /etc/sshrc +.Pa /etc/openssh/sshrc exists, runs it; otherwise runs xauth. The .Dq rc @@ -541,7 +541,7 @@ from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi .Sh SSH_KNOWN_HOSTS FILE FORMAT The -.Pa /etc/ssh_known_hosts +.Pa /etc/openssh/ssh_known_hosts and .Pa $HOME/.ssh/known_hosts files contain host public keys for all known hosts. The global file should @@ -564,7 +564,7 @@ pattern on the line. .Pp Bits, exponent, and modulus are taken directly from the host key; they can be obtained, e.g., from -.Pa /etc/ssh_host_key.pub . +.Pa /etc/openssh/ssh_host_key.pub . The optional comment field continues to the end of the line, and is not used. .Pp Lines starting with @@ -583,25 +583,25 @@ Note that the lines in these files are typically hundreds of characters long, and you definitely don't want to type in the host keys by hand. Rather, generate them by a script or by taking -.Pa /etc/ssh_host_key.pub +.Pa /etc/openssh/ssh_host_key.pub and adding the host names at the front. .Ss Examples closenet,closenet.hut.fi,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi .Sh FILES .Bl -tag -width Ds -.It Pa /etc/sshd_config +.It Pa /etc/openssh/sshd_config Contains configuration data for .Nm sshd . This file should be writable by root only, but it is recommended (though not necessary) that it be world-readable. -.It Pa /etc/ssh_host_key +.It Pa /etc/openssh/ssh_host_key Contains the private part of the host key. This file should only be owned by root, readable only by root, and not accessible to others. Note that .Nm does not start if this file is group/world-accessible. -.It Pa /etc/ssh_host_key.pub +.It Pa /etc/openssh/ssh_host_key.pub Contains the public part of the host key. This file should be world-readable but writable only by root. Its contents should match the private part. This file is not @@ -622,17 +622,17 @@ This file must be readable by root (which may on some machines imply it being world-readable if the user's home directory resides on an NFS volume). It is recommended that it not be accessible by others. The format of this file is described above. -.It Pa /etc/ssh_known_hosts +.It Pa /etc/openssh/ssh_known_hosts This file is consulted when using rhosts with RSA host authentication to check the public key of the host. The key must be listed in this file to be accepted. .It Pa $HOME/.ssh/known_hosts The client uses this file and -.Pa /etc/ssh_known_hosts +.Pa /etc/openssh/ssh_known_hosts to verify that the remote host is the one we intended to connect. These files should be writable only by root/the owner. -.Pa /etc/ssh_known_hosts +.Pa /etc/openssh/ssh_known_hosts should be world-readable, and .Pa $HOME/.ssh/known_hosts can but need not be world-readable. @@ -694,7 +694,7 @@ user root access. The only valid use for user names that I can think of is in negative entries. .Pp Note that this warning also applies to rsh/rlogin. -.It Pa /etc/shosts.equiv +.It Pa /etc/openssh/shosts.equiv This is processed exactly as .Pa /etc/hosts.equiv . However, this file may be useful in environments that want to run both @@ -724,13 +724,13 @@ something similar to: "if read proto cookie; then echo add $DISPLAY $proto $cookie | xauth -q -; fi". .Pp If this file does not exist, -.Pa /etc/sshrc +.Pa /etc/openssh/sshrc is run, and if that does not exist either, xauth is used to store the cookie. .Pp This file should be writable only by the user, and need not be readable by anyone else. -.It Pa /etc/sshrc +.It Pa /etc/openssh/sshrc Like .Pa $HOME/.ssh/rc . This can be used to specify diff --git a/sshd.init b/opensshd.init similarity index 52% rename from sshd.init rename to opensshd.init index b36b57aa6..4c9c806d0 100755 --- a/sshd.init +++ b/opensshd.init @@ -1,16 +1,16 @@ #!/bin/bash -# Init file for OpenSSH sshd +# Init file for OpenSSH server daemon # # chkconfig: 2345 55 25 # description: OpenSSH server daemon # -# processname: sshd -# config: /etc/ssh/ssh_host_key -# config: /etc/ssh/ssh_host_key.pub -# config: /etc/ssh/ssh_random_seed -# config: /etc/ssh/sshd_config -# pidfile: /var/run/sshd.pid +# processname: opensshd +# config: /etc/openssh/ssh_host_key +# config: /etc/openssh/ssh_host_key.pub +# config: /etc/openssh/ssh_random_seed +# config: /etc/openssh/sshd_config +# pidfile: /var/run/opensshd.pid # source function library . /etc/rc.d/init.d/functions @@ -19,14 +19,14 @@ RETVAL=0 case "$1" in start) - echo -n "Starting sshd: " - daemon /usr/sbin/sshd + echo -n "Starting opensshd: " + daemon /usr/sbin/opensshd RETVAL=$? [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd echo ;; stop) - echo -n "Shutting down sshd: " + echo -n "Shutting down opensshd: " killproc sshd RETVAL=$? [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd @@ -38,11 +38,11 @@ case "$1" in RETVAL=$? ;; status) - status sshd + status opensshd RETVAL=$? ;; *) - echo "Usage: sshd {start|stop|restart|status}" + echo "Usage: opensshd {start|stop|restart|status}" exit 1 esac diff --git a/ssh.pam b/opensshd.pam similarity index 100% rename from ssh.pam rename to opensshd.pam diff --git a/sshd.c b/sshd.c index b2cb5a320..ce834e8db 100644 --- a/sshd.c +++ b/sshd.c @@ -18,7 +18,7 @@ agent connections. */ #include "includes.h" -RCSID("$Id: sshd.c,v 1.3 1999/10/28 03:20:30 damien Exp $"); +RCSID("$Id: sshd.c,v 1.4 1999/10/28 04:03:14 damien Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -129,7 +129,7 @@ void do_exec_no_pty(const char *command, struct passwd *pw, void do_child(const char *command, struct passwd *pw, const char *term, const char *display, const char *auth_proto, const char *auth_data, const char *ttyname); -#ifdef HAVE_PAM +#ifdef HAVE_LIBPAM static int pamconv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); void do_pam_account_and_session(const char *username, const char *password, @@ -225,7 +225,7 @@ void do_pam_account_and_session(const char *username, const char *password, cons eat_packets_and_disconnect(username); } } -#endif /* HAVE_PAM */ +#endif /* HAVE_LIBPAM */ /* Signal handler for SIGHUP. Sshd execs itself when it receives SIGHUP; the effect is to reread the configuration file (and to regenerate @@ -809,7 +809,7 @@ main(int ac, char **av) /* The connection has been terminated. */ log("Closing connection to %.100s", inet_ntoa(sin.sin_addr)); -#ifdef HAVE_PAM +#ifdef HAVE_LIBPAM { int retval; @@ -823,7 +823,7 @@ main(int ac, char **av) fatal_remove_cleanup(&pam_cleanup_proc, NULL); } } -#endif /* HAVE_PAM */ +#endif /* HAVE_LIBPAM */ packet_close(); @@ -1135,17 +1135,17 @@ do_authentication(char *user, int privileged_port) pwcopy.pw_shell = xstrdup(pw->pw_shell); pw = &pwcopy; -#ifdef HAVE_PAM - if (PAM_SUCCESS != pam_start("ssh", pw->pw_name, &conv, (pam_handle_t**)&pamh)) +#ifdef HAVE_LIBPAM + if (PAM_SUCCESS != pam_start("opensshd", pw->pw_name, &conv, (pam_handle_t**)&pamh)) { packet_start(SSH_SMSG_FAILURE); packet_send(); packet_write_wait(); packet_disconnect("PAM initialisation failed."); } -#endif fatal_add_cleanup(&pam_cleanup_proc, NULL); +#endif /* If we are not running as root, the user must have the same uid as the server. */ @@ -1289,16 +1289,16 @@ do_authentication(char *user, int privileged_port) log("Rhosts authentication accepted for %.100s, remote %.100s on %.700s.", user, client_user, get_canonical_hostname()); authenticated = 1; -#ifndef HAVE_PAM +#ifndef HAVE_LIBPAM xfree(client_user); -#endif /* HAVE_PAM */ +#endif /* HAVE_LIBPAM */ break; } log("Rhosts authentication failed for %.100s, remote %.100s.", user, client_user); -#ifndef HAVE_PAM +#ifndef HAVE_LIBPAM xfree(client_user); -#endif /* HAVE_PAM */ +#endif /* HAVE_LIBPAM */ break; case SSH_CMSG_AUTH_RHOSTS_RSA: @@ -1341,18 +1341,18 @@ do_authentication(char *user, int privileged_port) { /* Authentication accepted. */ authenticated = 1; -#ifndef HAVE_PAM +#ifndef HAVE_LIBPAM xfree(client_user); -#endif /* HAVE_PAM */ +#endif /* HAVE_LIBPAM */ BN_clear_free(client_host_key_e); BN_clear_free(client_host_key_n); break; } log("Rhosts authentication failed for %.100s, remote %.100s.", user, client_user); -#ifndef HAVE_PAM +#ifndef HAVE_LIBPAM xfree(client_user); -#endif /* HAVE_PAM */ +#endif /* HAVE_LIBPAM */ BN_clear_free(client_host_key_e); BN_clear_free(client_host_key_n); break; @@ -1403,7 +1403,7 @@ do_authentication(char *user, int privileged_port) packet_integrity_check(plen, 4 + passw_len, type); } -#ifdef HAVE_PAM +#ifdef HAVE_LIBPAM pampasswd = password; if (PAM_SUCCESS == pam_authenticate((pam_handle_t *)pamh, 0)) @@ -1416,7 +1416,7 @@ do_authentication(char *user, int privileged_port) log("PAM Password authentication for %.100s failed.", user); break; } -#else /* HAVE_PAM */ +#else /* HAVE_LIBPAM */ /* Try authentication with the password. */ if (auth_password(pw, password)) { @@ -1432,7 +1432,7 @@ do_authentication(char *user, int privileged_port) memset(password, 0, strlen(password)); xfree(password); break; -#endif /* HAVE_PAM */ +#endif /* HAVE_LIBPAM */ case SSH_CMSG_AUTH_TIS: /* TIS Authentication is unsupported */ @@ -1470,7 +1470,7 @@ do_authentication(char *user, int privileged_port) get_canonical_hostname()); } -#ifdef HAVE_PAM +#ifdef HAVE_LIBPAM do_pam_account_and_session(pw->pw_name, password, client_user, get_canonical_hostname()); /* Clean up */ @@ -1482,7 +1482,7 @@ do_authentication(char *user, int privileged_port) memset(password, 0, strlen(password)); xfree(password); } -#endif /* HAVE_PAM */ +#endif /* HAVE_LIBPAM */ /* The user has been authenticated and accepted. */ packet_start(SSH_SMSG_SUCCESS); diff --git a/sshd_config b/sshd_config index 97f6f8e1c..63a559901 100644 --- a/sshd_config +++ b/sshd_config @@ -2,7 +2,7 @@ Port 22 ListenAddress 0.0.0.0 -HostKey /etc/ssh/ssh_host_key +HostKey /etc/openssh/ssh_host_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 @@ -20,7 +20,7 @@ KeepAlive yes SyslogFacility AUTH RhostsAuthentication no # -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +# For this to work you will also need host keys in /etc/openssh/ssh_known_hosts RhostsRSAAuthentication no # RSAAuthentication yes