diff options
Diffstat (limited to 'security/ssh2')
| -rw-r--r-- | security/ssh2/Makefile | 142 | ||||
| -rw-r--r-- | security/ssh2/distinfo | 2 | ||||
| -rw-r--r-- | security/ssh2/files/patch-HOWTO.anonymous.sftp | 117 | ||||
| -rw-r--r-- | security/ssh2/files/patch-apps::ssh::Makefile.in | 52 | ||||
| -rw-r--r-- | security/ssh2/files/patch-apps::ssh::ssh2_config.5 | 17 | ||||
| -rw-r--r-- | security/ssh2/files/patch-apps::ssh::sshchsession.c | 282 | ||||
| -rw-r--r-- | security/ssh2/files/patch-apps::ssh::sshd2.8 | 24 | ||||
| -rw-r--r-- | security/ssh2/files/patch-apps::ssh::sshd2_config | 14 | ||||
| -rw-r--r-- | security/ssh2/files/patch-apps::ssh::sshd2_config.5 | 23 | ||||
| -rw-r--r-- | security/ssh2/files/patch-apps::ssh::sshd2_subconfig.5 | 11 | ||||
| -rw-r--r-- | security/ssh2/files/patch-configure | 29 | ||||
| -rw-r--r-- | security/ssh2/files/patch-lib::sshapputil::sshuserfile.c | 20 | ||||
| -rw-r--r-- | security/ssh2/files/patch-lib::sshsession::sshunixuser.c | 69 | ||||
| -rw-r--r-- | security/ssh2/files/patch-startup::solaris::sshd2 | 58 | ||||
| -rw-r--r-- | security/ssh2/files/sshd.sh | 27 | ||||
| -rw-r--r-- | security/ssh2/pkg-message | 23 | ||||
| -rw-r--r-- | security/ssh2/pkg-plist | 46 |
17 files changed, 839 insertions, 117 deletions
diff --git a/security/ssh2/Makefile b/security/ssh2/Makefile index 4866395530b9..9d246a4a26c3 100644 --- a/security/ssh2/Makefile +++ b/security/ssh2/Makefile @@ -6,32 +6,67 @@ # PORTNAME= ssh2 -PORTVERSION= 3.2.5 +PORTVERSION= 3.2.9.1 CATEGORIES= security ipv6 +# The list of official mirror sites is at: +# http://www.ssh.com/support/downloads/secureshellserver/non-commercial.html MASTER_SITES= ftp://ftp.ssh.com/pub/ssh/ \ - ftp://sunsite.unc.edu/pub/packages/security/ssh/ \ - ftp://ftp.keystealth.org/pub/ssh/ \ + ftp://ftp.wiretapped.net/pub/security/cryptography/apps/ssh/SSH/ \ + http://www.mirrors.wiretapped.net/security/cryptography/apps/ssh/SSH/ \ + ftp://gd.tuwien.ac.at/utils/shells/ssh/ \ + ftp://ftp.ut.ee/pub/unix/security/ssh/ \ + ftp://ftp.funet.fi/pub/mirrors/ftp.ssh.com/pub/ssh/ \ + ftp://ftp.crihan.fr/mirrors/ftp.ssh.com/ \ + http://ftp.crihan.fr/mirrors/ftp.ssh.com/ \ + ftp://ftp.cert.dfn.de/pub/tools/net/ssh/ \ + ftp://ftp.ntua.gr/pub/security/ssh/ \ + ftp://ftp.unina.it/pub/Unix/ssh/ \ + ftp://ftp.win.ne.jp/pub/ssh/ \ + ftp://core.ring.gr.jp/pub/net/ssh/ \ + http://core.ring.gr.jp/archives/net/ssh/ \ + ftp://ftp.ring.gr.jp/pub/net/ssh/ \ + http://www.ring.gr.jp/archives/net/ssh/ \ + ftp://ftp.ayamura.org/pub/ssh/ \ + ftp://linux.sarang.net/mirror/network/daemon/security/ssh/ \ + ftp://giswitch.sggw.waw.pl/pub/ssh/ \ + ftp://ftp.wsisiz.edu.pl/pub/Unix/ssh/ \ + ftp://ftp.kreonet.re.kr/pub/security/ssh/ \ + ftp://ftp.ulak.net.tr/ssh/ \ ftp://metalab.unc.edu/pub/packages/security/ssh/ \ - ftp://ftp.nsysu.edu.tw/Unix/Security/ssh/ \ - ftp://ftp.cronyx.ru/mirror/ssh/ \ - ftp://ftp.univie.ac.at/applications/ssh.com/ + ftp://ftp.in-span.net/pub/mirrors/ftp.ssh.com/ \ + ftp://ftp.keystealth.org/pub/ssh/ \ + ftp://ftp.epix.net/pub/ssh/ \ + ftp://mirror.pa.msu.edu/ssh/ DISTNAME= ssh-${PORTVERSION} MAINTAINER= marius@alchemy.franken.de -COMMENT= Secure shell client and server (remote login program) +COMMENT= Secure shell client and server for V.2 SSH protocol CONFLICTS= openssh-* openssh-portable-* openssh-gssapi-* ssh-1.* -GNU_CONFIGURE= YES -USE_REINPLACE= YES -CONFIGURE_ARGS= --with-etcdir=${SSH2_ETC} --disable-debug +GNU_CONFIGURE= yes +USE_REINPLACE= yes +MANCOMPRESSED= no -SSH2_ETC= ${PREFIX}/etc/ssh2 -SSH2_RCD= ${PREFIX}/etc/rc.d -CONFIG_FILES= ssh2_config sshd2_config +MAN1= ssh2.1 ssh-keygen2.1 ssh-add2.1 ssh-agent2.1 scp2.1 sftp2.1 \ + sshregex.1 ssh-probe2.1 ssh-dummy-shell.1 +MAN5= ssh2_config.5 sshd-check-conf.5 sshd2_config.5 \ + sshd2_subconfig.5 +MAN8= sshd2.8 +MLINKS= ssh2.1 ssh.1 ssh-add2.1 ssh-add.1 ssh-agent2.1 ssh-agent.1 \ + ssh-keygen2.1 ssh-keygen.1 scp2.1 scp.1 sftp2.1 sftp.1 \ + ssh-probe2.1 ssh-probe.1 sshd2.8 sshd.8 +DOCS= CHANGES FAQ HOWTO.anonymous.sftp LICENSE NEWS README \ + REGEX-SYNTAX SSH2.QUICKSTART \ + RFC.authorization_program_protocol RFC.kbdint_plugin_protocol +EXAMPLES= ext_authorization_example.sh kbdint_plugin_example.sh .include <bsd.port.pre.mk> +CONFIGURE_ARGS+= --disable-debug --with-foreign-etcdir=${PREFIX}/etc \ + --with-libwrap +PKGMESSAGE= ${WRKDIR}/pkg-message + # Define if all your users are in their own group and their homedir # is writeable by that group. Beware the security implications! # @@ -47,63 +82,62 @@ CONFIGURE_ARGS+= --enable-group-writeability CONFIGURE_ARGS+= --with-kerberos5=${KRB5_HOME} --disable-suid-ssh-signer .endif -.if exists(/usr/include/tcpd.h) && !defined(WITHOUT_TCPWRAP) -CONFIGURE_ARGS+= --with-libwrap -.endif - -# This is necessary for a working ssh-chrootmgr. Added by mic@nethack.at. -# -.if defined(WITH_STATIC_SFTP) -CONFIGURE_ARGS+= --enable-static -PLIST_SUB= STATIC="" -.else -PLIST_SUB= STATIC="@comment " -.endif - .if defined(WITH_X11) || (exists(${X11BASE}/lib/libX11.a) \ && exists(${X11BASE}/bin/xauth) && !defined(WITHOUT_X11)) -USE_XLIB= yes -PLIST_SUB+= WITH_X11:="" +USE_XLIB= yes +PLIST_SUB+= WITH_X11:="" .else CONFIGURE_ARGS+= --without-x -PLIST_SUB+= WITH_X11:="@comment " +PLIST_SUB+= WITH_X11:="@comment " .endif -MAN1= ssh2.1 ssh-keygen2.1 ssh-add2.1 ssh-agent2.1 scp2.1 sftp2.1 \ - sshregex.1 ssh-probe2.1 ssh-dummy-shell.1 -MAN5= ssh2_config.5 sshd-check-conf.5 sshd2_config.5 \ - sshd2_subconfig.5 -MAN8= sshd2.8 -MLINKS= ssh2.1 ssh.1 ssh-add2.1 ssh-add.1 ssh-agent2.1 ssh-agent.1 \ - ssh-keygen2.1 ssh-keygen.1 scp2.1 scp.1 sftp2.1 sftp.1 \ - ssh-probe2.1 ssh-probe.1 sshd2.8 sshd.8 -MANCOMPRESSED= no - -MYPORTDOCS= CHANGES FAQ INSTALL LICENSE MANIFEST NEWS README \ - REGEX-SYNTAX SSH2.QUICKSTART - post-patch: -.for i in ${MAN1} ${MAN5} ${MAN8} - @${REINPLACE_CMD} -e 's|\/etc\/ssh2|${PREFIX}&|g;' \ +.for i in ${MAN1} ${MAN5} ${MAN8} ssh2_config sshd2_config + @${REINPLACE_CMD} -e 's|\/etc\/ssh2|${PREFIX}&|g; \ + s|\/usr\/local|${LOCALBASE}|g' \ ${WRKSRC}/apps/ssh/${i} .endfor - @${REINPLACE_CMD} -E -e 's|\$$\(ETCDIR\)|${PREFIX}\/etc|g;' \ +.for i in anonymous.example host_ext.example host_int.example + @${REINPLACE_CMD} -e 's|\/etc\/ssh2|${PREFIX}&|g' \ + ${WRKSRC}/apps/ssh/subconfig/${i} +.endfor + @${REINPLACE_CMD} -e 's|\/etc\/ssh2|${PREFIX}&|g' \ + ${WRKSRC}/HOWTO.anonymous.sftp + @${REINPLACE_CMD} -E -e 's|\$$\(ETCDIR\)|${PREFIX}\/etc|g' \ ${WRKSRC}/apps/ssh/ssh_dummy_shell.out + @${REINPLACE_CMD} -E -e 's|(^TESTS.+)(t-filecopy)|\1|g' \ + ${WRKSRC}/apps/ssh/tests/Makefile.in + @${REINPLACE_CMD} -E -e 's|(^ETCDIR=).+|\1${PREFIX}\/etc\/ssh2|; \ + s|(^SBINDIR=).+|\1${PREFIX}\/sbin|' \ + ${WRKSRC}/startup/solaris/sshd2 + @${SED} 's|%%PREFIX%%|${PREFIX}|g' \ + ${PKGDIR}/pkg-message > ${WRKDIR}/pkg-message post-install: + @${INSTALL_SCRIPT} ${WRKSRC}/startup/solaris/sshd2 \ + ${PREFIX}/etc/rc.d/sshd2.sh.sample + @${MKDIR} ${EXAMPLESDIR} +.for i in ${EXAMPLES} + @${INSTALL_DATA} ${WRKSRC}/$i ${EXAMPLESDIR} +.endfor .if !defined(NOPORTDOCS) - ${MKDIR} ${DOCSDIR} -.for i in ${MYPORTDOCS} - ${INSTALL_DATA} ${WRKSRC}/$i ${DOCSDIR} + @${MKDIR} ${DOCSDIR} +.for i in ${DOCS} + @${INSTALL_DATA} ${WRKSRC}/$i ${DOCSDIR} .endfor .endif - if [ "`${GREP} ssh /etc/inetd.conf | ${GREP} -v ^#ssh`" = "" ]; then \ - if [ ! -f ${SSH2_RCD}/sshd.sh ]; then \ - ${ECHO} "Installing ${SSH2_RCD}/sshd.sh startup file."; \ - ${SED} -e 's+!!PREFIX!!+${PREFIX}+' < ${FILESDIR}/sshd.sh \ - > ${SSH2_RCD}/sshd.sh; \ - ${CHMOD} 751 ${SSH2_RCD}/sshd.sh; \ + @if [ "`${GREP} ssh /etc/inetd.conf | ${GREP} -v ^#ssh`" = "" ]; then \ + if [ ! -f ${PREFIX}/etc/rc.d/sshd2.sh ]; then \ + ${ECHO_CMD} "Installing ${PREFIX}/etc/sshd2.sh startup file."; \ + ${INSTALL_SCRIPT} ${WRKSRC}/startup/solaris/sshd2 \ + ${PREFIX}/etc/rc.d/sshd2.sh; \ fi; \ fi + @${CAT} ${WRKDIR}/pkg-message + +test: build + @-cd ${WRKSRC}/lib/sshcrypto/tests && ${MAKE} check-TESTS + @-cd ${WRKSRC}/apps/ssh/lib/sshproto/tests && ${MAKE} check-TESTS + @-cd ${WRKSRC}/apps/ssh/tests && ${MAKE} check-TESTS .include <bsd.port.post.mk> diff --git a/security/ssh2/distinfo b/security/ssh2/distinfo index 60f0dd3cf395..e69233070f91 100644 --- a/security/ssh2/distinfo +++ b/security/ssh2/distinfo @@ -1 +1 @@ -MD5 (ssh-3.2.5.tar.gz) = 0d9da1d79e4ce9cff44daf93e5b66a11 +MD5 (ssh-3.2.9.1.tar.gz) = f3ed49f13419d97dc1d0d3bfb4bb99bf diff --git a/security/ssh2/files/patch-HOWTO.anonymous.sftp b/security/ssh2/files/patch-HOWTO.anonymous.sftp new file mode 100644 index 000000000000..64208861668d --- /dev/null +++ b/security/ssh2/files/patch-HOWTO.anonymous.sftp @@ -0,0 +1,117 @@ +--- HOWTO.anonymous.sftp.orig Wed Dec 3 14:17:17 2003 ++++ HOWTO.anonymous.sftp Thu Jan 1 19:18:54 2004 +@@ -3,57 +3,27 @@ + Author: Sami Lehtinen <sjl@ssh.com> + Created: Thu Oct 18 18:21:56 2001 + +-1. Follow the standard build process otherwise, except for the following ++1. Create a dedicated user account for the guest user (e.g. "ssh-guest"). + +- % ./configure --enable-static <your-flags-here> +- +- If your system doesn't support fully static binaries (atleast newer +- Solarises), you have to copy extra files after step 5, so that the +- necessary shared libraries and system configuration files can be +- found by ssh-dummy-shell and sftp-server in the chrooted +- environment. +- +- With internal sftp-server: +- You may also use the internal sftp-server. It simplifies logging and +- chrooting considerably. You don't need to build the static binaries. +- +-2. Create a dedicated user account for the guest user (e.g. "ssh-guest"). +- +- In RH Linux: +- +- % useradd [-d home_dir] [-u uid] [-g group] [-s default-shell] ssh-guest ++ % pw useradd ssh-guest -m -s /nonexistent [-d homedir] [-u uid] [-g group] + + Remember that the home directory will be the root ("/") of the + chrooted environment, so choose wisely (you can change it later, of + course). + +-3. Set some known password (e.g. "guest") for the account with "passwd". ++2. Set some known password (e.g. "guest") for the account with "passwd". + +-4. Change the user's shell to "ssh-dummy-shell" with "vipw". ++ % passwd ssh-guest + +- With internal sftp-server: +- If you're using the internal sftp-server, you can use /bin/false or +- whatever as the user's shell. The sftp service isn't executed with +- the shell in this case. The user's shell doesn't even need to exist. +- +-5. Run +- +- % ssh-chrootmgr -v ssh-guest # (or the account you created) +- +- This will copy necessary static binaries to the user's home directory. +- +- With internal sftp-server: +- You don't need this step if you don't need the static +- ssh-dummy-shell. +- +-6. Modify /etc/ssh2/sshd2_config. Add the following line: ++3. Modify /etc/ssh2/sshd2_config. Add the following line: + + ChRootUsers ssh-guest + +-7. If you wish, you may announce the existence of this account in your +- login banner message. The file /etc/ssh2/ssh_banner_message, if not +- empty, will be displayed to incoming users before they authenticate. Or +- you can change the default by modifying the sshd2_config: ++4. If you wish, you may announce the existence of this account in your ++ login banner message. The file /etc/ssh2/ssh_banner_message, ++ if not empty, will be displayed to incoming users before they ++ authenticate. Or you can change the default by modifying the ++ /etc/ssh2/sshd2_config: + + BannerMessageFile /etc/ssh2/some_other_ssh_banner_message + +@@ -74,7 +44,7 @@ + Remember that you may use subconfiguration files to change a banner + message based on e.g. user name (xxx example file). + +-8. You most probably want to restrict access to read-only. For this, ++5. You most probably want to restrict access to read-only. For this, + change the accounts owner to something else (e.g. root): + + % chown -R root:root ~ssh-guest +@@ -82,7 +52,7 @@ + If you want to give some directories write access, change ownership of + those to "ssh-guest". + +-9. To enable logging, you have to add the following line to sshd2_config ++6. To enable logging, you have to add the following line to sshd2_config + (or possibly to a subconfig file (see sshd2_subconfig(5))): + + SftpSysLogFacility <facility> +@@ -90,26 +60,11 @@ + <facility> could be LOCAL7, or whatever you wish. See sshd2_config(5) + for additional documentation. + +- Note, that logging in the chrooted environment with a separate +- binary for sftp-server is tricky. Most likely you have to create a +- /dev/log device under the chrooted jail, and add that to the listened +- devices (with the full path) of your syslogd. See the documentation of +- syslog daemon for this. However, see below. +- +- With internal sftp-server: +- Logging in the chrooted jail is much simpler with the internal +- sftp-server. Just specify the correct SftpSysLogFacility, and you are +- set. +- +-10. Add your sftp-server to sshd2_config (if not already there): +- +- subsystem-sftp sftp-server +- +- With internal sftp-server: ++7. Add your sftp-server to sshd2_config (if not already there): + + subsystem-sftp internal://sftp-server + +-11. Remember to restart the sshd2 daemon after you modify the configuration ++8. Remember to restart the sshd2 daemon after you modify the configuration + file for the changes to take effect! + + Have fun. diff --git a/security/ssh2/files/patch-apps::ssh::Makefile.in b/security/ssh2/files/patch-apps::ssh::Makefile.in new file mode 100644 index 000000000000..a5d483be0a60 --- /dev/null +++ b/security/ssh2/files/patch-apps::ssh::Makefile.in @@ -0,0 +1,52 @@ +--- apps/ssh/Makefile.in.orig Wed Dec 3 14:17:48 2003 ++++ apps/ssh/Makefile.in Fri Jan 2 09:23:14 2004 +@@ -1019,36 +1019,20 @@ + fi + + install-symlinks: +- -mv -f $(DESTDIR)$(bindir)/ssh $(DESTDIR)$(bindir)/ssh.old +- -mv -f $(DESTDIR)$(bindir)/ssh-agent $(DESTDIR)$(bindir)/ssh-agent.old +- -mv -f $(DESTDIR)$(bindir)/ssh-add $(DESTDIR)$(bindir)/ssh-add.old +- -mv -f $(DESTDIR)$(bindir)/ssh-askpass $(DESTDIR)$(bindir)/ssh-askpass.old +- -mv -f $(DESTDIR)$(bindir)/ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen.old +- -mv -f $(DESTDIR)$(bindir)/scp $(DESTDIR)$(bindir)/scp.old +- -mv -f $(DESTDIR)$(bindir)/sftp $(DESTDIR)$(bindir)/sftp.old +- -mv -f $(DESTDIR)$(bindir)/sftp-server $(DESTDIR)$(bindir)/sftp-server.old +- -mv -f $(DESTDIR)$(bindir)/ssh-signer $(DESTDIR)$(bindir)/ssh-signer.old +- -mv -f $(DESTDIR)$(bindir)/ssh-probe $(DESTDIR)$(bindir)/ssh-probe.old +- + (cd $(DESTDIR)$(bindir) && $(LN_S) ssh2 ssh) + (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-agent2 ssh-agent) + (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-add2 ssh-add) +- (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-askpass2 ssh-askpass) ++ case x"@CONFPROGRAMS@" in \ ++ x*askpass*) \ ++ (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-askpass2 ssh-askpass) ;; \ ++ esac + (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-keygen2 ssh-keygen) + (cd $(DESTDIR)$(bindir) && $(LN_S) scp2 scp) + (cd $(DESTDIR)$(bindir) && $(LN_S) sftp2 sftp) + (cd $(DESTDIR)$(bindir) && $(LN_S) sftp-server2 sftp-server) + (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-signer2 ssh-signer) + (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-probe2 ssh-probe) +- -mv -f $(DESTDIR)$(sbindir)/sshd $(DESTDIR)$(sbindir)/sshd.old + (cd $(DESTDIR)$(sbindir) && $(LN_S) sshd2 sshd) +- -mv -f $(DESTDIR)$(mandir)/man1/ssh.1 $(DESTDIR)$(mandir)/man1/ssh.old.1 +- -mv -f $(DESTDIR)$(mandir)/man1/ssh-add.1 $(DESTDIR)$(mandir)/man1/ssh-add.old.1 +- -mv -f $(DESTDIR)$(mandir)/man1/ssh-agent.1 $(DESTDIR)$(mandir)/man1/ssh-agent.old.1 +- -mv -f $(DESTDIR)$(mandir)/man1/ssh-keygen.1 $(DESTDIR)$(mandir)/man1/ssh-keygen.old.1 +- -mv -f $(DESTDIR)$(mandir)/man1/scp.1 $(DESTDIR)$(mandir)/man1/scp.old.1 +- -mv -f $(DESTDIR)$(mandir)/man1/sftp.1 $(DESTDIR)$(mandir)/man1/sftp.old.1 +- -mv -f $(DESTDIR)$(mandir)/man1/ssh-probe.1 $(DESTDIR)$(mandir)/man1/ssh-probe.old.1 + (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) ssh2.1 ssh.1) + (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) ssh-add2.1 ssh-add.1) + (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) ssh-agent2.1 ssh-agent.1) +@@ -1056,7 +1040,6 @@ + (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) scp2.1 scp.1) + (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) sftp2.1 sftp.1) + (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) ssh-probe2.1 ssh-probe.1) +- -mv -f $(DESTDIR)$(mandir)/man8/sshd.8 $(DESTDIR)$(mandir)/man8/sshd.old.8 + (cd $(DESTDIR)$(mandir)/man8 && $(LN_S) sshd2.8 sshd.8) + + clean-up-old: + diff --git a/security/ssh2/files/patch-apps::ssh::ssh2_config.5 b/security/ssh2/files/patch-apps::ssh::ssh2_config.5 new file mode 100644 index 000000000000..49c11e4cc85f --- /dev/null +++ b/security/ssh2/files/patch-apps::ssh::ssh2_config.5 @@ -0,0 +1,17 @@ +--- apps/ssh/ssh2_config.5.orig Wed Dec 3 17:05:48 2003 ++++ apps/ssh/ssh2_config.5 Wed Dec 3 17:06:25 2003 +@@ -136,14 +136,6 @@ + .ne 3 + + .TP +-.B Cert.RSA.Compat.HashScheme +-Older SSH Secure Shell clients and servers used hashes in an incoherent +-manner (sometimes MD5, sometimes SHA-1). With this option, you can set +-what hash is used. Valid values are "\fBmd5\fR" and "\fBsha1\fR". The +-default is "\fBmd5\fR" (works in most cases). +-.ne 3 +- +-.TP + .B Ciphers + Specifies the ciphers to use for encrypting the + session. Currently, diff --git a/security/ssh2/files/patch-apps::ssh::sshchsession.c b/security/ssh2/files/patch-apps::ssh::sshchsession.c index 36f18b967cbe..f503e324bc93 100644 --- a/security/ssh2/files/patch-apps::ssh::sshchsession.c +++ b/security/ssh2/files/patch-apps::ssh::sshchsession.c @@ -1,22 +1,276 @@ --- apps/ssh/sshchsession.c.orig Thu Jul 3 00:19:57 2003 +++ apps/ssh/sshchsession.c Thu Jul 3 00:21:12 2003 -@@ -218,8 +218,8 @@ - #ifdef _PATH_USERPATH - #define DEFAULT_PATH _PATH_USERPATH - #else --#ifdef _PATH_DEFPATH --#define DEFAULT_PATH _PATH_DEFPATH -+#ifdef _PATH_STDPATH -+#define DEFAULT_PATH _PATH_STDPATH - #else - #define DEFAULT_PATH "/bin:/usr/bin:/usr/ucb:/usr/bin/X11:/usr/local/bin" - #endif -@@ -502,7 +502,7 @@ +@@ -122,6 +122,11 @@ + + + ++#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++#include <login_cap.h> ++#include <sys/copyright.h> ++#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */ ++ + #define SSH_DEBUG_MODULE "Ssh2ChannelSession" + + #define SSH_SESSION_INTERACTIVE_WINDOW 10000 +@@ -487,6 +492,14 @@ + char *user_conf_dir = NULL; + int i; + ++#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++ extern char **environ; ++ char *path, *newpath, **saveenv; ++ struct passwd *pw; ++ ++ pw = getpwuid(ssh_user_uid(session->common->user_data)); ++#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */ ++ + user_name = session->common->user; + + if (ssh_user_needs_chroot(session->common->user_data, session->common)) +@@ -502,7 +515,11 @@ ssh_child_set_env(envp, envsizep, "HOME", user_dir); ssh_child_set_env(envp, envsizep, "USER", user_name); ssh_child_set_env(envp, envsizep, "LOGNAME", user_name); -- ssh_child_set_env(envp, envsizep, "PATH", DEFAULT_PATH ":" SSH_BINDIR); -+ ssh_child_set_env(envp, envsizep, "PATH", DEFAULT_PATH SSH_BINDIR); ++#ifdef __FreeBSD__ ++ ssh_child_set_env(envp, envsizep, "PATH", _PATH_STDPATH SSH_BINDIR); ++#else + ssh_child_set_env(envp, envsizep, "PATH", DEFAULT_PATH ":" SSH_BINDIR); ++#endif #ifdef MAIL_SPOOL_DIRECTORY ssh_snprintf(buf, sizeof(buf), "%s/%s", MAIL_SPOOL_DIRECTORY, user_name); +@@ -529,6 +546,39 @@ + if (getenv("TZ")) + ssh_child_set_env(envp, envsizep, "TZ", getenv("TZ")); + ++#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++ saveenv = environ; ++ environ = *envp; ++ ++ if (setusercontext(NULL, pw, ssh_user_uid(session->common->user_data), ++ LOGIN_SETPATH | LOGIN_SETENV) == 0) ++ { ++ if ((path = getenv("PATH")) == NULL) ++ newpath = ssh_xstrdup(SSH_BINDIR); ++ else if (strstr(path, SSH_BINDIR) == NULL) ++ ssh_dsprintf(&newpath, "%s:%s", path, SSH_BINDIR); ++ else ++ newpath = ssh_xstrdup(path); ++ ++ *envp = environ; ++ environ = saveenv; ++ for (*envsizep = 0; (*envp)[*envsizep] != NULL; (*envsizep)++) ++ ; /* nothing */ ++ *envsizep += 51; ++ (*envp) = ssh_xrealloc(*envp, (*envsizep) * sizeof(char *)); ++ ++ ssh_child_set_env(envp, envsizep, "PATH", newpath); ++ ssh_xfree(newpath); ++ } ++ else ++ { ++ *envp = environ; ++ environ = saveenv; ++ ssh_debug("setusercontext: unable to set user context"); ++ } ++ endpwent(); ++#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */ ++ + /* Set SSH_CLIENT. */ + ssh_snprintf(buf, sizeof(buf), "%s %s %s %s", + session->common->remote_ip, session->common->remote_port, +@@ -632,6 +682,11 @@ + FILE *f; + char *user_conf_dir = NULL; + ++#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++ struct passwd *pw; ++ login_cap_t *lc; ++#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */ ++ + #ifdef SSH_CHANNEL_X11 + const char *auth_protocol; + const char *auth_cookie; +@@ -643,6 +698,18 @@ + #endif /* SSH_CHANNEL_X11 */ + + shell = ssh_user_shell(session->common->user_data); ++#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++ pw = getpwuid(ssh_user_uid(session->common->user_data)); ++ lc = login_getpwclass(pw); ++ if (lc == NULL) ++ ssh_debug("Unable to get login class: %s", session->common->user); ++ else ++ { ++ shell = login_getcapstr(lc, "shell", (char *) shell, (char *) shell); ++ login_close(lc); ++ } ++ endpwent(); ++#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */ + user_conf_dir = ssh_user_conf_dir(session->common->user_data, + session->common->config); + +@@ -844,12 +911,24 @@ + extern char **environ; + unsigned int envsize; + int i; +- FILE *f; ++ FILE *f = NULL; + char *subsystem_path = NULL; + Boolean needs_chroot = FALSE, run_internal_sftp_server = FALSE; + const char *chroot_dir = NULL; + SshUserFDCloseCB close_fds = NULL_FNPTR; + SshConfig config = session->common->config; ++#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++ struct passwd *pw; ++ login_cap_t *lc; ++ ++ pw = getpwuid(ssh_user_uid(session->common->user_data)); ++ lc = login_getpwclass(pw); ++ if (lc == NULL) ++ { ++ ssh_debug("Unable to get login class: %s", session->common->user); ++ exit(254); ++ } ++#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */ + + + +@@ -865,6 +944,11 @@ + #endif /* HAVE_IF */ + + /* Check /etc/nologin. */ ++#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++ if (pw->pw_uid != UID_ROOT && !login_getcapbool(lc, "ignorenologin", 0)) ++ f = fopen(login_getcapstr(lc, "nologin", _PATH_NOLOGIN, _PATH_NOLOGIN), ++ "r"); ++#else /* ! (__FreeBSD && HAVE_LOGIN_CAP_H) */ + if ((f = fopen("/etc/nologin", "r")) == NULL) + { + char hname[MAXHOSTNAMELEN]; +@@ -877,12 +961,17 @@ + ssh_debug("%s %s.", nologin_path, f ? "exists" : "does not exist"); + ssh_xfree(nologin_path); + } ++#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */ + + if (f) + { /* /etc/nologin exists. Print its contents and exit. */ + /* Print a message about /etc/nologin existing; I am getting + questions because of this every week. */ ++#ifdef __FreeBSD__ ++ ssh_warning("Logins are currently denied with " _PATH_NOLOGIN ":"); ++#else + ssh_warning("Logins are currently denied with /etc/nologin:"); ++#endif + while (fgets(buf, sizeof(buf), f)) + fputs(buf, stderr); + fclose(f); +@@ -963,8 +1052,8 @@ + { + if (chdir("/") < 0) + { +- ssh_debug("Chroot to user '%s' home directory failed!", +- session->common->user); ++ ssh_debug("Chroot to user '%s' home directory failed: %s", ++ session->common->user, strerror(errno)); + exit(254); + } + } +@@ -975,6 +1064,10 @@ + ssh_warning("Could not chdir to home directory %s: %s", + ssh_user_dir(session->common->user_data), + strerror(errno)); ++#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++ if (login_getcapbool(lc, "requirehome", 0)) ++ exit(254); ++#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */ + chdir("/"); + } + } +@@ -1128,6 +1221,12 @@ + + + shell = ssh_user_shell(session->common->user_data); ++#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++ shell = login_getcapstr(lc, "shell", (char *) shell, (char *) shell); ++ login_close(lc); ++ endpwent(); ++#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */ ++ + argv[0] = (char *)shell; + argv[1] = "-c"; + argv[2] = (char *)session->common->forced_command; +@@ -1158,6 +1257,9 @@ + + /* Get the user's shell, and the last component of it. */ + shell = ssh_user_shell(session->common->user_data); ++#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++ shell = login_getcapstr(lc, "shell", (char *) shell, (char *) shell); ++#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */ + + shell_no_path = strrchr(shell, '/'); + if (shell_no_path) +@@ -1188,6 +1290,9 @@ + (needs_chroot ? "" : + ssh_user_dir(session->common->user_data))); + quiet_login = stat(linebuf, &st) >= 0; ++#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++ quiet_login |= login_getcapbool(lc, "hushlogin", 0); ++#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */ + + if (!quiet_login) + { +@@ -1217,11 +1322,28 @@ + ssh_xfree(time_string); + } + #endif /* HAVE_SIA */ ++#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++ SSH_DEBUG(7, ("Printing copyright.")); ++ f = fopen(login_getcapstr(lc, "copyright", NULL, NULL), "r"); ++ if (f) ++ { ++ while (fgets(linebuf, sizeof(linebuf), f) != NULL) ++ fputs(linebuf, stdout); ++ fclose(f); ++ } ++ else ++ fputs(COPYRIGHT_UCB "\n", stdout); ++#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */ + /* print motd, if "PrintMotd yes" and it exists */ + if (config->print_motd) + { + SSH_DEBUG(7, ("Printing MOTD.")); ++#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++ f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", ++ "/etc/motd"), "r"); ++#else /* ! (__FreeBSD && HAVE_LOGIN_CAP_H) */ + f = fopen("/etc/motd", "r"); ++#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */ + if (f) + { + while (fgets(linebuf, sizeof(linebuf), f)) +@@ -1239,7 +1361,11 @@ + { + struct stat mailbuf; + if (stat(mailbox, &mailbuf) == -1 || mailbuf.st_size == 0) ++#ifndef __FreeBSD__ + printf("No mail.\n"); ++#else ++ ; /* nothing */ ++#endif + else if (mailbuf.st_atime > mailbuf.st_mtime) + printf("You have mail.\n"); + else +@@ -1248,6 +1374,11 @@ + } + } + } ++ ++#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++ login_close(lc); ++ endpwent(); ++#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */ + + execve(shell, argv, env); + /* Executing the shell failed. */ diff --git a/security/ssh2/files/patch-apps::ssh::sshd2.8 b/security/ssh2/files/patch-apps::ssh::sshd2.8 new file mode 100644 index 000000000000..98c3ddaf29dc --- /dev/null +++ b/security/ssh2/files/patch-apps::ssh::sshd2.8 @@ -0,0 +1,24 @@ +--- apps/ssh/sshd2.8.orig Wed Dec 3 14:17:23 2003 ++++ apps/ssh/sshd2.8 Sun Dec 28 17:09:32 2003 +@@ -241,20 +241,11 @@ + login time, message of the day and mailcheck.) + + .TP +-.I /etc/nologin ++.I /var/run/nologin + If this file exists, + .B sshd2 + refuses to let anyone except root log in. The contents of the file + is displayed to anyone trying to log in. The file should be world-readable. +- +-.TP +-.I /etc/nologin_<hostname> +-As above, but the filename is constructed from the name of the +-host. Check output of +-.B hostname +-to see what name you should use in the filename. This functionality is +-supposed to be used by clustered machines (which share +-.IR /etc ). + + .TP + .I \&$HOME/\s+2.\s0rhosts diff --git a/security/ssh2/files/patch-apps::ssh::sshd2_config b/security/ssh2/files/patch-apps::ssh::sshd2_config new file mode 100644 index 000000000000..b1db331e2fec --- /dev/null +++ b/security/ssh2/files/patch-apps::ssh::sshd2_config @@ -0,0 +1,14 @@ +--- apps/ssh/sshd2_config.orig Wed Dec 3 14:17:28 2003 ++++ apps/ssh/sshd2_config Thu Jan 1 19:33:35 2004 +@@ -188,9 +188,9 @@ + ## subsystem definitions + + # Subsystems don't have defaults, so this is needed here (uncommented). +- subsystem-sftp sftp-server ++# subsystem-sftp sftp-server + # Also internal sftp-server subsystem can be used. +-# subsystem-sftp internal://sftp-server ++ subsystem-sftp internal://sftp-server + + ## Subconfiguration + # There are no default subconfiguration files. When specified the last diff --git a/security/ssh2/files/patch-apps::ssh::sshd2_config.5 b/security/ssh2/files/patch-apps::ssh::sshd2_config.5 new file mode 100644 index 000000000000..a9c3be0414b9 --- /dev/null +++ b/security/ssh2/files/patch-apps::ssh::sshd2_config.5 @@ -0,0 +1,23 @@ +--- apps/ssh/sshd2_config.5.orig Wed Dec 3 17:08:53 2003 ++++ apps/ssh/sshd2_config.5 Wed Dec 3 17:09:35 2003 +@@ -288,20 +288,6 @@ + .ne 3 + + .TP +-.B Cert.RSA.Compat.HashScheme +-Older SSH Secure Shell clients and servers used hashes in an incoherent +-manner (sometimes MD5, sometimes SHA-1). With this option, you can set +-what hash is used. This option can be set in +-.BR HostSpecificConfig , +-and then reset in +-.BR UserSpecificConfig , +-in which case the value set in host-specific configuration will apply to +-the initial key exchange and during authentication the value in the +-user-specific configuration will be used. Valid values are "\fBmd5\fR" +-and "\fBsha1\fR". The default is "\fBmd5\fR" (works in most cases). +-.ne 3 +- +-.TP + .B CheckMail + Makes \fBsshd2\fR print information whether there is new mail or not + when a user logs in interactively. (On some systems this information diff --git a/security/ssh2/files/patch-apps::ssh::sshd2_subconfig.5 b/security/ssh2/files/patch-apps::ssh::sshd2_subconfig.5 new file mode 100644 index 000000000000..53bdc2f25536 --- /dev/null +++ b/security/ssh2/files/patch-apps::ssh::sshd2_subconfig.5 @@ -0,0 +1,11 @@ +--- apps/ssh/sshd2_subconfig.5.orig Wed Dec 3 17:13:11 2003 ++++ apps/ssh/sshd2_subconfig.5 Wed Dec 3 17:13:31 2003 +@@ -136,8 +136,6 @@ + .LP + .B AuthPublicKey.MinSize + .LP +-.B Cert.RSA.Compat.HashScheme +-.LP + .B CheckMail + .LP + .B DenyShosts diff --git a/security/ssh2/files/patch-configure b/security/ssh2/files/patch-configure new file mode 100644 index 000000000000..a1e3a8ac43cb --- /dev/null +++ b/security/ssh2/files/patch-configure @@ -0,0 +1,29 @@ +--- configure.orig Wed Dec 3 14:17:42 2003 ++++ configure Mon Dec 29 01:43:15 2003 +@@ -3773,7 +3773,7 @@ + # + + # So many systems seem to need this that it is better do it here automatically. +-LIBS="-L/usr/local/lib $LIBS" ++#LIBS="-L/usr/local/lib $LIBS" + + # Platform-specific stuff. + case "$target" in +@@ -10994,7 +10994,7 @@ + fi + if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 +- X_PRE_LIBS="$X_PRE_LIBS -lSM -lICE" ++# X_PRE_LIBS="$X_PRE_LIBS -lSM -lICE" + else + echo "$ac_t""no" 1>&6 + fi +@@ -11112,7 +11112,7 @@ + #include "confdefs.h" + #include <$ac_hdr> + EOF +-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" ++ac_try="$ac_cpp -I$x_includes conftest.$ac_ext >/dev/null 2>conftest.out" + { (eval echo configure:11117: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then diff --git a/security/ssh2/files/patch-lib::sshapputil::sshuserfile.c b/security/ssh2/files/patch-lib::sshapputil::sshuserfile.c new file mode 100644 index 000000000000..9886bee1a3ca --- /dev/null +++ b/security/ssh2/files/patch-lib::sshapputil::sshuserfile.c @@ -0,0 +1,20 @@ +--- lib/sshapputil/sshuserfile.c.orig Wed Dec 3 14:17:21 2003 ++++ lib/sshapputil/sshuserfile.c Mon Dec 29 20:58:27 2003 +@@ -742,12 +742,13 @@ + if (uid != geteuid() || uid != getuid()) + { + #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) +- struct passwd * pw = getpwuid(uid); +- login_cap_t * lc = login_getuserclass(pw); +- if (setusercontext(lc, pw, uid, ++ struct passwd *pw; ++ ++ pw = getpwuid(uid); ++ if (setusercontext(NULL, pw, uid, + LOGIN_SETALL & ~(LOGIN_SETLOGIN | LOGIN_SETPATH | + LOGIN_SETENV)) < 0) +- ssh_fatal("setusercontext: %s", strerror(errno)); ++ ssh_fatal("setusercontext: unable to set user context"); + #else /* ! (__FreeBSD && HAVE_LOGIN_CAP_H) */ + if (setgid(gid) < 0) + ssh_fatal("setgid: %s", strerror(errno)); diff --git a/security/ssh2/files/patch-lib::sshsession::sshunixuser.c b/security/ssh2/files/patch-lib::sshsession::sshunixuser.c new file mode 100644 index 000000000000..ddd2a1b79b03 --- /dev/null +++ b/security/ssh2/files/patch-lib::sshsession::sshunixuser.c @@ -0,0 +1,69 @@ +--- lib/sshsession/sshunixuser.c.orig Wed Dec 3 14:17:21 2003 ++++ lib/sshsession/sshunixuser.c Mon Dec 29 20:57:45 2003 +@@ -104,6 +104,10 @@ + + #define SSH_DEBUG_MODULE "SshUnixUser" + ++#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++#include <login_cap.h> ++#endif /* __FreeBSD && HAVE_LOGIN_CAP_H */ ++ + extern char *crypt(const char *key, const char *salt); + + /* Group structure. */ +@@ -1477,6 +1481,37 @@ + /* Set uid, gid, and groups. */ + if (getuid() == UID_ROOT || geteuid() == UID_ROOT) + { ++#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++ struct passwd *pw; ++ ++ pw = getpwuid(ssh_user_uid(uc)); ++ if (setusercontext(NULL, pw, ssh_user_uid(uc), ++ LOGIN_SETALL & ~(LOGIN_SETLOGIN | LOGIN_SETUSER | ++ LOGIN_SETPATH | LOGIN_SETENV)) < 0) ++ { ++ SSH_DEBUG(2, ("setusercontext: unable to set user context")); ++ return FALSE; ++ } ++ endgrent(); ++ ++ /* chrooting at this point. */ ++ if (chroot_dir) ++ { ++ if (chroot(chroot_dir) < 0) ++ { ++ ssh_warning("Chroot to '%s' failed: %s", chroot_dir, ++ strerror(errno)); ++ return FALSE; ++ } ++ } ++ ++ if (setusercontext(NULL, pw, ssh_user_uid(uc), LOGIN_SETUSER) < 0) ++ { ++ SSH_DEBUG(2, ("setusercontext: unable to set user context")); ++ return FALSE; ++ } ++ endpwent(); ++#else /* ! (__FreeBSD && HAVE_LOGIN_CAP_H) */ + if (setgid(ssh_user_gid(uc)) < 0) + { + SSH_DEBUG(2, ("setgid: %s", strerror(errno))); +@@ -1524,7 +1559,8 @@ + { + if (chroot(chroot_dir) < 0) + { +- ssh_warning("Chroot to '%s' failed!", chroot_dir); ++ ssh_warning("Chroot to '%s' failed: %s", chroot_dir, ++ strerror(errno)); + return FALSE; + } + } +@@ -1578,6 +1614,7 @@ + return FALSE; + } + #endif /* HAVE_SIA */ ++#endif /* __FreeBSD && HAVE_LOGIN_CAP_H */ + } + + #ifdef KERBEROS diff --git a/security/ssh2/files/patch-startup::solaris::sshd2 b/security/ssh2/files/patch-startup::solaris::sshd2 new file mode 100644 index 000000000000..74752fcbb013 --- /dev/null +++ b/security/ssh2/files/patch-startup::solaris::sshd2 @@ -0,0 +1,58 @@ +--- startup/solaris/sshd2.orig Wed Dec 3 14:17:18 2003 ++++ startup/solaris/sshd2 Tue Dec 30 12:38:16 2003 +@@ -22,9 +22,7 @@ + SBINDIR=/usr/local/sbin + + +-[ -f ${SBINDIR}/sshd2 ] || exit 0 +- +-PORT= ++[ -x ${SBINDIR}/sshd2 ] || exit 0 + + PORT=`grep Port ${ETCDIR}/sshd2_config | awk '{ x = $2 } END {print x}' -` + if [ "X$PORT" = "X" ] +@@ -37,31 +35,19 @@ + case "$1" in + start) + # Start daemons. +- echo "Starting sshd2 on port $PORT... " +- ${SBINDIR}/sshd2 ++ ${SBINDIR}/sshd2 2> /dev/null ++ echo -n ' sshd2' + ;; + stop) + # Stop daemons. + +- if [ -f /var/run/sshd2_$PORT.pid ] ++ if [ -r /var/run/sshd2_$PORT.pid ] + + then + +- echo "1 Shutting down sshd2 on port ${PORT}... " + kill `cat /var/run/sshd2_${PORT}.pid` + rm -f /var/run/sshd2_${PORT}.pid +- +- elif [ -f ${ETCDIR}/sshd2_${PORT}.pid ] +- +- then +- +- echo "Shutting down sshd2 on port ${PORT}... " +- kill `cat ${ETCDIR}/sshd2_${PORT}.pid` +- rm -f ${ETCDIR}/sshd2_${PORT}.pid +- +- else +- +- echo "sshd2 is not running" ++ echo -n ' sshd2' + + fi + +@@ -72,7 +58,7 @@ + $0 start + ;; + *) +- echo "Usage: sshd2 {start|stop|restart}" ++ echo "Usage: `basename $0` {start|stop|restart}" + exit 1 + esac + diff --git a/security/ssh2/files/sshd.sh b/security/ssh2/files/sshd.sh deleted file mode 100644 index b7c5ac8d80e3..000000000000 --- a/security/ssh2/files/sshd.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -case "$1" in - start) - !!PREFIX!!/sbin/sshd 2> /dev/null - echo -n ' sshd' - ;; - stop) - if [ -f /var/run/sshd2_22.pid ]; then - kill -TERM `cat /var/run/sshd2_22.pid` - rm -f /var/run/sshd2_22.pid - echo -n ' sshd' - fi - ;; - restart) - if [ -f /var/run/sshd2_22.pid ]; then - kill -HUP `cat /var/run/sshd2_22.pid` - echo 'sshd restarted' - fi - ;; - -h) - echo "Usage: `basename $0` { start | stop | restart }" - ;; - *) - !!PREFIX!!/sbin/sshd - echo -n ' sshd' - ;; -esac diff --git a/security/ssh2/pkg-message b/security/ssh2/pkg-message new file mode 100644 index 000000000000..092b8d57168d --- /dev/null +++ b/security/ssh2/pkg-message @@ -0,0 +1,23 @@ +=========================================================================== + +Depending on how you would like to start sshd2(8) you have three choices: +1) Copy the sample start-up script %%PREFIX%%/etc/rc.d/sshd2.sh.sample +to %%PREFIX%%/etc/rc.d/sshd2.sh. + +2) Add the following entries to your /etc/inetd.conf: +ssh stream tcp nowait root %%PREFIX%%/sbin/sshd2 sshd -i +ssh stream tcp6 nowait root %%PREFIX%%/sbin/sshd2 sshd -i + +3) On FreeBSD 4 only (on FreeBSD 5 with rcNG this currently doesn't work +properly) add the following entries to your /etc/rc.conf: +sshd_enable="YES" +sshd_program="%%PREFIX%%/sbin/sshd2" + +NOTE: This port traditionally sets up 1) automatically unless it detects 2). + If you want to use 2) or 3) you have to manually delete the start-up + script %%PREFIX%%/etc/rc.d/sshd2.sh. This version of the port is the + last one that does 1) automatically. To prevent foot shooting when + updating to the next version this port won't remove an existing + %%PREFIX%%/etc/rc.d/sshd2.sh on deinstallation. + +=========================================================================== diff --git a/security/ssh2/pkg-plist b/security/ssh2/pkg-plist index e336f3b5a16d..4bb3ecf2d02f 100644 --- a/security/ssh2/pkg-plist +++ b/security/ssh2/pkg-plist @@ -1,27 +1,27 @@ -bin/ssh2 +bin/scp bin/scp2 +bin/sftp bin/sftp2 -bin/ssh-agent2 -%%WITH_X11:%%bin/ssh-askpass2 -bin/ssh-keygen2 -bin/ssh-add2 -bin/ssh-signer2 -bin/ssh-probe2 +bin/sftp-server bin/sftp-server2 -%%STATIC%%bin/sftp-server2.static -bin/ssh-dummy-shell -%%STATIC%%bin/ssh-dummy-shell.static bin/ssh -bin/ssh-agent bin/ssh-add +bin/ssh-add2 +bin/ssh-agent +bin/ssh-agent2 %%WITH_X11:%%bin/ssh-askpass +%%WITH_X11:%%bin/ssh-askpass2 +bin/ssh-dummy-shell bin/ssh-keygen -bin/scp -bin/sftp -bin/sftp-server -bin/ssh-signer +bin/ssh-keygen2 bin/ssh-probe -etc/rc.d/sshd.sh +bin/ssh-probe2 +bin/ssh-signer +bin/ssh-signer2 +bin/ssh2 +etc/rc.d/sshd2.sh.sample +@exec if [ "`grep ssh /etc/inetd.conf | grep -v ^#ssh`" = "" ] & [ ! -f %B/sshd2.sh ]; then cp %B/%f %B/sshd2.sh; fi +@unexec if [ -f %B/sshd2.sh ]; then echo "If permanently deleting this package, %B/sshd2.sh must be removed manually."; fi @unexec if cmp -s %D/etc/ssh2/sshd2_config %D/etc/ssh2/sshd2_config.example; then rm -f %D/etc/ssh2/sshd2_config; fi etc/ssh2/sshd2_config.example @exec [ -f %B/sshd2_config ] || cp %B/%f %B/sshd2_config @@ -35,20 +35,24 @@ etc/ssh2/subconfig/host_int.example etc/ssh2/subconfig/user.example @exec [ -d %D/etc/ssh2/hostkeys ] || mkdir %D/etc/ssh2/hostkeys @exec [ -d %D/etc/ssh2/knownhosts ] || mkdir %D/etc/ssh2/knownhosts -sbin/sshd2 -sbin/sshd-check-conf -sbin/sshd @exec if [ ! -f %D/etc/ssh2/hostkey ]; then umask 022; echo "Generating host key."; %D/bin/ssh-keygen2 -P -t dsa "DSA hostkey" %D/etc/ssh2/hostkey; fi +sbin/sshd +sbin/sshd-check-conf +sbin/sshd2 %%PORTDOCS%%%%DOCSDIR%%/CHANGES %%PORTDOCS%%%%DOCSDIR%%/FAQ -%%PORTDOCS%%%%DOCSDIR%%/INSTALL +%%PORTDOCS%%%%DOCSDIR%%/HOWTO.anonymous.sftp %%PORTDOCS%%%%DOCSDIR%%/LICENSE -%%PORTDOCS%%%%DOCSDIR%%/MANIFEST %%PORTDOCS%%%%DOCSDIR%%/NEWS %%PORTDOCS%%%%DOCSDIR%%/README %%PORTDOCS%%%%DOCSDIR%%/REGEX-SYNTAX %%PORTDOCS%%%%DOCSDIR%%/SSH2.QUICKSTART +%%PORTDOCS%%%%DOCSDIR%%/RFC.authorization_program_protocol +%%PORTDOCS%%%%DOCSDIR%%/RFC.kbdint_plugin_protocol %%PORTDOCS%%@dirrm %%DOCSDIR%% +%%EXAMPLESDIR%%/ext_authorization_example.sh +%%EXAMPLESDIR%%/kbdint_plugin_example.sh +@dirrm %%EXAMPLESDIR%% @unexec rmdir %D/etc/ssh2/hostkeys 2> /dev/null || true @unexec rmdir %D/etc/ssh2/knownhosts 2> /dev/null || true @unexec rmdir %D/etc/ssh2/subconfig 2> /dev/null || true |