aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--security/ssh/Makefile12
-rw-r--r--security/ssh/pkg-descr93
2 files changed, 7 insertions, 98 deletions
diff --git a/security/ssh/Makefile b/security/ssh/Makefile
index 7cb228b6fadb..0fd2b1158785 100644
--- a/security/ssh/Makefile
+++ b/security/ssh/Makefile
@@ -12,12 +12,14 @@ PORTNAME= ssh
PORTVERSION= 1.2.27
PORTREVISION= 1
CATEGORIES= security ipv6
-MASTER_SITES= ftp://ftp.cs.hut.fi/pub/ssh/ \
- ftp://ftp.bitcon.no/.4/console/system/ \
- ftp://ftp.kddlabs.co.jp/.0/security/Crypto/SSH/ \
- ftp://ftp.vision.net.au/ftp7/linuxberg/files/console/system/ \
+MASTER_SITES= ftp://ftp.cs.engr.uky.edu/cs/software/ \
+ ftp://ftp.cs.umn.edu/dept/users/rybski/ \
+ ftp://ftp.net.ohio-state.edu/disk/d/security/ssh/ \
+ ftp://ftp.cronyx.ru/.w2/mirror/ssh/old/ \
+ ftp://ftp.nsysu.edu.tw/Unix/Security/ssh/old/ \
+ ftp://ftp.tokyonet.ad.jp/.da0/security/ssh/old/ \
ftp://ftp.comp.hkbu.edu.hk/.6/unix/ \
- ftp://ftp.du.se/disk1/mirrors/ssh/
+ ftp://ftp.dei.uc.pt/.disk2/Crypto/SSH/old/
MAINTAINER= kris@FreeBSD.org
diff --git a/security/ssh/pkg-descr b/security/ssh/pkg-descr
index 14497e434279..e08cd3baca01 100644
--- a/security/ssh/pkg-descr
+++ b/security/ssh/pkg-descr
@@ -3,96 +3,3 @@ to execute commands in a remote machine, and to move files from one
machine to another. It provides strong authentication and secure
communications over insecure channels. It is intended as a replacement
for rlogin, rsh, and rcp.
-
-FEATURES
-
- o Complete replacement for rlogin, rsh, and rcp.
-
- o Strong authentication. Closes several security holes (e.g., IP,
- routing, and DNS spoofing). New authentication methods: .rhosts
- together with RSA based host authentication, and pure RSA
- authentication.
-
- o Improved privacy. All communications are automatically and
- transparently encrypted. RSA is used for key exchange, and a
- conventional cipher (normally IDEA, DES, or triple-DES) for
- encrypting the session. Encryption is started before
- authentication, and no passwords or other information is
- transmitted in the clear. Encryption is also used to protect
- against spoofed packets.
-
- o Secure X11 sessions. The program automatically sets DISPLAY on
- the server machine, and forwards any X11 connections over the
- secure channel. Fake Xauthority information is automatically
- generated and forwarded to the remote machine; the local client
- automatically examines incoming X11 connections and replaces the
- fake authorization data with the real data (never telling the
- remote machine the real information).
-
- o Arbitrary TCP/IP ports can be redirected through the encrypted channel
- in both directions (e.g., for e-cash transactions).
-
- o No retraining needed for normal users; everything happens
- automatically, and old .rhosts files will work with strong
- authentication if administration installs host key files.
-
- o Never trusts the network. Minimal trust on the remote side of
- the connection. Minimal trust on domain name servers. Pure RSA
- authentication never trusts anything but the private key.
-
- o Client RSA-authenticates the server machine in the beginning of
- every connection to prevent trojan horses (by routing or DNS
- spoofing) and man-in-the-middle attacks, and the server
- RSA-authenticates the client machine before accepting .rhosts or
- /etc/hosts.equiv authentication (to prevent DNS, routing, or
- IP-spoofing).
-
- o Host authentication key distribution can be centrally by the
- administration, automatically when the first connection is made
- to a machine (the key obtained on the first connection will be
- recorded and used for authentication in the future), or manually
- by each user for his/her own use. The central and per-user host
- key repositories are both used and complement each other. Host
- keys can be generated centrally or automatically when the software
- is installed. Host authentication keys are typically 1024 bits.
-
- o Any user can create any number of user authentication RSA keys for
- his/her own use. Each user has a file which lists the RSA public
- keys for which proof of possession of the corresponding private
- key is accepted as authentication. User authentication keys are
- typically 1024 bits.
-
- o The server program has its own server RSA key which is
- automatically regenerated every hour. This key is never saved in
- any file. Exchanged session keys are encrypted using both the
- server key and the server host key. The purpose of the separate
- server key is to make it impossible to decipher a captured session by
- breaking into the server machine at a later time; one hour from
- the connection even the server machine cannot decipher the session
- key. The key regeneration interval is configurable. The server
- key is normally 768 bits.
-
- o An authentication agent, running in the user's laptop or local
- workstation, can be used to hold the user's RSA authentication
- keys. Ssh automatically forwards the connection to the
- authentication agent over any connections, and there is no need to
- store the RSA authentication keys on any machine in the network
- (except the user's own local machine). The authentication
- protocols never reveal the keys; they can only be used to verify
- that the user's agent has a certain key. Eventually the agent
- could rely on a smart card to perform all authentication
- computations.
-
- o The software can be installed and used (with restricted
- functionality) even without root privileges.
-
- o The client is customizable in system-wide and per-user
- configuration files. Most aspects of the client's operation can
- be configured. Different options can be specified on a per-host basis.
-
- o Automatically executes conventional rsh (after displaying a
- warning) if the server machine is not running sshd.
-
- o Optional compression of all data with gzip (including forwarded X11
- and TCP/IP port data), which may result in significant speedups on
- slow connections.
generated by cgit (git 2.34.1) at 2025-01-08 21:42:39 +0800
d8d3c0b185c3f9fd'>- upgrade of Convert::ASN1 to 0.17scrappy2003-06-174-19/+19 * Add optional support to compile in additional character set support.marcus2003-06-171-0/+11 * Yet another overflow check, better temp file name & misc cleanupsache2003-06-149-137/+157 * Don't try to install files to ${PREFIX} during the build.marcus2003-06-131-20/+2 * Change to my FreeBSD.org addresserwin2003-06-132-2/+2 * Update to 1.1perky2003-06-122-2/+2 * Update to 1.9.1.marcus2003-06-1214-377/+39 * Add missing @dirrm and bump PORTREVISIONkris2003-06-092-0/+2 * Add py-cjkcodecs 0.9,perky2003-06-075-0/+113 * Update to 1.04mich2003-06-073-25/+28 * Update to 2.20.petef2003-05-162-2/+2 * New port: ktextdecodefjoe2003-05-135-0/+44 * unbreak for Perl 5.8edwin2003-05-081-2/+2 * Hand over maintainership to autrijus@autrijus.org, the author of the module.arved2003-05-081-1/+1 * Fix 'make package'.fjoe2003-05-041-1/+0 * Update to version 0.52;demon2003-04-293-2/+4 * Add a port for py-iconvcodec 1.0, a universal unicode codec for python.perky2003-04-235-0/+39 * New port: konwertfjoe2003-04-196-0/+1112 * New port: chmviewfjoe2003-04-199-0/+192 * Remove USE_GNOMENG.marcus2003-04-192-2/+0 * Fix compilation on alpha.mbr2003-04-171-7/+5 * Upgrade to 0.85 release candidate 3.okazaki2003-04-164-40/+13 * new port: p5-Encode-compat, Encode.pm compatibility for perl 5.6.1edwin2003-04-144-0/+52 * Fix install directory with perl 5.8 or later.nork2003-04-051-0/+9 * Distfiles moved. (www.ruby-lang.org site reorg.)knu2003-03-301-1/+2 * Update to dumpasn1-20030222kris2003-03-282-3/+3 * Update to 2.18.nork2003-03-232-3/+2 * Bump the port revision.mbr2003-03-231-1/+1 * Fix unresolved symbols in the recode port. Without thismbr2003-03-232-1/+43 * Change BUILD_DEPENDS to EXTRACT_DEPENDS and unbreak.knu2003-03-111-1/+1 * Clear moonlight beckons.ade2003-03-0746-23/+23 * Destroy pkg-comment for some of the stranger uses in the tree,ade2003-03-074-4/+2 * Fix the URL's in pkg-descr and add HTTP master sites.roam2003-02-282-2/+2 * De-pkg-comment for my ports.perky2003-02-252-1/+1 * De-pkg-comment.nork2003-02-232-1/+1 * * Install pkgconfig file in correct locationmarcus2003-02-223-6/+20 * De-pkg-comment.knu2003-02-2140-20/+20 * De-pkg-comment.knu2003-02-2112-6/+6 * De-pkg-comment my non-ruby ports as well.knu2003-02-182-1/+1 * De-pkg-comment.knu2003-02-186-3/+3 * Convert COMMENT to COMMENTFILE until these ports can be converted.kris2003-02-101-1/+1 * Maintainer update: converters/p5-String-Multibyte from 1.00 to 1.03edwin2003-02-053-2/+18 * - Update enca to 0.10.7fjoe2003-01-282-3/+3 * Update to 1.30.tobez2003-01-263-2/+4 * Maintainer update to 2.16edwin2003-01-072-2/+2 * Update to 0.16.nork2003-01-042-2/+2 * upgrade to 2.14ijliao2003-01-044-3/+9 * Make port fetching again, mark as broken under <5.0 due to wprintf()edwin2002-12-153-13/+21 * Catch up with the Ruby Application Archive's URL scheme change.knu2002-12-082-2/+2 * fix stdio problem on -CURRENTleeym2002-11-242-1/+12 * Update to 1.29.tobez2002-11-182-2/+2 * upgrade to 1.00ijliao2002-11-163-9/+20 * o Rollback PORTCOMMENT modifications while this feature's implementationlioux2002-11-1114-14/+7 * Use PORTCOMMENT in the Makefile, and whack the pkg-comment.adamw2002-11-0714-7/+14 * USE_PERL is needed for the post-po-file target.edwin2002-11-051-1/+2 * Half of these ones missed yesterday while converting to USE_REINPLACE.edwin2002-11-051-2/+3 * A letter got chopped from this patchfile and caused the portalfred2002-10-281-1/+1 * Do not create a ${PREFIX}/doc directory. Also, consolidate two patchesmarcus2002-10-285-36/+49 * Add ruby-lv, a Ruby library to use LV's encoding conversion engine.knu2002-10-24