From 9d488d7c09fda46a9df359ee0285b2db1924b0bd Mon Sep 17 00:00:00 2001 From: Kim Kibum Date: Sun, 29 Apr 2012 17:01:44 +0900 Subject: [PATCH] upload tizen1.0 source --- packaging/openssh-server.default | 11 +++ packaging/openssh-server.if-up | 40 +++++++++ packaging/openssh-server.init | 170 ++++++++++++++++++++++++++++++++++++ packaging/openssh.spec | 183 +++++++++++++++++++++++++++++++++++++++ packaging/ssh-argv0 | 30 +++++++ packaging/ssh-argv0.1 | 64 ++++++++++++++ packaging/sshd_config | 88 +++++++++++++++++++ 7 files changed, 586 insertions(+) create mode 100644 packaging/openssh-server.default create mode 100644 packaging/openssh-server.if-up create mode 100644 packaging/openssh-server.init create mode 100644 packaging/openssh.spec create mode 100644 packaging/ssh-argv0 create mode 100644 packaging/ssh-argv0.1 create mode 100644 packaging/sshd_config diff --git a/packaging/openssh-server.default b/packaging/openssh-server.default new file mode 100644 index 0000000..9680d34 --- /dev/null +++ b/packaging/openssh-server.default @@ -0,0 +1,11 @@ +# Default settings for openssh-server. This file is sourced by /bin/sh from +# /etc/init.d/ssh. + +# Options to pass to sshd +SSHD_OPTS= + +# OOM-killer adjustment for sshd (see +# linux/Documentation/filesystems/proc.txt; lower values reduce likelihood +# of being killed, while -17 means the OOM-killer will ignore sshd; set to +# the empty string to skip adjustment) +SSHD_OOM_ADJUST=-17 diff --git a/packaging/openssh-server.if-up b/packaging/openssh-server.if-up new file mode 100644 index 0000000..ce5d4dd --- /dev/null +++ b/packaging/openssh-server.if-up @@ -0,0 +1,40 @@ +#! /bin/sh +# Reload the OpenSSH server when an interface comes up, to allow it to start +# listening on new addresses. + +set -e + +# Don't bother to restart sshd when lo is configured. +if [ "$IFACE" = lo ]; then + exit 0 +fi + +# Only run from ifup. +if [ "$MODE" != start ]; then + exit 0 +fi + +# OpenSSH only cares about inet and inet6. Get ye gone, strange people +# still using ipx. +if [ "$ADDRFAM" != inet ] && [ "$ADDRFAM" != inet6 ]; then + exit 0 +fi + +# Is /usr mounted? +if [ ! -e /usr/sbin/sshd ]; then + exit 0 +fi + +if [ ! -f /var/run/sshd.pid ] || \ + [ "$(ps -p "$(cat /var/run/sshd.pid)" -o comm=)" != sshd ]; then + exit 0 +fi + +# We'd like to use 'reload' here, but it has some problems; see #502444. +if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d ssh restart >/dev/null 2>&1 || true +else + /etc/init.d/ssh restart >/dev/null 2>&1 || true +fi + +exit 0 diff --git a/packaging/openssh-server.init b/packaging/openssh-server.init new file mode 100644 index 0000000..3e8c744 --- /dev/null +++ b/packaging/openssh-server.init @@ -0,0 +1,170 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Provides: sshd +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: +# Short-Description: OpenBSD Secure Shell server +### END INIT INFO + +set -e + +# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon + +test -x /usr/sbin/sshd || exit 0 + +umask 022 + +export SSHD_OOM_ADJUST=-17 +if test -f /etc/default/ssh; then + . /etc/default/ssh +fi + +# Are we in a virtual environment that doesn't support modifying +# /proc/self/oom_adj? +if grep -q 'envID:.*[1-9]' /proc/self/status; then + unset SSHD_OOM_ADJUST +fi + +. /lib/lsb/init-functions + +if [ -n "$2" ]; then + SSHD_OPTS="$SSHD_OPTS $2" +fi + +# Are we running from init? +run_by_init() { + ([ "$previous" ] && [ "$runlevel" ]) || [ "$runlevel" = S ] +} + +check_for_no_start() { + # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists + if [ -e /etc/ssh/sshd_not_to_be_run ]; then + if [ "$1" = log_end_msg ]; then + log_end_msg 0 + fi + if ! run_by_init; then + log_action_msg "OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)" + fi + exit 0 + fi +} + +check_dev_null() { + if [ ! -c /dev/null ]; then + if [ "$1" = log_end_msg ]; then + log_end_msg 1 || true + fi + if ! run_by_init; then + log_action_msg "/dev/null is not a character device!" + fi + exit 1 + fi +} + +check_privsep_dir() { + # Create the PrivSep empty dir if necessary + if [ ! -d /var/run/sshd ]; then + mkdir /var/run/sshd + chmod 0755 /var/run/sshd + fi +} + +check_config() { + if [ ! -e /etc/ssh/sshd_not_to_be_run ]; then + /usr/sbin/sshd $SSHD_OPTS -t || exit 1 + fi +} + +export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" + +case "$1" in + start) + check_privsep_dir + check_for_no_start + check_dev_null + log_daemon_msg "Starting OpenBSD Secure Shell server" "sshd" + if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + stop) + log_daemon_msg "Stopping OpenBSD Secure Shell server" "sshd" + if start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid; then + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + + reload|force-reload) + check_for_no_start + check_config + log_daemon_msg "Reloading OpenBSD Secure Shell server's configuration" "sshd" + if start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd; then + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + + restart) + check_privsep_dir + check_config + log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" + start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile /var/run/sshd.pid + check_for_no_start log_end_msg + check_dev_null log_end_msg + if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + + try-restart) + check_privsep_dir + check_config + log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" + set +e + start-stop-daemon --stop --quiet --retry 30 --pidfile /var/run/sshd.pid + RET="$?" + set -e + case $RET in + 0) + # old daemon stopped + check_for_no_start log_end_msg + check_dev_null log_end_msg + if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + 1) + # daemon not running + log_progress_msg "(not running)" + log_end_msg 0 + ;; + *) + # failed to stop + log_progress_msg "(failed to stop)" + log_end_msg 1 + ;; + esac + ;; + + status) + status_of_proc -p /var/run/sshd.pid /usr/sbin/sshd sshd && exit 0 || exit $? + ;; + + *) + log_action_msg "Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart|try-restart|status}" + exit 1 +esac + +exit 0 diff --git a/packaging/openssh.spec b/packaging/openssh.spec new file mode 100644 index 0000000..d8a2b62 --- /dev/null +++ b/packaging/openssh.spec @@ -0,0 +1,183 @@ +#sbs-git:slp/pkgs/o/openssh openssh 5.3p1 6697e2ccd917ab2ce8628f7b246b4bb90c93dd02 +Summary: The OpenSSH implementation of SSH protocol versions 1 and 2 +Name: openssh +Version: 5.3p1 +Release: 2 +URL: http://www.openssh.com/portable.html +Source0: openssh-%{version}.tar.gz +Source1: ssh-argv0 +Source2: ssh-argv0.1 +Source3: openssh-server.default +Source4: openssh-server.if-up +Source5: openssh-server.init +Source6: sshd_config +License: BSD +Group: Applications/Internet +BuildRequires: pkgconfig(zlib) +BuildRequireS: pkgconfig(openssl) +BuildRequireS: pkgconfig(libcrypto) + + +%package client +Summary: secure shell (SSH) client, for secure access to remote machines +Group: Applications/Internet +Requires: openssl >= 0.9.8 +Provides: rsh-client, ssh-client + + +%package server +Summary: secure shell (SSH) server, for secure access from remote machines +Group: System/Daemons +Requires: openssh-client = %{version}-%{release} +Requires: lsb, procps +Provides: ssh-server + + +%description +SSH (Secure SHell) is a program for logging into and executing +commands on a remote machine. SSH is intended to replace rlogin and +rsh, and to provide secure encrypted communications between two +untrusted hosts over an insecure network. X11 connections and +arbitrary TCP/IP ports can also be forwarded over the secure channel. + +OpenSSH is OpenBSD's version of the last free version of SSH, bringing +it up to date in terms of security and features, as well as removing +all patented algorithms to separate libraries. + +This package includes the core files necessary for both the OpenSSH +client and server. To make this package useful, you should also +install openssh-clients, openssh-server, or both. + +%description client +OpenSSH is a free version of SSH (Secure SHell), a program for logging +into and executing commands on a remote machine. This package includes +the clients necessary to make encrypted connections to SSH servers. +You'll also need to install the openssh package on OpenSSH clients. + +%description server +OpenSSH is a free version of SSH (Secure SHell), a program for logging +into and executing commands on a remote machine. This package contains +the secure shell daemon (sshd). The sshd daemon allows SSH clients to +securely connect to your SSH server. You also need to have the openssh +package installed. + + +%prep +%setup -q + +%build + +mkdir -p build-tmp +cd build-tmp + +../configure \ + --prefix=/usr --sysconfdir=/etc/ssh \ + --libexecdir=/usr/lib/openssh \ + --mandir=/usr/share/man \ + --disable-strip --with-mantype=doc --with-4in6 \ + --with-privsep-path=/var/run/sshd --without-rand-helper \ + --without-xauth \ + --with-default-path=/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games \ + --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11 \ + --with-cflags='-O2 -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT ' \ + --with-ldflags='-Wl,--as-needed' + +make -C . -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' + + + +%install +rm -rf %{buildroot} + +make -C build-tmp DESTDIR=%{buildroot} install-nokeys +rm -f %{buildroot}/etc/ssh/sshd_config +rm -f %{buildroot}/usr/share/Ssh.bin + +mkdir -p %{buildroot}/etc/init.d +mkdir -p %{buildroot}/etc/default +mkdir -p %{buildroot}/etc/network/if-up.d + +install -m 755 contrib/ssh-copy-id %{buildroot}/usr/bin/ssh-copy-id +install -m 644 -c contrib/ssh-copy-id.1 %{buildroot}/usr/share/man/man1/ssh-copy-id.1 +install -m 755 %{_sourcedir}/ssh-argv0 %{buildroot}/usr/bin/ssh-argv0 +install -m 644 %{_sourcedir}/ssh-argv0.1 %{buildroot}/usr/share/man/man1/ssh-argv0.1 +install %{_sourcedir}/openssh-server.init %{buildroot}/etc/init.d/ssh +install -m 644 %{_sourcedir}/openssh-server.default %{buildroot}/etc/default/ssh +install %{_sourcedir}/openssh-server.if-up %{buildroot}/etc/network/if-up.d/openssh-server + +sed -i '/\$$OpenBSD:/d' \ + %{buildroot}/etc/ssh/moduli \ + %{buildroot}/etc/ssh/ssh_config + +mkdir -p %{buildroot}/etc/rc.d/init.d/ +ln -s ../../init.d/ssh %{buildroot}/etc/rc.d/init.d/opensshd + +install -m 600 %{_sourcedir}/sshd_config %{buildroot}/etc/ssh/sshd_config + + +%remove_docs + +%pre server + +%post server +create_key() { + msg="$1" + shift + hostkeys="$1" + shift + file="$1" + shift + + if echo "$hostkeys" | grep "^$file\$" >/dev/null && \ + [ ! -f "$file" ] ; then + echo -n $msg + ssh-keygen -q -f "$file" -N '' "$@" + echo + if which restorecon >/dev/null 2>&1; then + restorecon "$file.pub" + fi + fi +} + + +create_keys() { + hostkeys="$(host_keys_required)" + + create_key "Creating SSH1 key; this may take some time ..." \ + "$hostkeys" /etc/ssh/ssh_host_key -t rsa1 + + create_key "Creating SSH2 RSA key; this may take some time ..." \ + "$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa + create_key "Creating SSH2 DSA key; this may take some time ..." \ + "$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa +} + +create_keys + + +%postun server + +%preun server + + + +%files client +/etc/ssh/moduli +/etc/ssh/ssh_config +%{_bindir}/scp +%{_bindir}/sftp +%{_bindir}/slogin +%{_bindir}/ssh +%{_bindir}/ssh-* +%{_libdir}/openssh/ssh-keysign + + +%files server +/etc/default/ssh +/etc/init.d/ssh +/etc/network/if-up.d/openssh-server +/etc/rc.d/init.d/opensshd +/etc/ssh/sshd_config +%{_libdir}/openssh/sftp-server +%{_prefix}/sbin/sshd + diff --git a/packaging/ssh-argv0 b/packaging/ssh-argv0 new file mode 100644 index 0000000..67599ae --- /dev/null +++ b/packaging/ssh-argv0 @@ -0,0 +1,30 @@ +#! /bin/sh -e + +# Copyright (c) 2001 Jonathan Amery. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +if [ "${0##*/}" = "ssh-argv0" ] +then + echo 'ssh-argv0: This script should not be run like this, see ssh-argv0(1) for details' 1>&2 + exit 1 +fi +exec ssh "${0##*/}" "$@" diff --git a/packaging/ssh-argv0.1 b/packaging/ssh-argv0.1 new file mode 100644 index 0000000..a36a63d --- /dev/null +++ b/packaging/ssh-argv0.1 @@ -0,0 +1,64 @@ +.Dd September 7, 2001 +.Dt SSH-ARGV0 1 +.Os Debian Project +.Sh NAME +.Nm ssh-argv0 +.Nd replaces the old ssh command-name as hostname handling +.Sh SYNOPSIS +.Ar hostname | user@hostname +.Op Fl l Ar login_name +.Op Ar command +.Pp +.Ar hostname | user@hostname +.Op Fl afgknqstvxACNTX1246 +.Op Fl b Ar bind_address +.Op Fl c Ar cipher_spec +.Op Fl e Ar escape_char +.Op Fl i Ar identity_file +.Op Fl l Ar login_name +.Op Fl m Ar mac_spec +.Op Fl o Ar option +.Op Fl p Ar port +.Op Fl F Ar configfile +.Oo Fl L Xo +.Sm off +.Ar port : +.Ar host : +.Ar hostport +.Sm on +.Xc +.Oc +.Oo Fl R Xo +.Sm off +.Ar port : +.Ar host : +.Ar hostport +.Sm on +.Xc +.Oc +.Op Fl D Ar port +.Op Ar command +.Sh DESCRIPTION +.Nm +replaces the old ssh command-name as hostname handling. +If you link to this script with a hostname then executing the link is +equivalent to having executed ssh with that hostname as an argument. +All other arguments are passed to ssh and will be processed normally. +.Sh OPTIONS +See +.Xr ssh 1 . +.Sh FILES +See +.Xr ssh 1 . +.Sh AUTHORS +OpenSSH is a derivative of the original and free +ssh 1.2.12 release by Tatu Ylonen. +Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, +Theo de Raadt and Dug Song +removed many bugs, re-added newer features and +created OpenSSH. +Markus Friedl contributed the support for SSH +protocol versions 1.5 and 2.0. +Jonathan Amery wrote this ssh-argv0 script and the associated documentation. +.Sh SEE ALSO +.Xr ssh 1 diff --git a/packaging/sshd_config b/packaging/sshd_config new file mode 100644 index 0000000..11667af --- /dev/null +++ b/packaging/sshd_config @@ -0,0 +1,88 @@ +# Package generated configuration file +# See the sshd_config(5) manpage for details + +# What ports, IPs and protocols we listen for +Port 22 +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +Protocol 2 +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 768 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication: +LoginGraceTime 120 +PermitRootLogin yes +StrictModes yes + +RSAAuthentication yes +PubkeyAuthentication yes +#AuthorizedKeysFile %h/.ssh/authorized_keys + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +PermitEmptyPasswords yes + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Change to no to disable tunnelled clear text passwords +#PasswordAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +X11Forwarding yes +X11DisplayOffset 10 +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +#UseLogin no + +#MaxStartups 10:30:60 +#Banner /etc/issue.net + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +# +# PAM disabled for SLP +# UsePAM yes -- 2.7.4