From 294df785b8f67a5890d1e49ba883d530cdfb534c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 23 Nov 1999 10:11:29 +1100 Subject: [PATCH] - Added SuSE package files from Chris Saia - Restructured package-related files under packages/ - Added generic PAM config --- ChangeLog | 5 + INSTALL | 7 +- README | 1 + openssh.spec => packages/redhat/openssh.spec | 10 +- sshd.init.redhat => packages/redhat/sshd.init | 0 sshd.pam => packages/redhat/sshd.pam | 0 packages/suse/openssh.spec | 227 ++++++++++++++++++ packages/suse/rc.config.sshd | 5 + packages/suse/rc.sshd | 80 ++++++ sshd.pam.generic | 7 + 10 files changed, 334 insertions(+), 8 deletions(-) rename openssh.spec => packages/redhat/openssh.spec (94%) rename sshd.init.redhat => packages/redhat/sshd.init (100%) rename sshd.pam => packages/redhat/sshd.pam (100%) create mode 100644 packages/suse/openssh.spec create mode 100644 packages/suse/rc.config.sshd create mode 100644 packages/suse/rc.sshd create mode 100644 sshd.pam.generic diff --git a/ChangeLog b/ChangeLog index b66bb4e20..819549bc5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +19991123 + - Added SuSE package files from Chris Saia + - Restructured package-related files under packages/ + - Added generic PAM config + 19991122 - Make close gnome-ssh-askpass (Debian bug #50299) - OpenBSD CVS Changes diff --git a/INSTALL b/INSTALL index ae2cf6936..4ff271247 100644 --- a/INSTALL +++ b/INSTALL @@ -57,9 +57,10 @@ make install This will install the binaries in /opt/{bin,lib,sbin}, but will place the configuration files in /etc/ssh. -If you are using PAM, you will need to manually install the sshd.pam -control file as "/etc/pam.d/sshd". This file is customised for Redhat -Linux, you may need to edit it before using it on your system. +If you are using PAM, you will need to manually install a PAM control +file as "/etc/pam.d/sshd" (or wherever your system prefers to keep +them). A generic PAM configuration is included as "sshd.pam.generic", +you may need to edit it before using it on your system. There are a few other options to the configure script: diff --git a/README b/README index f0cf0d8b0..1f96da22c 100644 --- a/README +++ b/README @@ -54,6 +54,7 @@ Theo de Raadt, and Dug Song - Creators of OpenSSH 'jonchen' - the original author of PAM support of SSH Ben Taylor - Solaris debugging and fixes Chip Salzenberg - Assorted patches +Chris Saia - SuSE packaging Dan Brosemer - Autoconf and build fixes & Debian scripts Jim Knoble - RPM spec file fixes Marc G. Fournier - Solaris patches diff --git a/openssh.spec b/packages/redhat/openssh.spec similarity index 94% rename from openssh.spec rename to packages/redhat/openssh.spec index 3c244d956..870ffd8a3 100644 --- a/openssh.spec +++ b/packages/redhat/openssh.spec @@ -124,8 +124,8 @@ make install prefix="$RPM_BUILD_ROOT/usr" install -d $RPM_BUILD_ROOT/etc/ssh install -d $RPM_BUILD_ROOT/etc/pam.d/ install -d $RPM_BUILD_ROOT/etc/rc.d/init.d -install -m644 sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd -install -m755 sshd.init.redhat $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd +install -m644 packages/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd +install -m755 packages/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd install -m600 ssh_config $RPM_BUILD_ROOT/etc/ssh/ssh_config install -m600 sshd_config $RPM_BUILD_ROOT/etc/ssh/sshd_config @@ -166,7 +166,7 @@ fi %attr(0644,root,root) /usr/man/man1/ssh.1 %attr(0644,root,root) /usr/man/man1/ssh-agent.1 %attr(0644,root,root) /usr/man/man1/ssh-add.1 -%attr(0644,root,root) %config /etc/ssh/ssh_config +%attr(0644,root,root) %config(noreplace) /etc/ssh/ssh_config %attr(-,root,root) /usr/bin/slogin %attr(-,root,root) /usr/man/man1/slogin.1 @@ -174,8 +174,8 @@ fi %defattr(-,root,root) %attr(0755,root,root) /usr/sbin/sshd %attr(0644,root,root) /usr/man/man8/sshd.8 -%attr(0600,root,root) %config /etc/ssh/sshd_config -%attr(0600,root,root) %config /etc/pam.d/sshd +%attr(0600,root,root) %config(noreplace) /etc/ssh/sshd_config +%attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd %attr(0755,root,root) %config /etc/rc.d/init.d/sshd %files askpass diff --git a/sshd.init.redhat b/packages/redhat/sshd.init similarity index 100% rename from sshd.init.redhat rename to packages/redhat/sshd.init diff --git a/sshd.pam b/packages/redhat/sshd.pam similarity index 100% rename from sshd.pam rename to packages/redhat/sshd.pam diff --git a/packages/suse/openssh.spec b/packages/suse/openssh.spec new file mode 100644 index 000000000..9bdde3b2c --- /dev/null +++ b/packages/suse/openssh.spec @@ -0,0 +1,227 @@ +Summary: OpenSSH, a free Secure Shell (SSH) implementation +Name: openssh +Version: 1.2pre14 +Release: 2RSAref +Source0: openssh-%{version}.tar.gz +Copyright: BSD +Group: Applications/Internet +BuildRoot: /tmp/openssh-%{version}-buildroot +Obsoletes: ssh +# +# building prerequisites -- stuff for TCP Wrappers and Gnome +# (This only works for RPM 2.95 and newer.) +# +BuildPrereq: nkitb +BuildPrereq: glibdev +BuildPrereq: gtkdev +BuildPrereq: gnlibsd + +%package clients +Summary: OpenSSH Secure Shell protocol clients +Requires: openssh +Group: Applications/Internet +Obsoletes: ssh-clients + +%package server +Summary: OpenSSH Secure Shell protocol server (sshd) +Requires: openssh +Group: System Environment/Daemons +Obsoletes: ssh-server + +%package askpass +Summary: OpenSSH GNOME passphrase dialog +Group: Applications/Internet +Requires: openssh +Obsoletes: ssh-extras +Obsoletes: ssh-askpass + +%description +Ssh (Secure Shell) a program for logging into a remote machine and for +executing commands in a remote machine. It is intended to replace +rlogin and rsh, and provide secure encrypted communications between +two untrusted hosts over an insecure network. X11 connections and +arbitrary TCP/IP ports can also be forwarded over the secure channel. + +OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it +up to date in terms of security and features, as well as removing all +patented algorithms to seperate libraries (OpenSSL). + +This package includes the core files necessary for both the OpenSSH +client and server. To make this package useful, you should also +install openssh-clients, openssh-server, or both. + +%description clients +Ssh (Secure Shell) a program for logging into a remote machine and for +executing commands in a remote machine. It is intended to replace +rlogin and rsh, and provide secure encrypted communications between +two untrusted hosts over an insecure network. X11 connections and +arbitrary TCP/IP ports can also be forwarded over the secure channel. + +OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it +up to date in terms of security and features, as well as removing all +patented algorithms to seperate libraries (OpenSSL). + +This package includes the clients necessary to make encrypted connections +to SSH servers. + +%description server +Ssh (Secure Shell) a program for logging into a remote machine and for +executing commands in a remote machine. It is intended to replace +rlogin and rsh, and provide secure encrypted communications between +two untrusted hosts over an insecure network. X11 connections and +arbitrary TCP/IP ports can also be forwarded over the secure channel. + +OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it +up to date in terms of security and features, as well as removing all +patented algorithms to seperate libraries (OpenSSL). + +This package contains the secure shell daemon. The sshd is the server +part of the secure shell protocol and allows ssh clients to connect to +your host. + +%description askpass +Ssh (Secure Shell) a program for logging into a remote machine and for +executing commands in a remote machine. It is intended to replace +rlogin and rsh, and provide secure encrypted communications between +two untrusted hosts over an insecure network. X11 connections and +arbitrary TCP/IP ports can also be forwarded over the secure channel. + +OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it +up to date in terms of security and features, as well as removing all +patented algorithms to seperate libraries (OpenSSL). + +This package contains the GNOME passphrase dialog. + +%changelog +* Mon Nov 22 1999 Chris Saia +- Added flag to configure daemon with TCP Wrappers support +- Added building prerequisites (works in RPM 3.0 and newer) +* Thu Nov 18 1999 Chris Saia +- Made this package correct for SuSE. +- Changed instances of pam_pwdb.so to pam_unix.so, since it works more properly + with SuSE, and lib_pwdb.so isn't installed by default. +* Mon Nov 15 1999 Damien Miller +- Split subpackages further based on patch from jim knoble +* Sat Nov 13 1999 Damien Miller +- Added 'Obsoletes' directives +* Tue Nov 09 1999 Damien Miller +- Use make install +- Subpackages +* Mon Nov 08 1999 Damien Miller +- Added links for slogin +- Fixed perms on manpages +* Sat Oct 30 1999 Damien Miller +- Renamed init script +* Fri Oct 29 1999 Damien Miller +- Back to old binary names +* Thu Oct 28 1999 Damien Miller +- Use autoconf +- New binary names +* Wed Oct 27 1999 Damien Miller +- Initial RPMification, based on Jan "Yenya" Kasprzak's spec. + +%prep + +%setup + +%build + +CFLAGS="$RPM_OPT_FLAGS" \ + ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-gnome-askpass --with-tcp-wrappers + +make + +%install +rm -rf $RPM_BUILD_ROOT +make install prefix="$RPM_BUILD_ROOT/usr" + +install -d $RPM_BUILD_ROOT/etc/ssh/ +install -d $RPM_BUILD_ROOT/etc/pam.d/ +install -d $RPM_BUILD_ROOT/sbin/init.d/ +install -d $RPM_BUILD_ROOT/sbin/init.d/rc2.d/ +install -d $RPM_BUILD_ROOT/sbin/init.d/rc3.d/ +install -m644 sshd.pam.generic $RPM_BUILD_ROOT/etc/pam.d/sshd +install -m744 packages/suse/rc.sshd $RPM_BUILD_ROOT/sbin/init.d/sshd +install -m600 ssh_config $RPM_BUILD_ROOT/etc/ssh/ssh_config +install -m600 sshd_config $RPM_BUILD_ROOT/etc/ssh/sshd_config +ln -s ../../sbin/init.d/sshd $RPM_BUILD_ROOT/usr/sbin/rcsshd +install -d $RPM_BUILD_ROOT/var/adm/fillup-templates +cp packages/suse/rc.config.sshd $RPM_BUILD_ROOT/var/adm/fillup-templates + +%clean +rm -rf $RPM_BUILD_ROOT + +%post server +if [ "$1" = 0 ]; then + echo "Creating SSH stop/start scripts in rc directories..." + ln -s ../sshd /sbin/init.d/rc2.d/K20sshd + ln -s ../sshd /sbin/init.d/rc2.d/S20sshd + ln -s ../sshd /sbin/init.d/rc3.d/K20sshd + ln -s ../sshd /sbin/init.d/rc3.d/S20sshd +fi +echo "Updating /etc/rc.config..." +if [ -x /bin/fillup ] ; then + /bin/fillup -q -d = etc/rc.config var/adm/fillup-templates/rc.config.sshd +else + echo "ERROR: fillup not found. This should NOT happen in SuSE Linux." + echo "Update /etc/rc.config by hand from the following template file:" + echo " /var/adm/fillup-templates/rc.config.sshd" +fi +echo "Generating SSH host key..." +if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then + /usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' >&2 +fi +if test -r /var/run/sshd.pid +then + /usr/sbin/rcsshd restart >&2 +fi + +%preun server +if [ "$1" = 0 ] +then + echo "Stopping SSH..." + /usr/sbin/rcsshd stop >&2 + echo "Removing SSH stop/start scripts from rc directories..." + rm /sbin/init.d/rc2.d/K20sshd + rm /sbin/init.d/rc2.d/S20sshd + rm /sbin/init.d/rc3.d/K20sshd + rm /sbin/init.d/rc3.d/S20sshd +fi + +%files +%defattr(-,root,root) +%doc COPYING.Ylonen ChangeLog OVERVIEW README README.Ylonen +%doc RFC.nroff TODO UPGRADING +%attr(0755,root,root) /usr/bin/ssh-keygen +%attr(0755,root,root) /usr/bin/scp +%attr(0644,root,root) /usr/man/man1/ssh-keygen.1 +%attr(0644,root,root) /usr/man/man1/scp.1 +%attr(0755,root,root) %dir /etc/ssh + +%files clients +%defattr(-,root,root) +%attr(4755,root,root) /usr/bin/ssh +%attr(0755,root,root) /usr/bin/ssh-agent +%attr(0755,root,root) /usr/bin/ssh-add +%attr(0644,root,root) /usr/man/man1/ssh.1 +%attr(0644,root,root) /usr/man/man1/ssh-agent.1 +%attr(0644,root,root) /usr/man/man1/ssh-add.1 +%attr(0644,root,root) %config(noreplace) /etc/ssh/ssh_config +%attr(-,root,root) /usr/bin/slogin +%attr(-,root,root) /usr/man/man1/slogin.1 + +%files server +%defattr(-,root,root) +%attr(0755,root,root) /usr/sbin/sshd +%attr(0644,root,root) /usr/man/man8/sshd.8 +%attr(0600,root,root) %config(noreplace) /etc/ssh/sshd_config +%attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd +%attr(0755,root,root) %config /sbin/init.d/sshd +%attr(-,root,root) /usr/sbin/rcsshd +%attr(0644,root,root) /var/adm/fillup-templates/rc.config.sshd + +%files askpass +%defattr(-,root,root) +%attr(0755,root,root) %dir /usr/libexec/ssh +%attr(0755,root,root) /usr/libexec/ssh/ssh-askpass + diff --git a/packages/suse/rc.config.sshd b/packages/suse/rc.config.sshd new file mode 100644 index 000000000..baaa7a5a1 --- /dev/null +++ b/packages/suse/rc.config.sshd @@ -0,0 +1,5 @@ +# +# Start the Secure Shell (SSH) Daemon? +# +START_SSHD="yes" + diff --git a/packages/suse/rc.sshd b/packages/suse/rc.sshd new file mode 100644 index 000000000..f7d431ebb --- /dev/null +++ b/packages/suse/rc.sshd @@ -0,0 +1,80 @@ +#! /bin/sh +# Copyright (c) 1995-1998 SuSE GmbH Nuernberg, Germany. +# +# Author: Chris Saia +# +# /sbin/init.d/sshd +# +# and symbolic its link +# +# /sbin/rcsshd +# + +. /etc/rc.config + +# Determine the base and follow a runlevel link name. +base=${0##*/} +link=${base#*[SK][0-9][0-9]} + +# Force execution if not called by a runlevel directory. +test $link = $base && START_SSHD=yes +test "$START_SSHD" = yes || exit 0 + +# The echo return value for success (defined in /etc/rc.config). +return=$rc_done +case "$1" in + start) + echo -n "Starting service sshd" + ## Start daemon with startproc(8). If this fails + ## the echo return value is set appropriate. + + startproc /usr/sbin/sshd || return=$rc_failed + + echo -e "$return" + ;; + stop) + echo -n "Stopping service sshd" + ## Stop daemon with killproc(8) and if this fails + ## set echo the echo return value. + + killproc -TERM /usr/sbin/sshd || return=$rc_failed + + echo -e "$return" + ;; + restart) + ## If first returns OK call the second, if first or + ## second command fails, set echo return value. + $0 stop && $0 start || return=$rc_failed + ;; + reload) + ## Choose ONE of the following two cases: + + ## First possibility: A few services accepts a signal + ## to reread the (changed) configuration. + + echo -n "Reload service sshd" + killproc -HUP /usr/sbin/sshd || return=$rc_failed + echo -e "$return" + ;; + status) + echo -n "Checking for service sshd" + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. + + checkproc /usr/sbin/sshd && echo OK || echo No process + ;; + probe) + ## Optional: Probe for the necessity of a reload, + ## give out the argument which is required for a reload. + + test /etc/ssh/sshd_config -nt /var/run/sshd.pid && echo reload + ;; + *) + echo "Usage: $0 {start|stop|status|restart|reload[|probe]}" + exit 1 + ;; +esac + +# Inform the caller not only verbosely and set an exit status. +test "$return" = "$rc_done" || exit 1 +exit 0 diff --git a/sshd.pam.generic b/sshd.pam.generic new file mode 100644 index 000000000..c67e7b637 --- /dev/null +++ b/sshd.pam.generic @@ -0,0 +1,7 @@ +#%PAM-1.0 +auth required /lib/security/pam_unix.so shadow +auth required /lib/security/pam_nologin.so +account required /lib/security/pam_unix.so +password required /lib/security/pam_cracklib.so +password required /lib/security/pam_unix.so shadow nullok use_authtok +session required /lib/security/pam_unix.so