aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorkuriyama <kuriyama@FreeBSD.org>1998-11-23 13:15:17 +0800
committerkuriyama <kuriyama@FreeBSD.org>1998-11-23 13:15:17 +0800
commita77c8eb9d92f7d05587f935f55f3f88c100c84bc (patch)
tree600222f524229828eeef24f2cdd42c9592b4bfea /security
parent4565d4a478bb6d4bb2a7180da45d82df0ba43c10 (diff)
downloadfreebsd-ports-gnome-a77c8eb9d92f7d05587f935f55f3f88c100c84bc.tar.gz
freebsd-ports-gnome-a77c8eb9d92f7d05587f935f55f3f88c100c84bc.tar.zst
freebsd-ports-gnome-a77c8eb9d92f7d05587f935f55f3f88c100c84bc.zip
Secure shell client and server (remote login program).
PR: ports/8204 Submitted by: Issei Suzuki <issei@jp.FreeBSD.ORG>
Diffstat (limited to 'security')
-rw-r--r--security/ssh2/Makefile198
-rw-r--r--security/ssh2/distinfo5
-rw-r--r--security/ssh2/files/patch-aa29
-rw-r--r--security/ssh2/files/patch-ab77
-rw-r--r--security/ssh2/pkg-descr110
-rw-r--r--security/ssh2/pkg-plist71
6 files changed, 172 insertions, 318 deletions
diff --git a/security/ssh2/Makefile b/security/ssh2/Makefile
index 606fbdd463e9..b6f5caf2e643 100644
--- a/security/ssh2/Makefile
+++ b/security/ssh2/Makefile
@@ -1,157 +1,105 @@
-# New ports collection makefile for: ssh
-# Version required: 1.2.25
-# Date created: 30 Jul 1995
-# Whom: torstenb@FreeBSD.ORG
+# New ports collection makefile for: ssh2
+# Version required: 2.0.9
+# Date created: 5 Oct 1998
+# Whom: Issei Suzuki <issei@jp.FreeBSD.ORG>
#
-# $Id: Makefile,v 1.71 1998/10/30 06:15:18 obrien Exp $
-#
-# Maximal ssh package requires YES values for
-# USE_PERL, USE_TCPWRAP
+# $Id$
#
+# Maximal ssh2 package requires YES values for
+# USE_SSH1, USE_TCPWRAP
-DISTNAME= ssh-1.2.26
+DISTNAME= ssh-2.0.9
CATEGORIES= security net
-MASTER_SITES= ftp://ftp.funet.fi/pub/unix/security/login/ssh/
-
-MAINTAINER= torstenb@FreeBSD.ORG
-
-BROKEN= update
+MASTER_SITES= ftp://tp.cs.hut.fi/pub/ssh/ \
+ ftp://sunsite.unc.edu/pub/packages/security/ssh/ \
+ ftp://ftp.kyoto.wide.ad.jp/pub/security/ssh/
-# You can set USA_RESIDENT appropriately in /etc/make.conf if this bugs you..
+PATCH_SITES= ${MASTER_SITES}
+PATCHFILES= ${DISTNAME}-configure-patch
-.if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES
-MASTER_SITES= \
- ftp://ftp.funet.fi/pub/unix/security/login/ssh/ \
- ftp://nic.funet.fi/pub/crypt/mirrors/ftp.dsi.unimi.it/applied-crypto/ \
- ftp://rzsun2.informatik.uni-hamburg.de/pub/virus/crypt/ripem/ \
- ftp://idea.sec.dsi.unimi.it/pub/security/crypt/math/ \
- ftp://ftp.univie.ac.at/security/crypt/cryptography/asymmetric/rsa/ \
- ftp://isdec.vc.cvut.cz/pub/security/unimi/crypt/applied-crypto/
-
-CONFIGURE_ARGS+= --with-rsaref
-LIB_DEPENDS+= rsaref.2:${PORTSDIR}/security/rsaref
-BUILD_DEPENDS+= /nonexistent:${PORTSDIR}/security/rsaref:extract
-.endif
-
-#
-# Use Phil Karn's asm patches to speed up DES on intel.
-# Download by hand from http://www.cryptography.org/cgi-bin/crypto.cgi/ssh/
-# and put in distfiles directory.
-#
-# Disabled for now, since there's not such a patchkit for 1.2.25 version.
-#.if defined(FAST_DES_PATCHKIT) && ${FAST_DES_PATCHKIT} == YES
-#PATCHFILES=ssh-1.2.22-patchkit
-#PATCH_DIST_STRIP=-p1
-#.endif
+MAINTAINER= issei@jp.FreeBSD.org
RESTRICTED= "Crypto; export-controlled"
-IS_INTERACTIVE= YES
GNU_CONFIGURE= YES
+MAKE_ENV= SSH_SERVER_DIR="${PREFIX}/etc/ssh2" \
+ SSH_CLIENT_GLOBAL_CONFIG_FILE="${PREFIX}/etc/ssh2/ssh2_config"
-CONFIGURE_ARGS+= --with-etcdir=${PREFIX}/etc
-
+CONFIGURE_ARGS= --prefix=${PREFIX} --with-etcdir=${PREFIX}/etc
#Uncomment if all your users are in their own group and their homedir
#is writeable by that group. Beware the security implications!
#CONFIGURE_ARGS+= --enable-group-writeability
-
-#Uncomment if you want to allow ssh to emulate an unencrypted rsh connection
-#over a secure medium. This is normally dangerous since it can lead to the
-#disclosure keys and passwords.
-#CONFIGURE_ARGS+= --with-none
-
-.if defined(KRB5_HOME) && exists(${KRB5_HOME})
-CONFIGURE_ARGS+=--with-kerberos5=${KRB5_HOME} --enable-kerberos-tgt-passing
+#
+# Include support for ssh1 client backward compatibility
+.if defined(USE_SSH1) && ${USE_SSH1} == YES
+BUILD_DEPENDS+= ssh1:${PORTSDIR}/security/ssh
+RUN_DEPENDS+= ssh1:${PORTSDIR}/security/ssh
.endif
-
-# Include support for the SecureID card
# Warning: untested !
+# Include support for the SecureID card
.if defined(USE_SECUREID) && ${USE_SECUREID} == YES
CONFIGURE_ARGS+= --with-secureid
.endif
-
-# Don't use IDEA. IDEA can be freely used for non-commercial use. However,
-# commercial use may require a licence in a number of countries
-# Warning: untested !
-.if defined(DONT_USE_IDEA) && ${DONT_USE_IDEA} == YES
-CONFIGURE_ARGS+= --without-idea
+.if defined(USE_TIS) && ${USE_TIS} == YES
+# Include support for the TIS authentication server
+CONFIGURE_ARGS+= --with-tis
.endif
-
-.if !exists(${X11BASE}/bin/xauth)
-CONFIGURE_ARGS+= --without-x
+# Include tcp_wrappers support
+.if defined(USE_TCPWRAP) && ${USE_TCPWRAP} == YES
+CONFIGURE_ARGS+= --with-libwrap
+LIB_DEPENDS+= wrap.7:${PORTSDIR}/security/tcp_wrapper
.endif
-MAN1= scp1.1 ssh-add1.1 ssh-agent1.1 ssh-keygen1.1 ssh1.1 \
- make-ssh-known-hosts1.1
-MAN8= sshd1.8
-
-
-pre-patch:
- @${MV} -f ${WRKSRC}/make-ssh-known-hosts.pl \
- ${WRKSRC}/make-ssh-known-hosts.pl.in
-
-fetch-depends:
-.if !defined(USA_RESIDENT) || ${USA_RESIDENT} != YES && ${USA_RESIDENT} != NO
- @echo
- @echo You must set the variable USA_RESIDENT to YES if you are a
- @echo United States resident, otherwise NO.
- @echo If you are a US resident then this port must also fetch
- @echo the RSAREF2 library from sources abroad \(RSA Inc. holds a
- @echo patent on RSA and public key crypto in general in the United
- @echo States so using RSA implementations other than RSAREF there
- @echo may violate US patent law\).
- @false
+MAN1= ssh2.1 ssh-keygen2.1 ssh-add2.1 ssh-agent2.1 \
+ scp2.1 sftp2.1
+MAN8= sshd2.8
+
+USE_SSH1?= YES
+USE_TCPWRAP?= NO
+USE_TIS?= NO
+USE_SECUREID?= NO
+PORTDOCS= CHANGES LICENSING README
+.if !defined(USE_SSH1) || (defined(USE_SSH1) && ${USE_SSH1} != YES)
+PLIST= ${PKGDIR}/PLIST.ssh2_only
+.endif
+.if defined(NOMANCOMPRESS)
+MAN_SUFX= ""
+.else
+MAN_SUFX= .gz
.endif
post-install:
- @if [ ! -f ${PREFIX}/etc/ssh_host_key ]; then \
- echo "Generating a secret host key..."; \
- ${PREFIX}/bin/ssh-keygen -f ${PREFIX}/etc/ssh_host_key -N ""; \
- fi
+.if defined(USE_SSH1) && ${USE_SSH1} == YES
+.for i in ssh ssh-keygen ssh-add ssh-agent scp
+ ${MV} -f ${PREFIX}/man/man1/${i}.1${MAN_SUFX} ${PREFIX}/man/man1/${i}.old.1${MAN_SUFX}
+.endfor
+ ${MV} -f ${PREFIX}/man/man8/sshd.8${MAN_SUFX} ${PREFIX}/man/man8/sshd.old.8${MAN_SUFX}
+.endif
+#
.if !defined(NOMANCOMPRESS)
- for file in make-ssh-known-hosts scp ssh-add ssh-agent \
- ssh-keygen ssh; do \
- rm -f ${PREFIX}/man/man1/$${file}.1; \
- ln -sf $${file}1.1.gz ${PREFIX}/man/man1/$${file}.1.gz; \
- done
- rm -f ${PREFIX}/man/man1/slogin.1
- rm -f ${PREFIX}/man/man1/slogin1.1
- rm -f ${PREFIX}/man/man8/sshd.8
- ln -sf ssh.1.gz ${PREFIX}/man/man1/slogin.1.gz
- ln -sf ssh1.1.gz ${PREFIX}/man/man1/slogin1.1.gz
- ln -sf sshd1.8.gz ${PREFIX}/man/man8/sshd.8.gz
-.else
- ${ECHO} Warning---some manpages not installed. See port Makefile
+.for i in ssh ssh-keygen ssh-add ssh-agent scp sftp
+ ${RM} -f ${PREFIX}/man/man1/${i}.1
+ ${LN} -sf ${i}2.1.gz ${PREFIX}/man/man1/${i}.1.gz
+.endfor
+ ${RM} -f ${PREFIX}/man/man8/sshd.8
+ ${LN} -sf sshd2.8.gz ${PREFIX}/man/man8/sshd.8.gz
+.endif
+#
+.if !defined(NOPORTDOCS)
+ -${MKDIR} ${PREFIX}/share/doc/ssh2
+.for i in ${PORTDOCS}
+ ${INSTALL_DATA} ${WRKSRC}/$i ${PREFIX}/share/doc/ssh2
+.endfor
.endif
+#
@if [ ! -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \
- echo "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \
- echo "#!/bin/sh" > ${PREFIX}/etc/rc.d/sshd.sh; \
- echo "[ -x ${PREFIX}/sbin/sshd ] && ${PREFIX}/sbin/sshd && echo -n ' sshd'" >> ${PREFIX}/etc/rc.d/sshd.sh; \
+ ${ECHO} "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \
+ ${ECHO} "#!/bin/sh" > ${PREFIX}/etc/rc.d/sshd.sh; \
+ ${ECHO} "[ -x ${PREFIX}/sbin/sshd ] && ${PREFIX}/sbin/sshd && ${ECHO} -n ' sshd'" >> ${PREFIX}/etc/rc.d/sshd.sh; \
chmod 751 ${PREFIX}/etc/rc.d/sshd.sh; \
fi
+ @if [ -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \
+ chmod -x ${PREFIX}/etc/rc.d/sshd.sh; \
+ fi
.include <bsd.port.mk>
-
-# Following stuff must be after <bsd.port.mk> to expand exists() properly
-
-.if defined(USE_PERL) && ${USE_PERL} == YES || \
- exists(${PERL5}) && (!defined(USE_PERL) || ${USE_PERL} != NO)
-BUILD_DEPENDS+= perl${PERL_VERSION}:${PORTSDIR}/lang/perl5
-CONFIGURE_ENV+= PERL=${PERL5}
-.else
-CONFIGURE_ENV+= PERL=/replace_it_with_PERL_path
-.endif
-
-# Include tcp-wrapper support (call remote identd)
-.if defined(USE_TCPWRAP) && ${USE_TCPWRAP} == YES || \
- exists(${PREFIX}/lib/libwrap.a) && \
- (!defined(USE_TCPWRAP) || ${USE_TCPWRAP} != NO)
-CONFIGURE_ENV+= LDFLAGS=-L${PREFIX}/lib CFLAGS="${CFLAGS} -I${PREFIX}/include"
-CONFIGURE_ARGS+= --with-libwrap
-LIB_DEPENDS+= wrap.7:${PORTSDIR}/security/tcp_wrapper
-.endif
-
-# Include SOCKS firewall support
-.if defined(USE_SOCKS) && ${USE_SOCKS} == YES
-CONFIGURE_ARGS+= --with-socks="-L${PREFIX}/lib -lsocks5" --with-socks5
-.endif
diff --git a/security/ssh2/distinfo b/security/ssh2/distinfo
index d3b49042f45b..6cf128dcbb2e 100644
--- a/security/ssh2/distinfo
+++ b/security/ssh2/distinfo
@@ -1,3 +1,2 @@
-MD5 (ssh-1.2.26.tar.gz) = 2ee46d454015dd01c5e8f074eabf0245
-MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d
-MD5 (ssh-1.2.22-patchkit) = 5228897d59be91ad3ae88e992d61cd50
+MD5 (ssh-2.0.9.tar.gz) = 745a65d3a7516979b003fe15d78d93d4
+MD5 (ssh-2.0.9-configure-patch) = b8a422c201500ff816483825c1152788
diff --git a/security/ssh2/files/patch-aa b/security/ssh2/files/patch-aa
index 83e9968ac319..31fcb2311bb8 100644
--- a/security/ssh2/files/patch-aa
+++ b/security/ssh2/files/patch-aa
@@ -1,19 +1,10 @@
-*** make-ssh-known-hosts.pl.in.orig Wed Apr 23 08:40:05 1997
---- make-ssh-known-hosts.pl.in Fri Apr 25 12:38:21 1997
-***************
-*** 87,93 ****
- $debug = 5;
- $defserver = '';
- $bell='\a';
-! $public_key = '/etc/ssh_host_key.pub';
- $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$";
- $timeout = 60;
- $ping_timeout = 3;
---- 87,93 ----
- $debug = 5;
- $defserver = '';
- $bell='\a';
-! $public_key = '@ETCDIR@/ssh_host_key.pub';
- $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$";
- $timeout = 60;
- $ping_timeout = 3;
+--- apps/ssh/Makefile.in.old Mon Oct 5 22:18:17 1998
++++ apps/ssh/Makefile.in Mon Oct 5 22:25:16 1998
+@@ -167,6 +167,7 @@
+ # defines
+
+ SSH_DEFS = -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\"
++SSH_DEFS+= -DSSH_SERVER_DIR=\"$(SSH_SERVER_DIR)\" -DSSH_CLIENT_GLOBAL_CONFIG_FILE=\"$(SSH_CLIENT_GLOBAL_CONFIG_FILE)\"
+
+ COMPILE = $(CC) $(KERBEROS_INCS) $(INCLUDES) $(SSH_DEFS) $(DEFS) $(CPPFLAGS) $(CFLAGS) $(X_CFLAGS)
+ mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
diff --git a/security/ssh2/files/patch-ab b/security/ssh2/files/patch-ab
index 0456b49d4478..f5d0d355ab77 100644
--- a/security/ssh2/files/patch-ab
+++ b/security/ssh2/files/patch-ab
@@ -1,62 +1,15 @@
-*** configure.orig Wed Apr 23 08:40:06 1997
---- configure Fri Apr 25 12:38:54 1997
-***************
-*** 1757,1768 ****
-
- export CFLAGS CC
-
-- # Socket pairs appear to be broken on several systems. I don't know exactly
-- # where, so I'll use pipes everywhere for now.
-- cat >> confdefs.h <<\EOF
-- #define USE_PIPES 1
-- EOF
--
-
- echo $ac_n "checking that the compiler works""... $ac_c" 1>&6
- echo "configure:1769: checking that the compiler works" >&5
---- 1757,1762 ----
-***************
-*** 2759,2765 ****
-
- fi
-
-! for ac_hdr in unistd.h rusage.h sys/time.h lastlog.h utmp.h shadow.h
- do
- ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
- echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
---- 2753,2759 ----
-
- fi
-
-! for ac_hdr in unistd.h rusage.h sys/time.h lastlog.h login_cap.h utmp.h shadow.h
- do
- ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
- echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-***************
-*** 7031,7037 ****
-
- cat >> $CONFIG_STATUS <<EOF
-
-! CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile"}
- EOF
- cat >> $CONFIG_STATUS <<\EOF
- for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
---- 7025,7031 ----
-
- cat >> $CONFIG_STATUS <<EOF
-
-! CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 make-ssh-known-hosts.pl"}
- EOF
- cat >> $CONFIG_STATUS <<\EOF
- for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
-***************
-*** 7235,7240 ****
---- 7229,7236 ----
- done
-
- for ac_config_dir in gmp-2.0.2-ssh-2; do
-+
-+ continue # XXX don't configure gmp
-
- # Do not complain, so a configure script can configure whichever
- # parts of a large source tree are present.
+When you compile *.s with 'cc -pipe' on ELFed FreeBSD, it never ends.
+This patch is ugly hack to avoid the problem.
+
+--- lib/sshmath/Makefile.in.old Thu Oct 8 03:48:38 1998
++++ lib/sshmath/Makefile.in Thu Oct 8 03:49:32 1998
+@@ -383,8 +383,7 @@
+
+ .S.o:
+ $(CPP) $(CPPFLAGS) $(INCLUDES) $(DEFS) $< | grep -v '^#' >tmp-$*.s
+- $(CC) $(CFLAGS) $(SFLAGS) -c tmp-$*.s
+- mv tmp-$*.o $@
++ $(AS) $(SFLAGS) -o $@ tmp-$*.s
+ rm -f tmp-$*.s
+
+ includes:
diff --git a/security/ssh2/pkg-descr b/security/ssh2/pkg-descr
index 307b86088bcf..de564216cd2e 100644
--- a/security/ssh2/pkg-descr
+++ b/security/ssh2/pkg-descr
@@ -1,99 +1,33 @@
-Secure Shell is a program to log into another computer over a network,
-to execute commands in a remote machine, and to move files from one
-machine to another. It provides strong authentication and secure
-communications over insecure channels. It is inteded as a replacement
-for rlogin, rsh, and rcp.
+SSH Protocols and Secure Shell
-FEATURES
+ Secure Shell is the secure login program that revolutionized remote
+management of networks hosts over the Internet. It is a powerful,
+very easy-to-use program that uses strong cryptography for protecting
+all transmitted confidential data, including passwords, binary files,
+and administrative commands.
- o Complete replacement for rlogin, rsh, and rcp.
+ SSH Communications Security is the developer of the Secure Shell and
+the SSH protocol, technologies that are the de-facto standard for
+encrypted terminal connections on the Internet. The benefits of SSH
+include
- o Strong authentication. Closes several security holes (e.g., IP,
- routing, and DNS spoofing). New authentication methods: .rhosts
- together with RSA based host authentication, and pure RSA
- authentication.
+o Automatic authentication of users, no passwords sent in cleartext to
+ prevent the stealing of passwords.
- o Improved privacy. All communications are automatically and
- transparently encrypted. RSA is used for key exchange, and a
- conventional cipher (normally IDEA, DES, or triple-DES) for
- encrypting the session. Encryption is started before
- authentication, and no passwords or other information is
- transmitted in the clear. Encryption is also used to protect
- against spoofed packets.
+o Multiple strong authentication methods that prevent such security
+ threats as spoofing identity.
- o Secure X11 sessions. The program automatically sets DISPLAY on
- the server machine, and forwards any X11 connections over the
- secure channel. Fake Xauthority information is automatically
- generated and forwarded to the remote machine; the local client
- automatically examines incoming X11 connections and replaces the
- fake authorization data with the real data (never telling the
- remote machine the real information).
+o Authentication of both ends of connection, the server and the client
+ are authenticated to prevent identity spoofing, trojan horses, etc.
- o Arbitrary TCP/IP ports can be redirected through the encrypted channel
- in both directions (e.g., for e-cash transactions).
+o Automatic authentication using agents to enable strong
+ authentication to multiple systems with a single-sign-on.
- o No retraining needed for normal users; everything happens
- automatically, and old .rhosts files will work with strong
- authentication if administration installs host key files.
+o Encryption and compression of data for security and speed.
- o Never trusts the network. Minimal trust on the remote side of
- the connection. Minimal trust on domain name servers. Pure RSA
- authentication never trusts anything but the private key.
+o Secure file transfer.
- o Client RSA-authenticates the server machine in the beginning of
- every connection to prevent trojan horses (by routing or DNS
- spoofing) and man-in-the-middle attacks, and the server
- RSA-authenticates the client machine before accepting .rhosts or
- /etc/hosts.equiv authentication (to prevent DNS, routing, or
- IP-spoofing).
+o Tunneling and encryption of arbitrary connections.
- o Host authentication key distribution can be centrally by the
- administration, automatically when the first connection is made
- to a machine (the key obtained on the first connection will be
- recorded and used for authentication in the future), or manually
- by each user for his/her own use. The central and per-user host
- key repositories are both used and complement each other. Host
- keys can be generated centrally or automatically when the software
- is installed. Host authentication keys are typically 1024 bits.
-
- o Any user can create any number of user authentication RSA keys for
- his/her own use. Each user has a file which lists the RSA public
- keys for which proof of possession of the corresponding private
- key is accepted as authentication. User authentication keys are
- typically 1024 bits.
-
- o The server program has its own server RSA key which is
- automatically regenerated every hour. This key is never saved in
- any file. Exchanged session keys are encrypted using both the
- server key and the server host key. The purpose of the separate
- server key is to make it impossible to decipher a captured session by
- breaking into the server machine at a later time; one hour from
- the connection even the server machine cannot decipher the session
- key. The key regeneration interval is configurable. The server
- key is normally 768 bits.
-
- o An authentication agent, running in the user's laptop or local
- workstation, can be used to hold the user's RSA authentication
- keys. Ssh automatically forwards the connection to the
- authentication agent over any connections, and there is no need to
- store the RSA authentication keys on any machine in the network
- (except the user's own local machine). The authentication
- protocols never reveal the keys; they can only be used to verify
- that the user's agent has a certain key. Eventually the agent
- could rely on a smart card to perform all authentication
- computations.
-
- o The software can be installed and used (with restricted
- functionality) even without root privileges.
-
- o The client is customizable in system-wide and per-user
- configuration files. Most aspects of the client's operation can
- be configured. Different options can be specified on a per-host basis.
-
- o Automatically executes conventional rsh (after displaying a
- warning) if the server machine is not running sshd.
-
- o Optional compression of all data with gzip (including forwarded X11
- and TCP/IP port data), which may result in significant speedups on
- slow connections.
+See http://www.ssh.fi/ for more details.
diff --git a/security/ssh2/pkg-plist b/security/ssh2/pkg-plist
index c99dd209976f..8d6c7cff7eba 100644
--- a/security/ssh2/pkg-plist
+++ b/security/ssh2/pkg-plist
@@ -1,29 +1,58 @@
-etc/rc.d/sshd.sh
-bin/scp1
-bin/scp
-bin/ssh1
+bin/ssh2
+@exec mv %D/bin/ssh %D/bin/ssh.old
bin/ssh
-bin/slogin
-bin/ssh-add1
-bin/ssh-add
-bin/ssh-agent1
+@unexec mv -f %B/%f.old %B/%f
+bin/scp2
+@exec mv %D/bin/scp %D/bin/scp.old
+bin/scp
+@unexec mv -f %B/%f.old %B/%f
+bin/sftp2
+bin/sftp
+bin/sftp-server2
+bin/sftp-server
+bin/ssh-agent2
+@exec mv %D/bin/ssh-agent %D/bin/ssh-agent.old
bin/ssh-agent
-bin/ssh-askpass1
-bin/ssh-askpass
-bin/ssh-keygen1
+@unexec mv -f %B/%f.old %B/%f
+bin/ssh-keygen2
+@exec mv %D/bin/ssh-keygen %D/bin/ssh-keygen.old
bin/ssh-keygen
-bin/make-ssh-known-hosts1
-bin/make-ssh-known-hosts
-etc/ssh_config
-etc/sshd_config
-man/man1/make-ssh-known-hosts.1.gz
-man/man1/scp.1.gz
+@unexec mv -f %B/%f.old %B/%f
+bin/ssh-add2
+@exec mv %D/bin/ssh-add %D/bin/ssh-add.old
+bin/ssh-add
+@unexec mv -f %B/%f.old %B/%f
+bin/ssh-askpass2
+@exec mv %D/bin/ssh-askpass %D/bin/ssh-askpass.old
+bin/ssh-askpass
+@unexec mv -f %B/%f.old %B/%f
+etc/ssh2/ssh2_config
+etc/ssh2/sshd2_config
+man/man1/sftp.1.gz
+@exec mv %D/man/man1/ssh.1.gz %D/man/man1/ssh.old.1.gz
+man/man1/ssh.1.gz
+@unexec mv -f %B/ssh.old.1.gz %B/%f
+@exec mv %D/man/man1/ssh-add.1.gz %D/man/man1/ssh-add.old.1.gz
man/man1/ssh-add.1.gz
+@unexec mv -f %B/ssh-add.old.1.gz %B/%f
+@exec mv %D/man/man1/ssh-agent.1.gz %D/man/man1/ssh-agent.old.1.gz
man/man1/ssh-agent.1.gz
+@unexec mv -f %B/ssh-agent.old.1.gz %B/%f
+@exec mv %D/man/man1/ssh-keygen.1.gz %D/man/man1/ssh-keygen.old.1.gz
man/man1/ssh-keygen.1.gz
-man/man1/ssh.1.gz
-man/man1/slogin.1.gz
+@unexec mv -f %B/ssh-keygen.old.1.gz %B/%f
+@exec mv %D/man/man1/scp.1.gz %D/man/man1/scp.old.1.gz
+man/man1/scp.1.gz
+@unexec mv -f %B/scp.old.1.gz %B/%f
+@exec mv %D/man/man8/sshd.8.gz %D/man/man8/sshd.old.8.gz
man/man8/sshd.8.gz
-sbin/sshd1
+@unexec mv -f %B/sshd.old.8.gz %B/%f
+sbin/sshd2
+@exec mv %D/sbin/sshd %D/sbin/sshd.old
sbin/sshd
-@exec if [ ! -f %D/etc/ssh_host_key ]; then echo "Generating a secret host key.." ; %D/bin/ssh-keygen -N "" -f %D/etc/ssh_host_key; fi
+@unexec mv -f %B/%f.old %B/%f
+share/doc/ssh2/CHANGES
+share/doc/ssh2/LICENSING
+share/doc/ssh2/README
+@dirrm share/doc/ssh2
+@exec if [ ! -f %D/etc/ssh2/hostkey ]; then umask 022; echo "Generating 1024 bit host key."; %D/bin/ssh-keygen2 -P -b 1024 -t dsa -c "1024-bit dsa hostkey" -o %D/etc/ssh2/hostkey; fi