diff options
| author | mnag <mnag@FreeBSD.org> | 2006-02-08 04:07:54 +0800 |
|---|---|---|
| committer | mnag <mnag@FreeBSD.org> | 2006-02-08 04:07:54 +0800 |
| commit | 97d03d24ffa47a83886bf390a2eb695cb3ffec14 (patch) | |
| tree | e130c48ad77bd36fdff22a59dab6f7f865961c4e | |
| parent | 7d34d2823dc6789ac932c66b9ab495acb603d582 (diff) | |
| download | freebsd-ports-graphics-97d03d24ffa47a83886bf390a2eb695cb3ffec14.tar.gz freebsd-ports-graphics-97d03d24ffa47a83886bf390a2eb695cb3ffec14.tar.zst freebsd-ports-graphics-97d03d24ffa47a83886bf390a2eb695cb3ffec14.zip | |
- Update to 4.3p1
- Use DISTVERSION
- Add most configuration in OPTIONS
- Enable support to libedit in sftp [1]
- Add OPTIONS to HPN patches [2]
- Add new rc.d script [3]
- New rc.d script are responsible to check configuration and create host keys
- Using USE_RC_SUBR
- Modify pkg-message to reflect new rc.d script
- Fix pkg-plist
Reviewd by: dougb [3]
Submitted by: vs [1], brooks [2]
Tested by: me, John E Hein
| -rw-r--r-- | security/openssh-portable/Makefile | 106 | ||||
| -rw-r--r-- | security/openssh-portable/distinfo | 12 | ||||
| -rw-r--r-- | security/openssh-portable/files/gss-serv.c.patch | 19 | ||||
| -rw-r--r-- | security/openssh-portable/files/openssh.in | 85 | ||||
| -rw-r--r-- | security/openssh-portable/files/patch-Makefile.in (renamed from security/openssh-portable/files/batch.patch) | 2 | ||||
| -rw-r--r-- | security/openssh-portable/files/sshd.sh | 24 | ||||
| -rw-r--r-- | security/openssh-portable/pkg-message | 12 | ||||
| -rw-r--r-- | security/openssh-portable/pkg-plist | 22 |
8 files changed, 194 insertions, 88 deletions
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index 8027865201e..940566e6ba1 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -6,7 +6,7 @@ # PORTNAME= openssh -PORTVERSION= 4.2.0.0 +DISTVERSION= 4.3p1 PORTEPOCH= 1 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%SUBDIR%/ \ @@ -19,19 +19,17 @@ DISTNAME= # empty MAINTAINER= mnag@FreeBSD.org COMMENT= The portable version of OpenBSD's OpenSSH -OPENSSHVERSION= 4.2p1 - .if defined(OPENSSH_SNAPSHOT) PORTREVISION!= date -v-1d +%Y%m%d NO_CHECKSUM= yes MASTER_SITE_SUBDIR+= snapshot DISTNAME+= ${PORTNAME}-SNAP-${PORTREVISION} -WRKSRC= ${WRKDIR}/${PORTNAME} .else -DISTNAME+= ${PORTNAME}-${OPENSSHVERSION} -WRKSRC= ${WRKDIR}/${PORTNAME}-${OPENSSHVERSION} +DISTNAME+= ${PORTNAME}-${DISTVERSION} .endif +WRKSRC= ${WRKDIR}/${PORTNAME}-${DISTVERSION} + MAN1= sftp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 scp.1 ssh.1 MLINKS= ssh.1 slogin.1 MAN5= ssh_config.5 sshd_config.5 @@ -54,24 +52,48 @@ PORTABLE_SUFFIX= -portable SUDO?= # empty MAKE_ENV+= SUDO="${SUDO}" -OPTIONS= SUID_SSH "Enable suid SSH (Recommended off)" off \ +OPTIONS= PAM "Enable pam(3) support" on \ + TCP_WRAPPERS "Enable tcp_wrappers support" on \ + LIBEDIT "Enable readline support to sftp(1)" on \ + KERBEROS "Enable kerberos (autodetection)" on \ + SUID_SSH "Enable suid SSH (Recommended off)" off \ GSSAPI "Enable GSSAPI support" off \ - OPENSSH_CHROOT "Enable CHROOT support" off + OPENSSH_CHROOT "Enable CHROOT support" off \ + HPN "Enable HPN-11 SSH/SCP patch" off \ + HPN_NONECIPHER "Enable HPN-11 with None Cipher patch" off \ + OVERWRITE_BASE "OpenSSH overwrite base" off .include <bsd.port.pre.mk> -.if exists(/usr/include/security/pam_modules.h) +# Preserve deprecated OPENSSH_OVERWRITE_BASE settings +.if defined(OPENSSH_OVERWRITE_BASE) +WITH_OVERWRITE_BASE= yes +.endif + +.if !defined(WITHOUT_PAM) && exists(/usr/include/security/pam_modules.h) CONFIGURE_ARGS+= --with-pam .endif -.if exists(/usr/include/tcpd.h) +.if !defined(WITHOUT_TCP_WRAPPERS) && exists(/usr/include/tcpd.h) CONFIGURE_ARGS+= --with-tcp-wrappers .endif +.if !defined(WITHOUT_LIBEDIT) +.if ${OSVERSION} > 500000 +CONFIGURE_ARGS+= --with-libedit +.else +.if !defined(WITH_OVERWRITE_BASE) +LIB_DEPENDS+= edit.6:${PORTSDIR}/devel/libedit +CONFIGURE_ARGS+= --with-libedit=${LOCALBASE} +.endif +.endif +.endif + .if !defined(WITH_SUID_SSH) CONFIGURE_ARGS+= --disable-suid-ssh .endif +.if !defined(WITHOUT_KERBEROS) .if defined(KRB5_HOME) && exists(${KRB5_HOME}) || defined(WITH_GSSAPI) PORTABLE_SUFFIX= # empty GSSAPI_SUFFIX= -gssapi @@ -84,34 +106,51 @@ LDFLAGS= # empty .else CONFLICTS+= openssh-gssapi-*-[0-9]* CONFIGURE_ARGS+= --with-rpath=${OPENSSLRPATH} -.if !defined(WITHOUT_KERBEROS) && exists(/usr/include/krb5.h) +.if exists(/usr/include/krb5.h) CONFIGURE_ARGS+= --with-kerberos5 EXTRA_PATCHES+= ${FILESDIR}/gss-serv.c.patch .endif .endif +.endif .if ${OPENSSLBASE} != "/usr" CONFIGURE_ARGS+= --with-ssl-dir=${OPENSSLBASE} .endif -.if defined(BATCH) -EXTRA_PATCHES+= ${FILESDIR}/batch.patch -.endif - .if defined(WITH_OPENSSH_CHROOT) CFLAGS+= -DCHROOT .endif -.if defined(OPENSSH_OVERWRITE_BASE) +.if defined(WITH_HPN) +.if defined(WITH_HPN_NONECIPHER) +IGNORE= please, select only one HPN patch. Rerun 'make config' +.endif +PATCH_DIST_STRIP= -p1 +PATCH_SITES+= http://www.psc.edu/networking/projects/hpn-ssh/ +PATCHFILES+= openssh-${DISTVERSION}-hpn11.diff +.endif + +.if defined(WITH_HPN_NONECIPHER) +.if defined(WITH_HPN) +IGNORE= please, select only one HPN patch. Rerun 'make config' +.endif +PATCH_DIST_STRIP= -p1 +PATCH_SITES+= http://www.psc.edu/networking/projects/hpn-ssh/ +PATCHFILES+= openssh-${DISTVERSION}-hpn11-none.diff +.endif + +.if defined(WITH_OVERWRITE_BASE) WITH_OPENSSL_BASE= yes BASE_SUFFIX= -overwrite-base CONFIGURE_ARGS+= --mandir=${PREFIX}/share/man --localstatedir=/var EMPTYDIR= /var/empty PREFIX= /usr ETCSSH= /etc/ssh +USE_RC_SUBR= yes +SUB_FILES+= openssh +SUB_LIST+= ETCSSH="${ETCSSH}" PLIST_SUB+= NOTBASE="@comment " PLIST_SUB+= BASE="" -PKGMESSAGE= pkg-message.empty .else .if exists(/var/empty) EMPTYDIR= /var/empty @@ -119,6 +158,8 @@ EMPTYDIR= /var/empty EMPTYDIR= ${PREFIX}/empty .endif ETCSSH= ${PREFIX}/etc/ssh +USE_RC_SUBR= openssh +SUB_LIST+= ETCSSH="${ETCSSH}" PLIST_SUB+= NOTBASE="" PLIST_SUB+= BASE="@comment " .endif @@ -127,15 +168,17 @@ PLIST_SUB+= BASE="@comment " PLIST_SUB+= EMPTYDIR="${EMPTYDIR}" CONFIGURE_ARGS+= --sysconfdir=${ETCSSH} --with-privsep-path=${EMPTYDIR} +post-extract: +.if defined(OPENSSH_SNAPSHOT) + @# rc.d script have same name of openssh snapshot dir + @${MV} ${WRKDIR}/${PORTNAME} ${WRKDIR}/${PORTNAME}-${DISTVERSION} +.endif + post-patch: @${REINPLACE_CMD} -e 's|-ldes|-lcrypto|g' ${WRKSRC}/configure -post-configure: - ${SED} -e 's:__PREFIX__:${PREFIX}:g' \ - ${FILESDIR}/sshd.sh > ${WRKSRC}/sshd.sh - pre-install: -.if defined(OPENSSH_OVERWRITE_BASE) +.if defined(WITH_OVERWRITE_BASE) @${MKDIR} ${EMPTYDIR} .else @${MKDIR} ${PREFIX}/empty @@ -154,14 +197,23 @@ pre-install: .endfor post-install: -.if !defined(OPENSSH_OVERWRITE_BASE) - ${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh.sample -.endif +.if !defined(WITH_OVERWRITE_BASE) ${INSTALL_DATA} -c ${WRKSRC}/ssh_config.out ${ETCSSH}/ssh_config-dist ${INSTALL_DATA} -c ${WRKSRC}/sshd_config.out ${ETCSSH}/sshd_config-dist -.if !defined(OPENSSH_OVERWRITE_BASE) - @${CAT} ${PKGMESSAGE} .endif +.if defined(WITH_OVERWRITE_BASE) + @${ECHO_CMD} "===> Installing rc.d startup script(s)" + @${ECHO_CMD} "@cwd ${LOCALBASE}" >> ${TMPPLIST} +.if ${OSVERSION} >= 700007 + @${INSTALL_SCRIPT} ${WRKDIR}/openssh ${LOCALBASE}/etc/rc.d/openssh + @${ECHO_CMD} "etc/rc.d/openssh" >> ${TMPPLIST} +.else + @${INSTALL_SCRIPT} ${WRKDIR}/openssh ${LOCALBASE}/etc/rc.d/openssh.sh + @${ECHO_CMD} "etc/rc.d/openssh.sh" >> ${TMPPLIST} +.endif + @${ECHO_CMD} "@cwd ${PREFIX}" >> ${TMPPLIST} +.endif + @${CAT} ${PKGMESSAGE} test: build (cd ${WRKSRC}/regress && ${SETENV} ${MAKE_ENV} TEST_SHELL=/bin/sh \ diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo index e356743dbd8..4ac3dc77711 100644 --- a/security/openssh-portable/distinfo +++ b/security/openssh-portable/distinfo @@ -1,3 +1,9 @@ -MD5 (openssh-4.2p1.tar.gz) = df899194a340c933944b193477c628fa -SHA256 (openssh-4.2p1.tar.gz) = 2a61e84b36958c0af19e4f6f9f3e27f8ed432a5188d654e26602402fd4047f6d -SIZE (openssh-4.2p1.tar.gz) = 914165 +MD5 (openssh-4.3p1.tar.gz) = eaeb880b1b6c63b9a4d7c5b1e74727c4 +SHA256 (openssh-4.3p1.tar.gz) = 7a4e356742190901e458b7526f91dfa24c66babbcd24d55cf7eac282266f5254 +SIZE (openssh-4.3p1.tar.gz) = 940777 +MD5 (openssh-4.3p1-hpn11.diff) = 7dd2a6716b81da33af4ca960185fdd1b +SHA256 (openssh-4.3p1-hpn11.diff) = 0a0b0e07bd845fdbf2112769c426a3b47b795076c8459f6dbc3e7c9060abb740 +SIZE (openssh-4.3p1-hpn11.diff) = 11024 +MD5 (openssh-4.3p1-hpn11-none.diff) = bf4f192a36bbee39ea23423ab06b0fb6 +SHA256 (openssh-4.3p1-hpn11-none.diff) = ed9abd22a463e4aedaaac4fc04747741bbf8cddf32fa07e9d91433221cdf9dc3 +SIZE (openssh-4.3p1-hpn11-none.diff) = 16617 diff --git a/security/openssh-portable/files/gss-serv.c.patch b/security/openssh-portable/files/gss-serv.c.patch index 434f71e6d05..1beb4a3008a 100644 --- a/security/openssh-portable/files/gss-serv.c.patch +++ b/security/openssh-portable/files/gss-serv.c.patch @@ -1,18 +1,19 @@ ---- gss-serv.c.DIST Tue Sep 2 14:56:42 2003 -+++ gss-serv.c Mon Oct 6 17:56:23 2003 -@@ -138,6 +138,15 @@ +--- gss-serv.c.orig Sat Nov 5 02:07:05 2005 ++++ gss-serv.c Thu Feb 2 22:45:37 2006 +@@ -134,6 +134,16 @@ OM_uint32 offset; OM_uint32 oidl; +#if defined(HEIMDAL) + if (strcmp(heimdal_version, "Heimdal 0.6") < 0) { -+ name->length = ename->length; -+ name->value = xmalloc(name->length+1); -+ memcpy(name->value,ename->value,name->length); -+ ((char *)name->value)[name->length] = 0; -+ return GSS_S_COMPLETE; ++ name->length = ename->length; ++ name->value = xmalloc(name->length+1); ++ memcpy(name->value,ename->value,name->length); ++ ((char *)name->value)[name->length] = 0; ++ return GSS_S_COMPLETE; + } +#endif - tok=ename->value; ++ + tok = ename->value; /* diff --git a/security/openssh-portable/files/openssh.in b/security/openssh-portable/files/openssh.in new file mode 100644 index 00000000000..88eb3282e45 --- /dev/null +++ b/security/openssh-portable/files/openssh.in @@ -0,0 +1,85 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# PROVIDE: openssh +# REQUIRE: DAEMON +# +# Add the following lines to /etc/rc.conf to enable openssh: +# +# openssh_enable (bool): Set it to "YES" to enable openssh. +# Default is "NO". +# openssh_flags (flags): Set extra flags to openssh. +# Default is "". see sshd(1). +# openssh_pidfile (path): Set full path to pid file. +# Default is "/var/run/sshd.pid". +# + +. %%RC_SUBR%% + +name="openssh" +rcvar=${name}_enable + +command=%%PREFIX%%/sbin/sshd +extra_commands="reload" + +pidfile=${openssh_pidfile} + +start_precmd="${name}_checks" +restart_precmd="${name}_checks" + +openssh_checks() +{ + if checkyesno sshd_enable ; then + err 1 "sshd_enable is set. Please set sshd_enable to NO in your rc.conf" + fi + + if [ ! -f %%ETCSSH%%/ssh_host_key -o \ + ! -f %%ETCSSH%%/ssh_host_dsa_key -o \ + ! -f %%ETCSSH%%/ssh_host_rsa_key ]; then + + umask 022 + + # Can't do anything if ssh is not installed + [ -x %%PREFIX%%/bin/ssh-keygen ] || { + err 1 "%%PREFIX%%/bin/ssh-keygen does not exist." + } + + if [ -f %%ETCSSH%%/ssh_host_key ]; then + echo "You already have an RSA host key" \ + "in %%ETCSSH%%/ssh_host_key" + echo "Skipping protocol version 1 RSA Key Generation" + else + %%PREFIX%%/bin/ssh-keygen -t rsa1 -b 1024 \ + -f %%ETCSSH%%/ssh_host_key -N '' + fi + + if [ -f %%ETCSSH%%/ssh_host_dsa_key ]; then + echo "You already have a DSA host key" \ + "in %%ETCSSH%%/ssh_host_dsa_key" + echo "Skipping protocol version 2 DSA Key Generation" + else + %%PREFIX%%/bin/ssh-keygen -t dsa \ + -f %%ETCSSH%%/ssh_host_dsa_key -N '' + fi + + if [ -f %%ETCSSH%%/ssh_host_rsa_key ]; then + echo "You already have a RSA host key" \ + "in %%ETCSSH%%/ssh_host_rsa_key" + echo "Skipping protocol version 2 RSA Key Generation" + else + %%PREFIX%%/bin/ssh-keygen -t rsa \ + -f %%ETCSSH%%/ssh_host_rsa_key -N '' + fi + + fi + + eval "${command} -t" +} + +load_rc_config $name + +: ${openssh_enable="NO"} +: ${openssh_pidfile="/var/run/sshd.pid"} + +run_rc_command "$1" diff --git a/security/openssh-portable/files/batch.patch b/security/openssh-portable/files/patch-Makefile.in index a2fa6dcc9da..f3b3c1caad2 100644 --- a/security/openssh-portable/files/batch.patch +++ b/security/openssh-portable/files/patch-Makefile.in @@ -5,7 +5,7 @@ (cd scard && $(MAKE) -f Makefile.in distprep) -install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config -+install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf check-config ++install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf install-nosysconf: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files diff --git a/security/openssh-portable/files/sshd.sh b/security/openssh-portable/files/sshd.sh deleted file mode 100644 index a08d61e67a6..00000000000 --- a/security/openssh-portable/files/sshd.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -case "$1" in -start) - __PREFIX__/sbin/sshd - echo -n ' sshd' - ;; -stop) - if [ -f /var/run/sshd.pid ]; then - kill -TERM `cat /var/run/sshd.pid` - rm -f /var/run/sshd.pid - echo -n ' sshd' - fi - ;; -restart) - if [ -f /var/run/sshd.pid ]; then - kill -HUP `cat /var/run/sshd.pid` - echo 'sshd restarted' - fi - ;; -*) - echo "Usage: ${0##*/}: { start | stop | restart }" >&2 - exit 64 - ;; -esac diff --git a/security/openssh-portable/pkg-message b/security/openssh-portable/pkg-message index b0908ddd448..07a8d4e8287 100644 --- a/security/openssh-portable/pkg-message +++ b/security/openssh-portable/pkg-message @@ -1,12 +1,8 @@ -To enable this port, please add sshd_program=/usr/local/sbin/sshd and make -sure sshd_enable is set to YES in your /etc/rc.conf +To enable this port, add openssh_enable="YES" in your rc.conf. To +prevent conflict with openssh in the base system add sshd_enable="NO" +in your rc.conf. -You may also want to put NO_OPENSSH= true in your /etc/make.conf -and make sure your path is setup to /usr/local/bin before /usr/bin so that -you are running the port version of openssh and not the version that comes -with FreeBSD - -'PermitRootLogin no' is the new default for the OpenSSH port. +'PermitRootLogin no' is the default for the OpenSSH port. This now matches the PermitRootLogin configuration of OpenSSH in the base system. Please be aware of this when upgrading your OpenSSH port, and if truly necessary, re-enable remote root login diff --git a/security/openssh-portable/pkg-plist b/security/openssh-portable/pkg-plist index a20e02c1426..a3b89974bf1 100644 --- a/security/openssh-portable/pkg-plist +++ b/security/openssh-portable/pkg-plist @@ -7,32 +7,22 @@ bin/ssh-add bin/ssh-agent bin/ssh-keygen bin/ssh-keyscan -%%NOTBASE%%etc/rc.d/sshd.sh.sample %%NOTBASE%%etc/ssh/moduli -%%NOTBASE%%@exec [ -f %D/etc/ssh_config ] && [ ! -f %D/etc/ssh/ssh_config ] && ln %D/etc/ssh_config %D/etc/ssh/ssh_config -%%NOTBASE%%@exec [ -f %D/etc/sshd_config ] && [ ! -f %D/etc/ssh/sshd_config ] && ln %D/etc/sshd_config %D/etc/ssh/sshd_config -%%NOTBASE%%@exec [ -f %D/etc/ssh_host_key ] && [ ! -f %D/etc/ssh/ssh_host_key ] && ln %D/etc/ssh_host_key %D/etc/ssh/ssh_host_key -%%NOTBASE%%@exec [ -f %D/etc/ssh_host_key.pub ] && [ ! -f %D/etc/ssh/ssh_host_key.pub ] && ln %D/etc/ssh_host_key.pub %D/etc/ssh/ssh_host_key.pub -%%NOTBASE%%@exec [ -f %D/etc/ssh_host_rsa_key ] && [ ! -f %D/etc/ssh/ssh_host_rsa_key ] && ln %D/etc/ssh_host_rsa_key %D/etc/ssh/ssh_host_rsa_key -%%NOTBASE%%@exec [ -f %D/etc/ssh_host_rsa_key.pub ] && [ ! -f %D/etc/ssh/ssh_host_rsa_key.pub ] && ln %D/etc/ssh_host_rsa_key.pub %D/etc/ssh/ssh_host_rsa_key.pub -%%NOTBASE%%@exec [ -f %D/etc/ssh_host_dsa_key ] && [ ! -f %D/etc/ssh/ssh_host_dsa_key ] && ln %D/etc/ssh_host_dsa_key %D/etc/ssh/ssh_host_dsa_key -%%NOTBASE%%@exec [ -f %D/etc/ssh_host_dsa_key.pub ] && [ ! -f %D/etc/ssh/ssh_host_dsa_key.pub ] && ln %D/etc/ssh_host_dsa_key.pub %D/etc/ssh/ssh_host_dsa_key.pub +%%NOTBASE%%@exec if [ -f %D/etc/ssh_config -a ! -f %D/etc/ssh/ssh_config ]; then ln %D/etc/ssh_config %D/etc/ssh/ssh_config ; fi +%%NOTBASE%%@exec if [ -f %D/etc/sshd_config -a ! -f %D/etc/ssh/sshd_config ]; then ln %D/etc/sshd_config %D/etc/ssh/sshd_config ; fi %%NOTBASE%%@unexec if cmp -s %D/etc/ssh/ssh_config %D/etc/ssh/ssh_config-dist; then rm -f %D/etc/ssh/ssh_config; fi %%NOTBASE%%@unexec if cmp -s %D/etc/ssh/sshd_config %D/etc/ssh/sshd_config-dist; then rm -f %D/etc/ssh/sshd_config; fi %%NOTBASE%%etc/ssh/ssh_config-dist %%NOTBASE%%etc/ssh/sshd_config-dist -%%NOTBASE%%@exec [ ! -f %D/etc/ssh/ssh_config ] && cp %D/etc/ssh/ssh_config-dist %D/etc/ssh/ssh_config -%%NOTBASE%%@exec [ ! -f %D/etc/ssh/sshd_config ] && cp %D/etc/ssh/sshd_config-dist %D/etc/ssh/sshd_config -%%NOTBASE%%@dirrm etc/ssh +%%NOTBASE%%@exec if [ ! -f %D/etc/ssh/ssh_config ]; then cp -p %D/etc/ssh/ssh_config-dist %D/etc/ssh/ssh_config ; fi +%%NOTBASE%%@exec if [ ! -f %D/etc/ssh/sshd_config ]; then cp -p %D/etc/ssh/sshd_config-dist %D/etc/ssh/sshd_config ; fi +%%NOTBASE%%@dirrmtry etc/ssh sbin/sshd share/Ssh.bin libexec/sftp-server libexec/ssh-keysign -%%NOTBASE%%@exec if [ ! -f %D/etc/ssh/ssh_host_key ]; then echo ">> Generating a secret RSA1 host key."; %D/bin/ssh-keygen -t rsa1 -N "" -f %D/etc/ssh/ssh_host_key; fi -%%NOTBASE%%@exec if [ ! -f %D/etc/ssh/ssh_host_rsa_key ]; then echo ">> Generating a secret RSA host key."; %D/bin/ssh-keygen -t rsa -N "" -f %D/etc/ssh/ssh_host_rsa_key; fi -%%NOTBASE%%@exec if [ ! -f %D/etc/ssh/ssh_host_dsa_key ]; then echo ">> Generating a secret DSA host key."; %D/bin/ssh-keygen -t dsa -N "" -f %D/etc/ssh/ssh_host_dsa_key; fi %%NOTBASE%%@exec mkdir -p %D/empty %%NOTBASE%%@dirrm empty -%%BASE%%@exec mkdir -p %%EMPTYDIR%% +%%BASE%%@exec if [ ! -d %%EMPTYDIR%% ]; then mkdir -p %%EMPTYDIR%% ; fi @exec if ! pw groupshow sshd 2>/dev/null; then pw groupadd sshd -g 22; fi @exec if ! pw usershow sshd 2>/dev/null; then pw useradd sshd -g sshd -u 22 -h - -d %%EMPTYDIR%% -s /nonexistent -c "sshd privilege separation"; fi |