--- /dev/null
+# Default settings for openssh-server. This file is sourced by /bin/sh from
+# /etc/init.d/ssh.
+
+# Options to pass to sshd
+SSHD_OPTS=
+
+# OOM-killer adjustment for sshd (see
+# linux/Documentation/filesystems/proc.txt; lower values reduce likelihood
+# of being killed, while -17 means the OOM-killer will ignore sshd; set to
+# the empty string to skip adjustment)
+SSHD_OOM_ADJUST=-17
--- /dev/null
+#! /bin/sh
+# Reload the OpenSSH server when an interface comes up, to allow it to start
+# listening on new addresses.
+
+set -e
+
+# Don't bother to restart sshd when lo is configured.
+if [ "$IFACE" = lo ]; then
+ exit 0
+fi
+
+# Only run from ifup.
+if [ "$MODE" != start ]; then
+ exit 0
+fi
+
+# OpenSSH only cares about inet and inet6. Get ye gone, strange people
+# still using ipx.
+if [ "$ADDRFAM" != inet ] && [ "$ADDRFAM" != inet6 ]; then
+ exit 0
+fi
+
+# Is /usr mounted?
+if [ ! -e /usr/sbin/sshd ]; then
+ exit 0
+fi
+
+if [ ! -f /var/run/sshd.pid ] || \
+ [ "$(ps -p "$(cat /var/run/sshd.pid)" -o comm=)" != sshd ]; then
+ exit 0
+fi
+
+# We'd like to use 'reload' here, but it has some problems; see #502444.
+if [ -x /usr/sbin/invoke-rc.d ]; then
+ invoke-rc.d ssh restart >/dev/null 2>&1 || true
+else
+ /etc/init.d/ssh restart >/dev/null 2>&1 || true
+fi
+
+exit 0
--- /dev/null
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides: sshd
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop:
+# Short-Description: OpenBSD Secure Shell server
+### END INIT INFO
+
+set -e
+
+# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon
+
+test -x /usr/sbin/sshd || exit 0
+
+umask 022
+
+export SSHD_OOM_ADJUST=-17
+if test -f /etc/default/ssh; then
+ . /etc/default/ssh
+fi
+
+# Are we in a virtual environment that doesn't support modifying
+# /proc/self/oom_adj?
+if grep -q 'envID:.*[1-9]' /proc/self/status; then
+ unset SSHD_OOM_ADJUST
+fi
+
+. /lib/lsb/init-functions
+
+if [ -n "$2" ]; then
+ SSHD_OPTS="$SSHD_OPTS $2"
+fi
+
+# Are we running from init?
+run_by_init() {
+ ([ "$previous" ] && [ "$runlevel" ]) || [ "$runlevel" = S ]
+}
+
+check_for_no_start() {
+ # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
+ if [ -e /etc/ssh/sshd_not_to_be_run ]; then
+ if [ "$1" = log_end_msg ]; then
+ log_end_msg 0
+ fi
+ if ! run_by_init; then
+ log_action_msg "OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)"
+ fi
+ exit 0
+ fi
+}
+
+check_dev_null() {
+ if [ ! -c /dev/null ]; then
+ if [ "$1" = log_end_msg ]; then
+ log_end_msg 1 || true
+ fi
+ if ! run_by_init; then
+ log_action_msg "/dev/null is not a character device!"
+ fi
+ exit 1
+ fi
+}
+
+check_privsep_dir() {
+ # Create the PrivSep empty dir if necessary
+ if [ ! -d /var/run/sshd ]; then
+ mkdir /var/run/sshd
+ chmod 0755 /var/run/sshd
+ fi
+}
+
+check_config() {
+ if [ ! -e /etc/ssh/sshd_not_to_be_run ]; then
+ /usr/sbin/sshd $SSHD_OPTS -t || exit 1
+ fi
+}
+
+export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
+
+case "$1" in
+ start)
+ check_privsep_dir
+ check_for_no_start
+ check_dev_null
+ log_daemon_msg "Starting OpenBSD Secure Shell server" "sshd"
+ if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
+ log_end_msg 0
+ else
+ log_end_msg 1
+ fi
+ ;;
+ stop)
+ log_daemon_msg "Stopping OpenBSD Secure Shell server" "sshd"
+ if start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid; then
+ log_end_msg 0
+ else
+ log_end_msg 1
+ fi
+ ;;
+
+ reload|force-reload)
+ check_for_no_start
+ check_config
+ log_daemon_msg "Reloading OpenBSD Secure Shell server's configuration" "sshd"
+ if start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd; then
+ log_end_msg 0
+ else
+ log_end_msg 1
+ fi
+ ;;
+
+ restart)
+ check_privsep_dir
+ check_config
+ log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd"
+ start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile /var/run/sshd.pid
+ check_for_no_start log_end_msg
+ check_dev_null log_end_msg
+ if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
+ log_end_msg 0
+ else
+ log_end_msg 1
+ fi
+ ;;
+
+ try-restart)
+ check_privsep_dir
+ check_config
+ log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd"
+ set +e
+ start-stop-daemon --stop --quiet --retry 30 --pidfile /var/run/sshd.pid
+ RET="$?"
+ set -e
+ case $RET in
+ 0)
+ # old daemon stopped
+ check_for_no_start log_end_msg
+ check_dev_null log_end_msg
+ if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
+ log_end_msg 0
+ else
+ log_end_msg 1
+ fi
+ ;;
+ 1)
+ # daemon not running
+ log_progress_msg "(not running)"
+ log_end_msg 0
+ ;;
+ *)
+ # failed to stop
+ log_progress_msg "(failed to stop)"
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+
+ status)
+ status_of_proc -p /var/run/sshd.pid /usr/sbin/sshd sshd && exit 0 || exit $?
+ ;;
+
+ *)
+ log_action_msg "Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart|try-restart|status}"
+ exit 1
+esac
+
+exit 0
--- /dev/null
+#sbs-git:slp/pkgs/o/openssh openssh 5.3p1 6697e2ccd917ab2ce8628f7b246b4bb90c93dd02
+Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
+Name: openssh
+Version: 5.3p1
+Release: 2
+URL: http://www.openssh.com/portable.html
+Source0: openssh-%{version}.tar.gz
+Source1: ssh-argv0
+Source2: ssh-argv0.1
+Source3: openssh-server.default
+Source4: openssh-server.if-up
+Source5: openssh-server.init
+Source6: sshd_config
+License: BSD
+Group: Applications/Internet
+BuildRequires: pkgconfig(zlib)
+BuildRequireS: pkgconfig(openssl)
+BuildRequireS: pkgconfig(libcrypto)
+
+
+%package client
+Summary: secure shell (SSH) client, for secure access to remote machines
+Group: Applications/Internet
+Requires: openssl >= 0.9.8
+Provides: rsh-client, ssh-client
+
+
+%package server
+Summary: secure shell (SSH) server, for secure access from remote machines
+Group: System/Daemons
+Requires: openssh-client = %{version}-%{release}
+Requires: lsb, procps
+Provides: ssh-server
+
+
+%description
+SSH (Secure SHell) is a program for logging into and executing
+commands on a remote machine. SSH is intended to replace rlogin and
+rsh, and to provide secure encrypted communications between two
+untrusted hosts over an insecure network. X11 connections and
+arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's version of the last free version of SSH, bringing
+it up to date in terms of security and features, as well as removing
+all patented algorithms to separate libraries.
+
+This package includes the core files necessary for both the OpenSSH
+client and server. To make this package useful, you should also
+install openssh-clients, openssh-server, or both.
+
+%description client
+OpenSSH is a free version of SSH (Secure SHell), a program for logging
+into and executing commands on a remote machine. This package includes
+the clients necessary to make encrypted connections to SSH servers.
+You'll also need to install the openssh package on OpenSSH clients.
+
+%description server
+OpenSSH is a free version of SSH (Secure SHell), a program for logging
+into and executing commands on a remote machine. This package contains
+the secure shell daemon (sshd). The sshd daemon allows SSH clients to
+securely connect to your SSH server. You also need to have the openssh
+package installed.
+
+
+%prep
+%setup -q
+
+%build
+
+mkdir -p build-tmp
+cd build-tmp
+
+../configure \
+ --prefix=/usr --sysconfdir=/etc/ssh \
+ --libexecdir=/usr/lib/openssh \
+ --mandir=/usr/share/man \
+ --disable-strip --with-mantype=doc --with-4in6 \
+ --with-privsep-path=/var/run/sshd --without-rand-helper \
+ --without-xauth \
+ --with-default-path=/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games \
+ --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11 \
+ --with-cflags='-O2 -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT ' \
+ --with-ldflags='-Wl,--as-needed'
+
+make -C . -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass'
+
+
+
+%install
+rm -rf %{buildroot}
+
+make -C build-tmp DESTDIR=%{buildroot} install-nokeys
+rm -f %{buildroot}/etc/ssh/sshd_config
+rm -f %{buildroot}/usr/share/Ssh.bin
+
+mkdir -p %{buildroot}/etc/init.d
+mkdir -p %{buildroot}/etc/default
+mkdir -p %{buildroot}/etc/network/if-up.d
+
+install -m 755 contrib/ssh-copy-id %{buildroot}/usr/bin/ssh-copy-id
+install -m 644 -c contrib/ssh-copy-id.1 %{buildroot}/usr/share/man/man1/ssh-copy-id.1
+install -m 755 %{_sourcedir}/ssh-argv0 %{buildroot}/usr/bin/ssh-argv0
+install -m 644 %{_sourcedir}/ssh-argv0.1 %{buildroot}/usr/share/man/man1/ssh-argv0.1
+install %{_sourcedir}/openssh-server.init %{buildroot}/etc/init.d/ssh
+install -m 644 %{_sourcedir}/openssh-server.default %{buildroot}/etc/default/ssh
+install %{_sourcedir}/openssh-server.if-up %{buildroot}/etc/network/if-up.d/openssh-server
+
+sed -i '/\$$OpenBSD:/d' \
+ %{buildroot}/etc/ssh/moduli \
+ %{buildroot}/etc/ssh/ssh_config
+
+mkdir -p %{buildroot}/etc/rc.d/init.d/
+ln -s ../../init.d/ssh %{buildroot}/etc/rc.d/init.d/opensshd
+
+install -m 600 %{_sourcedir}/sshd_config %{buildroot}/etc/ssh/sshd_config
+
+
+%remove_docs
+
+%pre server
+
+%post server
+create_key() {
+ msg="$1"
+ shift
+ hostkeys="$1"
+ shift
+ file="$1"
+ shift
+
+ if echo "$hostkeys" | grep "^$file\$" >/dev/null && \
+ [ ! -f "$file" ] ; then
+ echo -n $msg
+ ssh-keygen -q -f "$file" -N '' "$@"
+ echo
+ if which restorecon >/dev/null 2>&1; then
+ restorecon "$file.pub"
+ fi
+ fi
+}
+
+
+create_keys() {
+ hostkeys="$(host_keys_required)"
+
+ create_key "Creating SSH1 key; this may take some time ..." \
+ "$hostkeys" /etc/ssh/ssh_host_key -t rsa1
+
+ create_key "Creating SSH2 RSA key; this may take some time ..." \
+ "$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa
+ create_key "Creating SSH2 DSA key; this may take some time ..." \
+ "$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa
+}
+
+create_keys
+
+
+%postun server
+
+%preun server
+
+
+
+%files client
+/etc/ssh/moduli
+/etc/ssh/ssh_config
+%{_bindir}/scp
+%{_bindir}/sftp
+%{_bindir}/slogin
+%{_bindir}/ssh
+%{_bindir}/ssh-*
+%{_libdir}/openssh/ssh-keysign
+
+
+%files server
+/etc/default/ssh
+/etc/init.d/ssh
+/etc/network/if-up.d/openssh-server
+/etc/rc.d/init.d/opensshd
+/etc/ssh/sshd_config
+%{_libdir}/openssh/sftp-server
+%{_prefix}/sbin/sshd
+
--- /dev/null
+#! /bin/sh -e
+
+# Copyright (c) 2001 Jonathan Amery.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+if [ "${0##*/}" = "ssh-argv0" ]
+then
+ echo 'ssh-argv0: This script should not be run like this, see ssh-argv0(1) for details' 1>&2
+ exit 1
+fi
+exec ssh "${0##*/}" "$@"
--- /dev/null
+.Dd September 7, 2001
+.Dt SSH-ARGV0 1
+.Os Debian Project
+.Sh NAME
+.Nm ssh-argv0
+.Nd replaces the old ssh command-name as hostname handling
+.Sh SYNOPSIS
+.Ar hostname | user@hostname
+.Op Fl l Ar login_name
+.Op Ar command
+.Pp
+.Ar hostname | user@hostname
+.Op Fl afgknqstvxACNTX1246
+.Op Fl b Ar bind_address
+.Op Fl c Ar cipher_spec
+.Op Fl e Ar escape_char
+.Op Fl i Ar identity_file
+.Op Fl l Ar login_name
+.Op Fl m Ar mac_spec
+.Op Fl o Ar option
+.Op Fl p Ar port
+.Op Fl F Ar configfile
+.Oo Fl L Xo
+.Sm off
+.Ar port :
+.Ar host :
+.Ar hostport
+.Sm on
+.Xc
+.Oc
+.Oo Fl R Xo
+.Sm off
+.Ar port :
+.Ar host :
+.Ar hostport
+.Sm on
+.Xc
+.Oc
+.Op Fl D Ar port
+.Op Ar command
+.Sh DESCRIPTION
+.Nm
+replaces the old ssh command-name as hostname handling.
+If you link to this script with a hostname then executing the link is
+equivalent to having executed ssh with that hostname as an argument.
+All other arguments are passed to ssh and will be processed normally.
+.Sh OPTIONS
+See
+.Xr ssh 1 .
+.Sh FILES
+See
+.Xr ssh 1 .
+.Sh AUTHORS
+OpenSSH is a derivative of the original and free
+ssh 1.2.12 release by Tatu Ylonen.
+Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
+Theo de Raadt and Dug Song
+removed many bugs, re-added newer features and
+created OpenSSH.
+Markus Friedl contributed the support for SSH
+protocol versions 1.5 and 2.0.
+Jonathan Amery wrote this ssh-argv0 script and the associated documentation.
+.Sh SEE ALSO
+.Xr ssh 1
--- /dev/null
+# Package generated configuration file
+# See the sshd_config(5) manpage for details
+
+# What ports, IPs and protocols we listen for
+Port 22
+# Use these options to restrict which interfaces/protocols sshd will bind to
+#ListenAddress ::
+#ListenAddress 0.0.0.0
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+#Privilege Separation is turned on for security
+UsePrivilegeSeparation yes
+
+# Lifetime and size of ephemeral version 1 server key
+KeyRegenerationInterval 3600
+ServerKeyBits 768
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin yes
+StrictModes yes
+
+RSAAuthentication yes
+PubkeyAuthentication yes
+#AuthorizedKeysFile %h/.ssh/authorized_keys
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords yes
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Change to no to disable tunnelled clear text passwords
+#PasswordAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+X11Forwarding yes
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog yes
+TCPKeepAlive yes
+#UseLogin no
+
+#MaxStartups 10:30:60
+#Banner /etc/issue.net
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication. Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#
+# PAM disabled for SLP
+# UsePAM yes