mirror of
https://github.com/PowerShell/openssh-portable.git
synced 2025-07-28 00:04:30 +02:00
- (djm) Rework RedHat RPM files. Based on spec from Nalin
Dahyabhai <nalin@redhat.com> and patches from Pekka Savola <pekkas@netcore.fi>
This commit is contained in:
parent
a7a5d6d1b5
commit
cfe4a89eef
@ -1,3 +1,8 @@
|
||||
20020510
|
||||
- (djm) Rework RedHat RPM files. Based on spec from Nalin
|
||||
Dahyabhai <nalin@redhat.com> and patches from
|
||||
Pekka Savola <pekkas@netcore.fi>
|
||||
|
||||
20020509
|
||||
- (tim) [Makefile.in] Unbreak make -f Makefile.in distprep
|
||||
|
||||
@ -548,4 +553,4 @@
|
||||
- (stevesk) entropy.c: typo in debug message
|
||||
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
|
||||
|
||||
$Id: ChangeLog,v 1.2100 2002/05/09 14:05:59 tim Exp $
|
||||
$Id: ChangeLog,v 1.2101 2002/05/10 02:19:23 djm Exp $
|
||||
|
1
contrib/redhat/gnome-ssh-askpass.csh
Normal file
1
contrib/redhat/gnome-ssh-askpass.csh
Normal file
@ -0,0 +1 @@
|
||||
setenv SSH_ASKPASS /usr/libexec/openssh/gnome-ssh-askpass
|
2
contrib/redhat/gnome-ssh-askpass.sh
Normal file
2
contrib/redhat/gnome-ssh-askpass.sh
Normal file
@ -0,0 +1,2 @@
|
||||
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
|
||||
export SSH_ASKPASS
|
@ -1,5 +1,9 @@
|
||||
# Version of OpenSSH
|
||||
%define oversion 3.2p1
|
||||
%define ver 3.2.1p1
|
||||
%define rel 1
|
||||
|
||||
# OpenSSH privilege separation requires a user & group ID
|
||||
%define sshd_uid 74
|
||||
%define sshd_gid 74
|
||||
|
||||
# Version of ssh-askpass
|
||||
%define aversion 1.2.4.1
|
||||
@ -16,8 +20,8 @@
|
||||
# Do we want smartcard support (1=yes 0=no)
|
||||
%define scard 0
|
||||
|
||||
# Use Redhat 7.0 pam control file
|
||||
%define redhat7 0
|
||||
# Is this build for RHL 6.x?
|
||||
%define build6x 0
|
||||
|
||||
# Disable IPv6 (avoids DNS hangs on some glibc versions)
|
||||
%define noip6 0
|
||||
@ -27,9 +31,14 @@
|
||||
%{?skip_x11_askpass:%define no_x11_askpass 1}
|
||||
%{?skip_gnome_askpass:%define no_gnome_askpass 1}
|
||||
|
||||
# Options for Redhat version:
|
||||
# rpm -ba|--rebuild --define "rh7 1"
|
||||
%{?rh7:%define redhat7 1}
|
||||
# Is this a build for RHL 6.x or earlier?
|
||||
%{?build_6x:%define build6x 1}
|
||||
|
||||
# If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc.
|
||||
%if %{build6x}
|
||||
%define _sysconfdir /etc
|
||||
%define noip6 1
|
||||
%endif
|
||||
|
||||
# Options for static OpenSSL link:
|
||||
# rpm -ba|--rebuild --define "static_openssl 1"
|
||||
@ -43,37 +52,43 @@
|
||||
# rpm -ba|--rebuild --define "noipv6 1"
|
||||
%{?noipv6:%define noip6 1}
|
||||
|
||||
%define exact_openssl_version %(rpm -q openssl | cut -d - -f 2)
|
||||
# Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)
|
||||
%define rescue 0
|
||||
%{?build_rescue:%define rescue 1}
|
||||
|
||||
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
|
||||
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
|
||||
Name: openssh
|
||||
Version: %{oversion}
|
||||
Release: 1
|
||||
Packager: Damien Miller <djm@mindrot.org>
|
||||
URL: http://www.openssh.com/portable.html
|
||||
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{oversion}.tar.gz
|
||||
%if ! %{no_x11_askpass}
|
||||
Source1: http://www.pobox.com/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
|
||||
Version: %{ver}
|
||||
%if %{rescue}
|
||||
Release: %{rel}rescue
|
||||
%else
|
||||
Release: %{rel}
|
||||
%endif
|
||||
URL: http://www.openssh.com/portable.html
|
||||
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
||||
Source1: http://www.pobox.com/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
|
||||
License: BSD
|
||||
Group: Applications/Internet
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
|
||||
Obsoletes: ssh
|
||||
BuildPreReq: perl, openssl-devel, tcp_wrappers
|
||||
BuildPreReq: /bin/login, /usr/include/security/pam_appl.h
|
||||
BuildPreReq: rpm >= 3.0.5
|
||||
%if %{build6x}
|
||||
PreReq: initscripts >= 5.00
|
||||
%else
|
||||
PreReq: initscripts >= 5.20
|
||||
%endif
|
||||
BuildPreReq: perl, openssl-devel, sharutils, tcp_wrappers
|
||||
BuildPreReq: /bin/login
|
||||
%if %{build6x}
|
||||
BuildPreReq: glibc-devel, pam
|
||||
%else
|
||||
BuildPreReq: db1-devel, /usr/include/security/pam_appl.h
|
||||
%endif
|
||||
%if ! %{no_x11_askpass}
|
||||
BuildPreReq: XFree86-devel
|
||||
%endif
|
||||
%if ! %{no_gnome_askpass}
|
||||
BuildPreReq: gnome-libs-devel
|
||||
%endif
|
||||
%if ! %{static_libcrypto}
|
||||
PreReq: openssl >= 0.9.5a
|
||||
PreReq: openssl = %{exact_openssl_version}
|
||||
Requires: openssl >= 0.9.5a
|
||||
%endif
|
||||
Requires: rpm >= 3.0.5
|
||||
|
||||
%package clients
|
||||
Summary: OpenSSH clients.
|
||||
@ -86,7 +101,7 @@ Summary: The OpenSSH server daemon.
|
||||
Group: System Environment/Daemons
|
||||
Obsoletes: ssh-server
|
||||
PreReq: openssh = %{version}-%{release}, chkconfig >= 0.9
|
||||
%if %{redhat7}
|
||||
%if ! %{build6x}
|
||||
Requires: /etc/pam.d/system-auth
|
||||
%endif
|
||||
|
||||
@ -103,41 +118,43 @@ Requires: openssh = %{version}-%{release}
|
||||
Obsoletes: ssh-extras
|
||||
|
||||
%description
|
||||
OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. SSH
|
||||
replaces rlogin and rsh, to provide secure encrypted communications
|
||||
between two untrusted hosts over an insecure network. X11 connections
|
||||
and arbitrary TCP/IP ports can also be forwarded over the secure
|
||||
channel. Public key authentication may be used for "passwordless"
|
||||
access to servers.
|
||||
SSH (Secure SHell) is a program for logging into and executing
|
||||
commands on a remote machine. SSH is intended to replace rlogin and
|
||||
rsh, and to provide secure encrypted communications between two
|
||||
untrusted hosts over an insecure network. X11 connections and
|
||||
arbitrary TCP/IP ports can also be forwarded over the secure channel.
|
||||
|
||||
OpenSSH is OpenBSD's version of the last free version of SSH, bringing
|
||||
it up to date in terms of security and features, as well as removing
|
||||
all patented algorithms to separate libraries.
|
||||
|
||||
This package includes the core files necessary for both the OpenSSH
|
||||
client and server. To make this package useful, you should also
|
||||
install openssh-clients, openssh-server, or both.
|
||||
|
||||
%description clients
|
||||
OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation.
|
||||
|
||||
This package includes the clients necessary to make encrypted
|
||||
connections to SSH protocol servers. You'll also need to install the
|
||||
openssh package on OpenSSH clients.
|
||||
OpenSSH is a free version of SSH (Secure SHell), a program for logging
|
||||
into and executing commands on a remote machine. This package includes
|
||||
the clients necessary to make encrypted connections to SSH servers.
|
||||
You'll also need to install the openssh package on OpenSSH clients.
|
||||
|
||||
%description server
|
||||
OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation.
|
||||
|
||||
This package contains the secure shell daemon (sshd). The sshd daemon
|
||||
allows SSH clients to securely connect to your SSH server. You also
|
||||
need to have the openssh package installed.
|
||||
OpenSSH is a free version of SSH (Secure SHell), a program for logging
|
||||
into and executing commands on a remote machine. This package contains
|
||||
the secure shell daemon (sshd). The sshd daemon allows SSH clients to
|
||||
securely connect to your SSH server. You also need to have the openssh
|
||||
package installed.
|
||||
|
||||
%description askpass
|
||||
OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation.
|
||||
|
||||
This package contains an X11 passphrase dialog for OpenSSH.
|
||||
OpenSSH is a free version of SSH (Secure SHell), a program for logging
|
||||
into and executing commands on a remote machine. This package contains
|
||||
an X11 passphrase dialog for OpenSSH.
|
||||
|
||||
%description askpass-gnome
|
||||
OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation.
|
||||
|
||||
This package contains an X11 passphrase dialog for OpenSSH and the
|
||||
GNOME GUI desktop environment.
|
||||
OpenSSH is a free version of SSH (Secure SHell), a program for logging
|
||||
into and executing commands on a remote machine. This package contains
|
||||
an X11 passphrase dialog for OpenSSH and the GNOME GUI desktop
|
||||
environment.
|
||||
|
||||
%prep
|
||||
|
||||
@ -148,39 +165,37 @@ GNOME GUI desktop environment.
|
||||
%endif
|
||||
|
||||
%build
|
||||
|
||||
%define _sysconfdir /etc/ssh
|
||||
|
||||
EXTRA_OPTS=""
|
||||
|
||||
%if %{scard}
|
||||
EXTRA_OPTS="$EXTRA_OPTS --with-smartcard"
|
||||
%endif
|
||||
|
||||
%if %{noip6}
|
||||
EXTRA_OPTS="$EXTRA_OPTS --with-ipv4-default "
|
||||
%if %{rescue}
|
||||
CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
|
||||
%endif
|
||||
|
||||
%configure \
|
||||
--sysconfdir=%{_sysconfdir}/ssh \
|
||||
--libexecdir=%{_libexecdir}/openssh \
|
||||
--datadir=%{_datadir}/openssh \
|
||||
--with-pam \
|
||||
--with-tcp-wrappers \
|
||||
--with-rsh=/usr/bin/rsh \
|
||||
--with-kerberos5=/usr/kerberos \
|
||||
--with-default-path=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin \
|
||||
$EXTRA_OPTS
|
||||
--with-rsh=%{_bindir}/rsh \
|
||||
%if %{scard}
|
||||
--with-smartcard \
|
||||
%endif
|
||||
%if %{noip6}
|
||||
--with-ipv4-default \
|
||||
%endif
|
||||
%if %{rescue}
|
||||
--without-pam --with-md5-passwords
|
||||
%else
|
||||
--with-pam --with-kerberos5=/usr/kerberos
|
||||
%endif
|
||||
|
||||
%if %{static_libcrypto}
|
||||
perl -pi -e "s|-lcrypto|/usr/lib/libcrypto.a|g" Makefile
|
||||
perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile
|
||||
%endif
|
||||
|
||||
make
|
||||
|
||||
%if ! %{no_x11_askpass}
|
||||
pushd x11-ssh-askpass-%{aversion}
|
||||
%configure \
|
||||
--libexecdir=%{_libexecdir}/openssh
|
||||
%configure --libexecdir=%{_libexecdir}/openssh
|
||||
xmkmf -a
|
||||
make
|
||||
popd
|
||||
@ -188,7 +203,7 @@ popd
|
||||
|
||||
%if ! %{no_gnome_askpass}
|
||||
pushd contrib
|
||||
gcc -O -g `gnome-config --cflags gnome gnomeui` \
|
||||
gcc $RPM_OPT_FLAGS `gnome-config --cflags gnome gnomeui` \
|
||||
gnome-ssh-askpass.c -o gnome-ssh-askpass \
|
||||
`gnome-config --libs gnome gnomeui`
|
||||
popd
|
||||
@ -196,58 +211,98 @@ popd
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
%{makeinstall} \
|
||||
libexecdir=$RPM_BUILD_ROOT%{_libexecdir}/openssh \
|
||||
datadir=$RPM_BUILD_ROOT%{_datadir}/openssh \
|
||||
DESTDIR=/ # Hack to disable key generation
|
||||
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
|
||||
mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
|
||||
mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/run/empty-sshd
|
||||
|
||||
make install DESTDIR=$RPM_BUILD_ROOT
|
||||
|
||||
install -d $RPM_BUILD_ROOT/etc/pam.d/
|
||||
install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
|
||||
install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
|
||||
%if %{redhat7}
|
||||
install -m644 contrib/redhat/sshd.pam-7.x $RPM_BUILD_ROOT/etc/pam.d/sshd
|
||||
%if %{build6x}
|
||||
install -m644 contrib/redhat/sshd.pam.old $RPM_BUILD_ROOT/etc/pam.d/sshd
|
||||
%else
|
||||
install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
|
||||
install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
|
||||
%endif
|
||||
install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
|
||||
|
||||
%if ! %{no_x11_askpass}
|
||||
install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass
|
||||
ln -s /usr/libexec/openssh/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
|
||||
ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
|
||||
%endif
|
||||
|
||||
%if ! %{no_gnome_askpass}
|
||||
install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
|
||||
%endif
|
||||
|
||||
install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
|
||||
install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
|
||||
install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
|
||||
|
||||
perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%post server
|
||||
/sbin/chkconfig --add sshd
|
||||
if test -r /var/run/sshd.pid ; then
|
||||
/etc/rc.d/init.d/sshd restart >&2
|
||||
%triggerun server -- ssh-server
|
||||
if [ "$1" != 0 -a -r /var/run/sshd.pid ] ; then
|
||||
touch /var/run/sshd.restart
|
||||
fi
|
||||
|
||||
%triggerun server -- openssh-server < 2.5.0p1
|
||||
# Count the number of HostKey and HostDsaKey statements we have.
|
||||
gawk 'BEGIN {IGNORECASE=1}
|
||||
/^hostkey/ || /^hostdsakey/ {sawhostkey = sawhostkey + 1}
|
||||
END {exit sawhostkey}' /etc/ssh/sshd_config
|
||||
# And if we only found one, we know the client was relying on the old default
|
||||
# behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasn't
|
||||
# specified. Now that HostKey is used for both SSH1 and SSH2 keys, specifying
|
||||
# one nullifies the default, which would have loaded both.
|
||||
if [ $? -eq 1 ] ; then
|
||||
echo HostKey /etc/ssh/ssh_host_rsa_key >> /etc/ssh/sshd_config
|
||||
echo HostKey /etc/ssh/ssh_host_dsa_key >> /etc/ssh/sshd_config
|
||||
fi
|
||||
|
||||
%triggerpostun server -- ssh-server
|
||||
if [ "$1" != 0 ] ; then
|
||||
/sbin/chkconfig --add sshd
|
||||
if test -f /var/run/sshd.restart ; then
|
||||
rm -f /var/run/sshd.restart
|
||||
/sbin/service sshd start > /dev/null 2>&1 || :
|
||||
fi
|
||||
fi
|
||||
|
||||
%pre server
|
||||
%{_sbindir}/groupadd -r -g %{sshd_gid} sshd 2>/dev/null || :
|
||||
%{_sbindir}/useradd -d /var/run/empty-sshd -s /bin/false -u %{sshd_uid} \
|
||||
-g sshd -M -r sshd 2>/dev/null || :
|
||||
|
||||
%post server
|
||||
/sbin/chkconfig --add sshd
|
||||
|
||||
%postun server
|
||||
/sbin/service sshd condrestart > /dev/null 2>&1 || :
|
||||
|
||||
%preun server
|
||||
if [ "$1" = 0 ] ; then
|
||||
/etc/rc.d/init.d/sshd stop >&2
|
||||
if [ "$1" = 0 ]
|
||||
then
|
||||
/sbin/service sshd stop > /dev/null 2>&1 || :
|
||||
/sbin/chkconfig --del sshd
|
||||
fi
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* RFC* TODO WARNING*
|
||||
%attr(0755,root,root) %{_bindir}/ssh-keygen
|
||||
%attr(0755,root,root) %{_bindir}/scp
|
||||
%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
|
||||
%attr(0644,root,root) %{_mandir}/man1/scp.1*
|
||||
%attr(0755,root,root) %dir %{_sysconfdir}
|
||||
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/moduli
|
||||
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
|
||||
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
|
||||
%if ! %{rescue}
|
||||
%attr(0755,root,root) %{_bindir}/ssh-keygen
|
||||
%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
|
||||
%attr(0755,root,root) %dir %{_libexecdir}/openssh
|
||||
%endif
|
||||
%if %{scard}
|
||||
%attr(0755,root,root) %dir %{_datadir}/openssh
|
||||
%attr(0644,root,root) %{_datadir}/openssh/Ssh.bin
|
||||
@ -256,29 +311,34 @@ fi
|
||||
%files clients
|
||||
%defattr(-,root,root)
|
||||
%attr(4755,root,root) %{_bindir}/ssh
|
||||
%attr(0644,root,root) %{_mandir}/man1/ssh.1*
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
|
||||
%attr(-,root,root) %{_bindir}/slogin
|
||||
%attr(-,root,root) %{_mandir}/man1/slogin.1*
|
||||
%if ! %{rescue}
|
||||
%attr(0755,root,root) %{_bindir}/ssh-agent
|
||||
%attr(0755,root,root) %{_bindir}/ssh-add
|
||||
%attr(0755,root,root) %{_bindir}/ssh-keyscan
|
||||
%attr(0755,root,root) %{_bindir}/sftp
|
||||
%attr(0644,root,root) %{_mandir}/man1/ssh.1*
|
||||
%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
|
||||
%attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
|
||||
%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
|
||||
%attr(0644,root,root) %{_mandir}/man1/sftp.1*
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh_config
|
||||
%attr(-,root,root) %{_bindir}/slogin
|
||||
%attr(-,root,root) %{_mandir}/man1/slogin.1*
|
||||
%endif
|
||||
|
||||
%if ! %{rescue}
|
||||
%files server
|
||||
%defattr(-,root,root)
|
||||
%dir %attr(0111,root,root) %{_var}/run/empty-sshd
|
||||
%attr(0755,root,root) %{_sbindir}/sshd
|
||||
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
|
||||
%attr(0644,root,root) %{_mandir}/man8/sshd.8*
|
||||
%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
|
||||
#%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sshd_config
|
||||
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sshd_config
|
||||
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
|
||||
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
|
||||
%attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd
|
||||
%attr(0755,root,root) %config /etc/rc.d/init.d/sshd
|
||||
%endif
|
||||
|
||||
%if ! %{no_x11_askpass}
|
||||
%files askpass
|
||||
@ -293,44 +353,389 @@ fi
|
||||
%if ! %{no_gnome_askpass}
|
||||
%files askpass-gnome
|
||||
%defattr(-,root,root)
|
||||
%attr(0755,root,root) %config %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
|
||||
%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Oct 18 2000 Damien Miller <djm@mindrot.org>
|
||||
- Merge some of Nalin Dahyabhai <nalin@redhat.com> changes from the
|
||||
Redhat 7.0 spec file
|
||||
* Tue Sep 05 2000 Damien Miller <djm@mindrot.org>
|
||||
- Use RPM configure macro
|
||||
* Tue Aug 08 2000 Damien Miller <djm@mindrot.org>
|
||||
- Some surgery to sshd.init (generate keys at runtime)
|
||||
- Cleanup of groups and removal of keygen calls
|
||||
* Wed Jul 12 2000 Damien Miller <djm@mindrot.org>
|
||||
- Make building of X11-askpass and gnome-askpass optional
|
||||
* Mon Jun 12 2000 Damien Miller <djm@mindrot.org>
|
||||
- Glob manpages to catch compressed files
|
||||
* Fri May 10 2002 Damien Miller <djm@mindrot.org>
|
||||
- Merge in spec changes from RedHat, reorgansie a little
|
||||
- Add Privsep user, group and directory
|
||||
|
||||
* Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2
|
||||
- bump and grind (through the build system)
|
||||
|
||||
* Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-1
|
||||
- require sharutils for building (mindrot #137)
|
||||
- require db1-devel only when building for 6.x (#55105), which probably won't
|
||||
work anyway (3.1 requires OpenSSL 0.9.6 to build), but what the heck
|
||||
- require pam-devel by file (not by package name) again
|
||||
- add Markus's patch to compile with OpenSSL 0.9.5a (from
|
||||
http://bugzilla.mindrot.org/show_bug.cgi?id=141) and apply it if we're
|
||||
building for 6.x
|
||||
|
||||
* Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-0
|
||||
- update to 3.1p1
|
||||
|
||||
* Tue Mar 5 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020305
|
||||
- update to SNAP-20020305
|
||||
- drop debug patch, fixed upstream
|
||||
|
||||
* Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020220
|
||||
- update to SNAP-20020220 for testing purposes (you've been warned, if there's
|
||||
anything to be warned about, gss patches won't apply, I don't mind)
|
||||
|
||||
* Wed Feb 13 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-3
|
||||
- add patches from Simon Wilkinson and Nicolas Williams for GSSAPI key
|
||||
exchange, authentication, and named key support
|
||||
|
||||
* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-2
|
||||
- remove dependency on db1-devel, which has just been swallowed up whole
|
||||
by gnome-libs-devel
|
||||
|
||||
* Sun Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- adjust build dependencies so that build6x actually works right (fix
|
||||
from Hugo van der Kooij)
|
||||
|
||||
* Tue Dec 4 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-1
|
||||
- update to 3.0.2p1
|
||||
|
||||
* Fri Nov 16 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.1p1-1
|
||||
- update to 3.0.1p1
|
||||
|
||||
* Tue Nov 13 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- update to current CVS (not for use in distribution)
|
||||
|
||||
* Thu Nov 8 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0p1-1
|
||||
- merge some of Damien Miller <djm@mindrot.org> changes from the upstream
|
||||
3.0p1 spec file and init script
|
||||
|
||||
* Wed Nov 7 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- update to 3.0p1
|
||||
- update to x11-ssh-askpass 1.2.4.1
|
||||
- change build dependency on a file from pam-devel to the pam-devel package
|
||||
- replace primes with moduli
|
||||
|
||||
* Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-9
|
||||
- incorporate fix from Markus Friedl's advisory for IP-based authorization bugs
|
||||
|
||||
* Thu Sep 13 2001 Bernhard Rosenkraenzer <bero@redhat.com> 2.9p2-8
|
||||
- Merge changes to rescue build from current sysadmin survival cd
|
||||
|
||||
* Thu Sep 6 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-7
|
||||
- fix scp's server's reporting of file sizes, and build with the proper
|
||||
preprocessor define to get large-file capable open(), stat(), etc.
|
||||
(sftp has been doing this correctly all along) (#51827)
|
||||
- configure without --with-ipv4-default on RHL 7.x and newer (#45987,#52247)
|
||||
- pull cvs patch to fix support for /etc/nologin for non-PAM logins (#47298)
|
||||
- mark profile.d scriptlets as config files (#42337)
|
||||
- refer to Jason Stone's mail for zsh workaround for exit-hanging quasi-bug
|
||||
- change a couple of log() statements to debug() statements (#50751)
|
||||
- pull cvs patch to add -t flag to sshd (#28611)
|
||||
- clear fd_sets correctly (one bit per FD, not one byte per FD) (#43221)
|
||||
|
||||
* Mon Aug 20 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-6
|
||||
- add db1-devel as a BuildPrerequisite (noted by Hans Ecke)
|
||||
|
||||
* Thu Aug 16 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- pull cvs patch to fix remote port forwarding with protocol 2
|
||||
|
||||
* Thu Aug 9 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- pull cvs patch to add session initialization to no-pty sessions
|
||||
- pull cvs patch to not cut off challengeresponse auth needlessly
|
||||
- refuse to do X11 forwarding if xauth isn't there, handy if you enable
|
||||
it by default on a system that doesn't have X installed (#49263)
|
||||
|
||||
* Wed Aug 8 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- don't apply patches to code we don't intend to build (spotted by Matt Galgoci)
|
||||
|
||||
* Mon Aug 6 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- pass OPTIONS correctly to initlog (#50151)
|
||||
|
||||
* Wed Jul 25 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- switch to x11-ssh-askpass 1.2.2
|
||||
|
||||
* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- rebuild in new environment
|
||||
|
||||
* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- disable the gssapi patch
|
||||
|
||||
* Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- update to 2.9p2
|
||||
- refresh to a new version of the gssapi patch
|
||||
|
||||
* Thu Jun 7 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- change Copyright: BSD to License: BSD
|
||||
- add Markus Friedl's unverified patch for the cookie file deletion problem
|
||||
so that we can verify it
|
||||
- drop patch to check if xauth is present (was folded into cookie patch)
|
||||
- don't apply gssapi patches for the errata candidate
|
||||
- clear supplemental groups list at startup
|
||||
|
||||
* Fri May 25 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- fix an error parsing the new default sshd_config
|
||||
- add a fix from Markus Friedl (via openssh-unix-dev) for ssh-keygen not
|
||||
dealing with comments right
|
||||
|
||||
* Thu May 24 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- add in Simon Wilkinson's GSSAPI patch to give it some testing in-house,
|
||||
to be removed before the next beta cycle because it's a big departure
|
||||
from the upstream version
|
||||
|
||||
* Thu May 3 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- finish marking strings in the init script for translation
|
||||
- modify init script to source /etc/sysconfig/sshd and pass $OPTIONS to sshd
|
||||
at startup (change merged from openssh.com init script, originally by
|
||||
Pekka Savola)
|
||||
- refuse to do X11 forwarding if xauth isn't there, handy if you enable
|
||||
it by default on a system that doesn't have X installed
|
||||
|
||||
* Wed May 2 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- update to 2.9
|
||||
- drop various patches that came from or went upstream or to or from CVS
|
||||
|
||||
* Wed Apr 18 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- only require initscripts 5.00 on 6.2 (reported by Peter Bieringer)
|
||||
|
||||
* Sun Apr 8 2001 Preston Brown <pbrown@redhat.com>
|
||||
- remove explicit openssl requirement, fixes builddistro issue
|
||||
- make initscript stop() function wait until sshd really dead to avoid
|
||||
races in condrestart
|
||||
|
||||
* Mon Apr 2 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- mention that challengereponse supports PAM, so disabling password doesn't
|
||||
limit users to pubkey and rsa auth (#34378)
|
||||
- bypass the daemon() function in the init script and call initlog directly,
|
||||
because daemon() won't start a daemon it detects is already running (like
|
||||
open connections)
|
||||
- require the version of openssl we had when we were built
|
||||
|
||||
* Fri Mar 23 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- make do_pam_setcred() smart enough to know when to establish creds and
|
||||
when to reinitialize them
|
||||
- add in a couple of other fixes from Damien for inclusion in the errata
|
||||
|
||||
* Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- update to 2.5.2p2
|
||||
- call setcred() again after initgroups, because the "creds" could actually
|
||||
be group memberships
|
||||
|
||||
* Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- update to 2.5.2p1 (includes endianness fixes in the rijndael implementation)
|
||||
- don't enable challenge-response by default until we find a way to not
|
||||
have too many userauth requests (we may make up to six pubkey and up to
|
||||
three password attempts as it is)
|
||||
- remove build dependency on rsh to match openssh.com's packages more closely
|
||||
|
||||
* Sat Mar 3 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- remove dependency on openssl -- would need to be too precise
|
||||
|
||||
* Fri Mar 2 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- rebuild in new environment
|
||||
|
||||
* Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Revert the patch to move pam_open_session.
|
||||
- Init script and spec file changes from Pekka Savola. (#28750)
|
||||
- Patch sftp to recognize '-o protocol' arguments. (#29540)
|
||||
|
||||
* Thu Feb 22 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Chuck the closing patch.
|
||||
- Add a trigger to add host keys for protocol 2 to the config file, now that
|
||||
configuration file syntax requires us to specify it with HostKey if we
|
||||
specify any other HostKey values, which we do.
|
||||
|
||||
* Tue Feb 20 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Redo patch to move pam_open_session after the server setuid()s to the user.
|
||||
- Rework the nopam patch to use be picked up by autoconf.
|
||||
|
||||
* Mon Feb 19 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update for 2.5.1p1.
|
||||
- Add init script mods from Pekka Savola.
|
||||
- Tweak the init script to match the CVS contrib script more closely.
|
||||
- Redo patch to ssh-add to try to adding both identity and id_dsa to also try
|
||||
adding id_rsa.
|
||||
|
||||
* Fri Feb 16 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update for 2.5.0p1.
|
||||
- Use $RPM_OPT_FLAGS instead of -O when building gnome-ssh-askpass
|
||||
- Resync with parts of Damien Miller's openssh.spec from CVS, including
|
||||
update of x11 askpass to 1.2.0.
|
||||
- Only require openssl (don't prereq) because we generate keys in the init
|
||||
script now.
|
||||
|
||||
* Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Don't open a PAM session until we've forked and become the user (#25690).
|
||||
- Apply Andrew Bartlett's patch for letting pam_authenticate() know which
|
||||
host the user is attempting a login from.
|
||||
- Resync with parts of Damien Miller's openssh.spec from CVS.
|
||||
- Don't expose KbdInt responses in debug messages (from CVS).
|
||||
- Detect and handle errors in rsa_{public,private}_decrypt (from CVS).
|
||||
|
||||
* Wed Feb 7 2001 Trond Eivind Glomsrxd <teg@redhat.com>
|
||||
- i18n-tweak to initscript.
|
||||
|
||||
* Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- More gettextizing.
|
||||
- Close all files after going into daemon mode (needs more testing).
|
||||
- Extract patch from CVS to handle auth banners (in the client).
|
||||
- Extract patch from CVS to handle compat weirdness.
|
||||
|
||||
* Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Finish with the gettextizing.
|
||||
|
||||
* Thu Jan 18 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Fix a bug in auth2-pam.c (#23877)
|
||||
- Gettextize the init script.
|
||||
|
||||
* Wed Dec 20 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Incorporate a switch for using PAM configs for 6.x, just in case.
|
||||
|
||||
* Tue Dec 5 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Incorporate Bero's changes for a build specifically for rescue CDs.
|
||||
|
||||
* Wed Nov 29 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Don't treat pam_setcred() failure as fatal unless pam_authenticate() has
|
||||
succeeded, to allow public-key authentication after a failure with "none"
|
||||
authentication. (#21268)
|
||||
|
||||
* Tue Nov 28 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update to x11-askpass 1.1.1. (#21301)
|
||||
- Don't second-guess fixpaths, which causes paths to get fixed twice. (#21290)
|
||||
|
||||
* Mon Nov 27 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Merge multiple PAM text messages into subsequent prompts when possible when
|
||||
doing keyboard-interactive authentication.
|
||||
|
||||
* Sun Nov 26 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Disable the built-in MD5 password support. We're using PAM.
|
||||
- Take a crack at doing keyboard-interactive authentication with PAM, and
|
||||
enable use of it in the default client configuration so that the client
|
||||
will try it when the server disallows password authentication.
|
||||
- Build with debugging flags. Build root policies strip all binaries anyway.
|
||||
|
||||
* Tue Nov 21 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Use DESTDIR instead of %%makeinstall.
|
||||
- Remove /usr/X11R6/bin from the path-fixing patch.
|
||||
|
||||
* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Add the primes file from the latest snapshot to the main package (#20884).
|
||||
- Add the dev package to the prereq list (#19984).
|
||||
- Remove the default path and mimic login's behavior in the server itself.
|
||||
|
||||
* Fri Nov 17 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Resync with conditional options in Damien Miller's .spec file for an errata.
|
||||
- Change libexecdir from %%{_libexecdir}/ssh to %%{_libexecdir}/openssh.
|
||||
|
||||
* Tue Nov 7 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update to OpenSSH 2.3.0p1.
|
||||
- Update to x11-askpass 1.1.0.
|
||||
- Enable keyboard-interactive authentication.
|
||||
|
||||
* Mon Oct 30 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update to ssh-askpass-x11 1.0.3.
|
||||
- Change authentication related messages to be private (#19966).
|
||||
|
||||
* Tue Oct 10 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Patch ssh-keygen to be able to list signatures for DSA public key files
|
||||
it generates.
|
||||
|
||||
* Thu Oct 5 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Add BuildPreReq on /usr/include/security/pam_appl.h to be sure we always
|
||||
build PAM authentication in.
|
||||
- Try setting SSH_ASKPASS if gnome-ssh-askpass is installed.
|
||||
- Clean out no-longer-used patches.
|
||||
- Patch ssh-add to try to add both identity and id_dsa, and to error only
|
||||
when neither exists.
|
||||
|
||||
* Mon Oct 2 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update x11-askpass to 1.0.2. (#17835)
|
||||
- Add BuildPreReqs for /bin/login and /usr/bin/rsh so that configure will
|
||||
always find them in the right place. (#17909)
|
||||
- Set the default path to be the same as the one supplied by /bin/login, but
|
||||
add /usr/X11R6/bin. (#17909)
|
||||
- Try to handle obsoletion of ssh-server more cleanly. Package names
|
||||
are different, but init script name isn't. (#17865)
|
||||
|
||||
* Wed Sep 6 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update to 2.2.0p1. (#17835)
|
||||
- Tweak the init script to allow proper restarting. (#18023)
|
||||
|
||||
* Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update to 20000823 snapshot.
|
||||
- Change subpackage requirements from %%{version} to %%{version}-%%{release}
|
||||
- Back out the pipe patch.
|
||||
|
||||
* Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update to 2.1.1p4, which includes fixes for config file parsing problems.
|
||||
- Move the init script back.
|
||||
- Add Damien's quick fix for wackiness.
|
||||
|
||||
* Wed Jul 12 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update to 2.1.1p3, which includes fixes for X11 forwarding and strtok().
|
||||
|
||||
* Thu Jul 6 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Move condrestart to server postun.
|
||||
- Move key generation to init script.
|
||||
- Actually use the right patch for moving the key generation to the init script.
|
||||
- Clean up the init script a bit.
|
||||
|
||||
* Wed Jul 5 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Fix X11 forwarding, from mail post by Chan Shih-Ping Richard.
|
||||
|
||||
* Sun Jul 2 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update to 2.1.1p2.
|
||||
- Use of strtok() considered harmful.
|
||||
|
||||
* Sat Jul 1 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Get the build root out of the man pages.
|
||||
|
||||
* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Add and use condrestart support in the init script.
|
||||
- Add newer initscripts as a prereq.
|
||||
|
||||
* Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Build in new environment (release 2)
|
||||
- Move -clients subpackage to Applications/Internet group
|
||||
|
||||
* Fri Jun 9 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Update to 2.2.1p1
|
||||
|
||||
* Sat Jun 3 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- Patch to build with neither RSA nor RSAref.
|
||||
- Miscellaneous FHS-compliance tweaks.
|
||||
- Fix for possibly-compressed man pages.
|
||||
|
||||
* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
|
||||
- Updated for new location
|
||||
- Updated for new gnome-ssh-askpass build
|
||||
|
||||
* Sun Dec 26 1999 Damien Miller <djm@mindrot.org>
|
||||
- Added Jim Knoble's <jmknoble@pobox.com> askpass
|
||||
|
||||
* Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
|
||||
- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
|
||||
|
||||
* Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
|
||||
- Added 'Obsoletes' directives
|
||||
|
||||
* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
|
||||
- Use make install
|
||||
- Subpackages
|
||||
|
||||
* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
|
||||
- Added links for slogin
|
||||
- Fixed perms on manpages
|
||||
|
||||
* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
|
||||
- Renamed init script
|
||||
|
||||
* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
|
||||
- Back to old binary names
|
||||
|
||||
* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
|
||||
- Use autoconf
|
||||
- New binary names
|
||||
|
||||
* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
|
||||
- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
#!/bin/bash
|
||||
|
||||
#
|
||||
# Init file for OpenSSH server daemon
|
||||
#
|
||||
# chkconfig: 2345 55 25
|
||||
@ -15,149 +15,140 @@
|
||||
# source function library
|
||||
. /etc/rc.d/init.d/functions
|
||||
|
||||
# pull in sysconfig settings
|
||||
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
|
||||
|
||||
RETVAL=0
|
||||
prog="sshd"
|
||||
|
||||
# Some functions to make the below more readable
|
||||
KEYGEN=/usr/bin/ssh-keygen
|
||||
SSHD=/usr/sbin/sshd
|
||||
RSA1_KEY=/etc/ssh/ssh_host_key
|
||||
RSA_KEY=/etc/ssh/ssh_host_rsa_key
|
||||
DSA_KEY=/etc/ssh/ssh_host_dsa_key
|
||||
PID_FILE=/var/run/sshd.pid
|
||||
my_success() {
|
||||
local msg
|
||||
if [ $# -gt 1 ]; then
|
||||
msg="$2"
|
||||
else
|
||||
msg="done"
|
||||
fi
|
||||
case "`type -type success`" in
|
||||
function)
|
||||
success "$1"
|
||||
;;
|
||||
*)
|
||||
echo -n "${msg}"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
my_failure() {
|
||||
local msg
|
||||
if [ $# -gt 1 ]; then
|
||||
msg="$2"
|
||||
else
|
||||
msg="FAILED"
|
||||
fi
|
||||
case "`type -type failure`" in
|
||||
function)
|
||||
failure "$1"
|
||||
;;
|
||||
*)
|
||||
echo -n "${msg}"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
do_rsa1_keygen() {
|
||||
if ! test -f $RSA1_KEY ; then
|
||||
echo -n "Generating SSH1 RSA host key: "
|
||||
if [ ! -s $RSA1_KEY ]; then
|
||||
echo -n $"Generating SSH1 RSA host key: "
|
||||
if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
|
||||
my_success "RSA1 key generation"
|
||||
chmod 600 $RSA1_KEY
|
||||
chmod 644 $RSA1_KEY.pub
|
||||
success $"RSA1 key generation"
|
||||
echo
|
||||
else
|
||||
my_failure "RSA1 key generation"
|
||||
failure $"RSA1 key generation"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
do_rsa_keygen() {
|
||||
if ! test -f $RSA_KEY ; then
|
||||
echo -n "Generating SSH2 RSA host key: "
|
||||
if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
|
||||
my_success "RSA key generation"
|
||||
echo
|
||||
else
|
||||
my_failure "RSA key generation"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
do_dsa_keygen() {
|
||||
if ! test -f $DSA_KEY ; then
|
||||
echo -n "Generating SSH2 DSA host key: "
|
||||
if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
|
||||
my_success "DSA key generation"
|
||||
echo
|
||||
else
|
||||
my_failure "DSA key generation"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
do_restart_sanity_check() {
|
||||
sshd -t
|
||||
RETVAL=$?
|
||||
if [ ! "$RETVAL" = 0 ]; then
|
||||
my_failure "Configuration file or keys"
|
||||
echo
|
||||
exit $RETVAL
|
||||
fi
|
||||
}
|
||||
|
||||
do_rsa_keygen() {
|
||||
if [ ! -s $RSA_KEY ]; then
|
||||
echo -n $"Generating SSH2 RSA host key: "
|
||||
if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
|
||||
chmod 600 $RSA_KEY
|
||||
chmod 644 $RSA_KEY.pub
|
||||
success $"RSA key generation"
|
||||
echo
|
||||
else
|
||||
failure $"RSA key generation"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
do_dsa_keygen() {
|
||||
if [ ! -s $DSA_KEY ]; then
|
||||
echo -n $"Generating SSH2 DSA host key: "
|
||||
if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
|
||||
chmod 600 $DSA_KEY
|
||||
chmod 644 $DSA_KEY.pub
|
||||
success $"DSA key generation"
|
||||
echo
|
||||
else
|
||||
failure $"DSA key generation"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
do_restart_sanity_check()
|
||||
{
|
||||
$SSHD -t
|
||||
RETVAL=$?
|
||||
if [ ! "$RETVAL" = 0 ]; then
|
||||
failure $"Configuration file or keys are invalid"
|
||||
echo
|
||||
fi
|
||||
}
|
||||
|
||||
start()
|
||||
{
|
||||
# Create keys if necessary
|
||||
do_rsa1_keygen
|
||||
do_rsa_keygen
|
||||
do_dsa_keygen
|
||||
|
||||
echo -n $"Starting $prog:"
|
||||
initlog -c "$SSHD $OPTIONS" && success || failure
|
||||
RETVAL=$?
|
||||
[ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
|
||||
echo
|
||||
}
|
||||
|
||||
stop()
|
||||
{
|
||||
echo -n $"Stopping $prog:"
|
||||
killproc $SSHD -TERM
|
||||
RETVAL=$?
|
||||
[ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd
|
||||
echo
|
||||
}
|
||||
|
||||
reload()
|
||||
{
|
||||
echo -n $"Reloading $prog:"
|
||||
killproc $SSHD -HUP
|
||||
RETVAL=$?
|
||||
echo
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
# Create keys if necessary
|
||||
do_rsa1_keygen;
|
||||
do_rsa_keygen;
|
||||
do_dsa_keygen;
|
||||
|
||||
echo -n "Starting sshd: "
|
||||
if [ ! -f $PID_FILE ] ; then
|
||||
sshd $OPTIONS
|
||||
RETVAL=$?
|
||||
if [ "$RETVAL" = "0" ] ; then
|
||||
my_success "sshd startup" "sshd"
|
||||
touch /var/lock/subsys/sshd
|
||||
else
|
||||
my_failure "sshd startup" ""
|
||||
fi
|
||||
fi
|
||||
echo
|
||||
start
|
||||
;;
|
||||
stop)
|
||||
echo -n "Shutting down sshd: "
|
||||
if [ -f $PID_FILE ] ; then
|
||||
killproc sshd
|
||||
RETVAL=$?
|
||||
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd
|
||||
fi
|
||||
echo
|
||||
stop
|
||||
;;
|
||||
restart)
|
||||
do_restart_sanity_check
|
||||
$0 stop
|
||||
$0 start
|
||||
RETVAL=$?
|
||||
stop
|
||||
start
|
||||
;;
|
||||
reload)
|
||||
reload
|
||||
;;
|
||||
condrestart)
|
||||
if [ -f /var/lock/subsys/sshd ] ; then
|
||||
do_restart_sanity_check
|
||||
$0 stop
|
||||
$0 start
|
||||
RETVAL=$?
|
||||
if [ "$RETVAL" = 0 ] ; then
|
||||
stop
|
||||
# avoid race
|
||||
sleep 3
|
||||
start
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
status)
|
||||
status sshd
|
||||
status $SSHD
|
||||
RETVAL=$?
|
||||
;;
|
||||
*)
|
||||
echo "Usage: sshd {start|stop|restart|status|condrestart}"
|
||||
exit 1
|
||||
;;
|
||||
echo $"Usage: $0 {start|stop|restart|reload|condrestart|status}"
|
||||
RETVAL=1
|
||||
esac
|
||||
|
||||
exit $RETVAL
|
||||
|
172
contrib/redhat/sshd.init.old
Executable file
172
contrib/redhat/sshd.init.old
Executable file
@ -0,0 +1,172 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Init file for OpenSSH server daemon
|
||||
#
|
||||
# chkconfig: 2345 55 25
|
||||
# description: OpenSSH server daemon
|
||||
#
|
||||
# processname: sshd
|
||||
# config: /etc/ssh/ssh_host_key
|
||||
# config: /etc/ssh/ssh_host_key.pub
|
||||
# config: /etc/ssh/ssh_random_seed
|
||||
# config: /etc/ssh/sshd_config
|
||||
# pidfile: /var/run/sshd.pid
|
||||
|
||||
# source function library
|
||||
. /etc/rc.d/init.d/functions
|
||||
|
||||
# pull in sysconfig settings
|
||||
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
|
||||
|
||||
RETVAL=0
|
||||
prog="sshd"
|
||||
|
||||
# Some functions to make the below more readable
|
||||
KEYGEN=/usr/bin/ssh-keygen
|
||||
SSHD=/usr/sbin/sshd
|
||||
RSA1_KEY=/etc/ssh/ssh_host_key
|
||||
RSA_KEY=/etc/ssh/ssh_host_rsa_key
|
||||
DSA_KEY=/etc/ssh/ssh_host_dsa_key
|
||||
PID_FILE=/var/run/sshd.pid
|
||||
|
||||
my_success() {
|
||||
local msg
|
||||
if [ $# -gt 1 ]; then
|
||||
msg="$2"
|
||||
else
|
||||
msg="done"
|
||||
fi
|
||||
case "`type -type success`" in
|
||||
function)
|
||||
success "$1"
|
||||
;;
|
||||
*)
|
||||
echo -n "${msg}"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
my_failure() {
|
||||
local msg
|
||||
if [ $# -gt 1 ]; then
|
||||
msg="$2"
|
||||
else
|
||||
msg="FAILED"
|
||||
fi
|
||||
case "`type -type failure`" in
|
||||
function)
|
||||
failure "$1"
|
||||
;;
|
||||
*)
|
||||
echo -n "${msg}"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
do_rsa1_keygen() {
|
||||
if [ ! -s $RSA1_KEY ]; then
|
||||
echo -n "Generating SSH1 RSA host key: "
|
||||
if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
|
||||
chmod 600 $RSA1_KEY
|
||||
chmod 644 $RSA1_KEY.pub
|
||||
my_success "RSA1 key generation"
|
||||
echo
|
||||
else
|
||||
my_failure "RSA1 key generation"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
do_rsa_keygen() {
|
||||
if [ ! -s $RSA_KEY ]; then
|
||||
echo -n "Generating SSH2 RSA host key: "
|
||||
if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
|
||||
chmod 600 $RSA_KEY
|
||||
chmod 644 $RSA_KEY.pub
|
||||
my_success "RSA key generation"
|
||||
echo
|
||||
else
|
||||
my_failure "RSA key generation"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
do_dsa_keygen() {
|
||||
if [ ! -s $DSA_KEY ]; then
|
||||
echo -n "Generating SSH2 DSA host key: "
|
||||
if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
|
||||
chmod 600 $DSA_KEY
|
||||
chmod 644 $DSA_KEY.pub
|
||||
my_success "DSA key generation"
|
||||
echo
|
||||
else
|
||||
my_failure "DSA key generation"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
do_restart_sanity_check() {
|
||||
$SSHD -t
|
||||
RETVAL=$?
|
||||
if [ ! "$RETVAL" = 0 ]; then
|
||||
my_failure "Configuration file or keys"
|
||||
echo
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
# Create keys if necessary
|
||||
do_rsa1_keygen;
|
||||
do_rsa_keygen;
|
||||
do_dsa_keygen;
|
||||
|
||||
echo -n "Starting sshd: "
|
||||
if [ ! -f $PID_FILE ] ; then
|
||||
sshd $OPTIONS
|
||||
RETVAL=$?
|
||||
if [ "$RETVAL" = "0" ] ; then
|
||||
my_success "sshd startup" "sshd"
|
||||
touch /var/lock/subsys/sshd
|
||||
else
|
||||
my_failure "sshd startup" ""
|
||||
fi
|
||||
fi
|
||||
echo
|
||||
;;
|
||||
stop)
|
||||
echo -n "Shutting down sshd: "
|
||||
if [ -f $PID_FILE ] ; then
|
||||
killproc sshd
|
||||
RETVAL=$?
|
||||
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd
|
||||
fi
|
||||
echo
|
||||
;;
|
||||
restart)
|
||||
do_restart_sanity_check
|
||||
$0 stop
|
||||
$0 start
|
||||
RETVAL=$?
|
||||
;;
|
||||
condrestart)
|
||||
if [ -f /var/lock/subsys/sshd ] ; then
|
||||
do_restart_sanity_check
|
||||
$0 stop
|
||||
$0 start
|
||||
RETVAL=$?
|
||||
fi
|
||||
;;
|
||||
status)
|
||||
status sshd
|
||||
RETVAL=$?
|
||||
;;
|
||||
*)
|
||||
echo "Usage: sshd {start|stop|restart|status|condrestart}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit $RETVAL
|
@ -1,8 +1,8 @@
|
||||
#%PAM-1.0
|
||||
auth required /lib/security/pam_pwdb.so shadow nodelay
|
||||
auth required /lib/security/pam_stack.so service=system-auth
|
||||
auth required /lib/security/pam_nologin.so
|
||||
account required /lib/security/pam_pwdb.so
|
||||
password required /lib/security/pam_cracklib.so
|
||||
password required /lib/security/pam_pwdb.so shadow nullok use_authtok
|
||||
session required /lib/security/pam_pwdb.so
|
||||
account required /lib/security/pam_stack.so service=system-auth
|
||||
password required /lib/security/pam_stack.so service=system-auth
|
||||
session required /lib/security/pam_stack.so service=system-auth
|
||||
session required /lib/security/pam_limits.so
|
||||
session optional /lib/security/pam_console.so
|
||||
|
@ -1,8 +0,0 @@
|
||||
#%PAM-1.0
|
||||
auth required /lib/security/pam_stack.so service=system-auth
|
||||
auth required /lib/security/pam_nologin.so
|
||||
account required /lib/security/pam_stack.so service=system-auth
|
||||
password required /lib/security/pam_stack.so service=system-auth
|
||||
session required /lib/security/pam_stack.so service=system-auth
|
||||
session required /lib/security/pam_limits.so
|
||||
session optional /lib/security/pam_console.so
|
8
contrib/redhat/sshd.pam.old
Normal file
8
contrib/redhat/sshd.pam.old
Normal file
@ -0,0 +1,8 @@
|
||||
#%PAM-1.0
|
||||
auth required /lib/security/pam_pwdb.so shadow nodelay
|
||||
auth required /lib/security/pam_nologin.so
|
||||
account required /lib/security/pam_pwdb.so
|
||||
password required /lib/security/pam_cracklib.so
|
||||
password required /lib/security/pam_pwdb.so shadow nullok use_authtok
|
||||
session required /lib/security/pam_pwdb.so
|
||||
session required /lib/security/pam_limits.so
|
Loading…
x
Reference in New Issue
Block a user