OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Peter Smej
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 11-Nov-2002 18:11:42
Branch: HEAD Handle: 2002111117114200
Added files:
openpkg-src/openssh3.5 fsl.openssh openssh.spec rc.openssh ssh-askpass
ssh-keyman ssh-keyman.1 ssh-keyman.pod ssh_config
sshd_config
Log:
Commit openssh Version 3.5 p1
Summary:
Revision Changes Path
1.1 +16 -0 openpkg-src/openssh3.5/fsl.openssh
1.1 +278 -0 openpkg-src/openssh3.5/openssh.spec
1.1 +60 -0 openpkg-src/openssh3.5/rc.openssh
1.1 +25 -0 openpkg-src/openssh3.5/ssh-askpass
1.1 +290 -0 openpkg-src/openssh3.5/ssh-keyman
1.1 +258 -0 openpkg-src/openssh3.5/ssh-keyman.1
1.1 +169 -0 openpkg-src/openssh3.5/ssh-keyman.pod
1.1 +43 -0 openpkg-src/openssh3.5/ssh_config
1.1 +41 -0 openpkg-src/openssh3.5/sshd_config
____________________________________________________________________________
Index: openpkg-src/openssh3.5/fsl.openssh
============================================================
$ cvs update -p -r1.1 fsl.openssh
##
## fsl.openssh -- OSSP fsl configuration for openssh
##
ident (ssh(d|-.+)?|scp|sftp(-server)?)/.+ q{
prefix(
prefix="%b %d %H:%M:%S %N <%L> $1[%P]: "
)
-> {
debug: file(
path="@l_prefix@/var/openssh/sshd.log",
append=1, perm=0644
)
}
}
Index: openpkg-src/openssh3.5/openssh.spec
============================================================
$ cvs update -p -r1.1 openssh.spec
##
## openssh.spec -- OpenPKG RPM Specification
## Copyright (c) 2000-2002 Cable & Wireless Deutschland GmbH
## Copyright (c) 2000-2002 The OpenPKG Project <http://www.openpkg.org/>
## Copyright (c) 2000-2002 Ralf S. Engelschall <[EMAIL PROTECTED]>
##
## Permission to use, copy, modify, and distribute this software for
## any purpose with or without fee is hereby granted, provided that
## the above copyright notice and this permission notice appear in all
## copies.
##
## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
## SUCH DAMAGE.
##
# package versions
%define V_base 3.5
%define V_portable p1
%define V_chroot 3.5
# package options
%ifndef with_pam
%define with_pam no
%endif
%ifndef with_pcre
%define with_pcre no
%endif
%ifndef with_skey
%define with_skey no
%endif
%ifndef with_x11
%define with_x11 %{l_test -p x11}
%endif
%ifndef with_chroot
%define with_chroot no
%endif
# package information
Name: openssh
Summary: Secure Shell (SSH)
URL: http://www.openssh.com/
Vendor: The OpenBSD Project
Packager: The OpenPKG Project
Distribution: OpenPKG [CORE]
Group: Security
License: BSD
Version: %{V_base}%{V_portable}
Release: 200211111
# list of sources
Source0:
ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
Source1: rc.openssh
Source2: fsl.openssh
Source3: sshd_config
Source4: ssh_config
Source5: ssh-askpass
Source6: ssh-keyman
Source7: ssh-keyman.1
Source8: ssh-keyman.pod
Source9: http://chrootssh.sourceforge.net/patches/osshChroot-%{V_chroot}.diff
# build information
Prefix: %{l_prefix}
BuildRoot: %{l_buildroot}
#BuildPreReq: OpenPKG, openpkg >= 20021002, fsl, perl, openssl, zlib
BuildPreReq: OpenPKG, openpkg >= 20021002, perl, openssl, zlib
#PreReq: OpenPKG, openpkg >= 20021002, fsl
PreReq: OpenPKG, openpkg >= 20021002
%if "%{with_pam}" == "yes"
BuildPreReq: PAM
PreReq: PAM
%endif
%if "%{with_pcre}" == "yes"
BuildPreReq: pcre
%endif
%if "%{with_skey}" == "yes"
BuildPreReq: skey
%endif
%if "%{with_x11}" == "yes"
BuildPreReq: X11
PreReq: X11
%endif
AutoReq: no
AutoReqProv: no
%description
Secure Shell (SSH) is a facility for logging into a remote machine
and for remotely executing commands on a remote machine. It is
intended to replace rlogin(1) and rsh(1), and provide secure
encrypted communications between two untrusted hosts over an
insecure network. X11 connections and arbitrary TCP/IP ports can
also be forwarded over the secure channel. OpenSSH is OpenBSD's
rework of the last free version of SSH, bringing it up to date in
terms of security and features, as well as removing all patented
algorithms to separate libraries (OpenSSL).
Options:
--define 'with_pam %{with_pam}'
--define 'with_pcre %{with_pcre}'
--define 'with_skey %{with_skey}'
--define 'with_x11 %{with_x11}'
--define 'with_chroot %{with_chroot}'
%prep
%setup0 -q -c
%if "%{with_chroot}" == "yes"
cd openssh-%{version}
%{l_patch} -p1 <%{SOURCE osshChroot-%{V_chroot}.diff}
%endif
%build
# build OpenSSH
( cd openssh-%{version}
inc="-I%{l_prefix}/include"
lib="-L%{l_prefix}/lib"
%if "%{with_pam}" == "yes"
inc="$inc -I`%{l_prefix}/etc/rc --query pam_incdir`"
lib="$lib -L`%{l_prefix}/etc/rc --query pam_libdir`"
%endif
CC="%{l_cc}" \
CFLAGS="`%{l_prefix}/bin/fsl-config --all --cflags` $inc" \
CFLAGS="$inc" \
LDFLAGS="`%{l_prefix}/bin/fsl-config --all --ldflags` $lib" \
LIBS="`%{l_prefix}/bin/fsl-config --all --libs`" \
./configure \
--prefix=%{l_prefix} \
--sbindir=%{l_prefix}/bin \
--mandir=%{l_prefix}/man \
--infodir=%{l_prefix}/info \
--sysconfdir=%{l_prefix}/etc/openssh \
--libexecdir=%{l_prefix}/libexec/openssh \
--localstatedir=%{l_prefix}/var/openssh \
--with-pid-dir=%{l_prefix}/var/openssh \
--with-ssl-dir=%{l_prefix} \
%if "%{with_pcre}" == "yes"
--with-pcre=%{l_prefix} \
%endif
%if "%{with_skey}" == "yes"
--with-skey=%{l_prefix} \
%endif
%if "%{with_pam}" == "yes"
--with-pam \
%else
--without-pam \
%endif
%if "%{with_x11}" == "yes"
--with-xauth="`%{l_prefix}/etc/rc --query x11_bindir`/xauth" \
%endif
--with-md5-passwords \
--with-zlib=%{l_prefix} \
--with-ipv4-default \
--without-smartcard \
--without-kerberos4 \
--disable-suid-ssh \
--without-rsh \
--with-mantype=man \
--with-default-path=%{l_prefix}/bin:/bin:/usr/bin:/usr/local/bin \
--with-privsep-user=%{l_nusr} \
--with-privsep-path=%{l_prefix}/var/openssh/empty
# build package
%{l_make} %{l_mflags -O}
)
%install
rm -rf $RPM_BUILD_ROOT
# perform standard installation procedure of OpenSSH
( cd openssh-%{version}
%{l_make} %{l_mflags} install DESTDIR=$RPM_BUILD_ROOT
)
# strip down installation tree
rm -rf $RPM_BUILD_ROOT%{l_prefix}/share
rm -f $RPM_BUILD_ROOT%{l_prefix}/bin/slogin
rm -f $RPM_BUILD_ROOT%{l_prefix}/man/man1/slogin.1
strip $RPM_BUILD_ROOT%{l_prefix}/bin/* 2> /dev/null || true
strip $RPM_BUILD_ROOT%{l_prefix}/libexec/openssh/* 2> /dev/null || true
# install ssh-askpass wrapper
%{l_shtool} mkdir -f -p -m 755 $RPM_BUILD_ROOT%{l_prefix}/libexec/openssh/
%{l_shtool} install -c -m 755 -e 's;@l_prefix@;%{l_prefix};g' \
%{SOURCE ssh-askpass} $RPM_BUILD_ROOT%{l_prefix}/libexec/openssh/
# make sure the state directory exists
%{l_shtool} mkdir -f -p -m 755 \
$RPM_BUILD_ROOT%{l_prefix}/var/openssh \
$RPM_BUILD_ROOT%{l_prefix}/var/openssh/empty
# install addons
%{l_shtool} mkdir -f -p -m 755 \
$RPM_BUILD_ROOT%{l_prefix}/bin/ \
$RPM_BUILD_ROOT%{l_prefix}/man/man1/
%{l_shtool} install -c -m 755 -e 's;@l_prefix@;%{l_prefix};g' \
%{SOURCE ssh-keyman} $RPM_BUILD_ROOT%{l_prefix}/bin/
%{l_shtool} install -c -m 644 -e 's;@l_prefix@;%{l_prefix};g' \
%{SOURCE ssh-keyman.1} $RPM_BUILD_ROOT%{l_prefix}/man/man1/
# install run-command script
%{l_shtool} mkdir -f -p -m 755 $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
%{l_shtool} install -c -m 755 -e 's;@l_prefix@;%{l_prefix};g' \
-e 's;@l_musr@;%{l_musr};g' -e 's;@l_mgrp@;%{l_mgrp};g' \
%{SOURCE rc.openssh} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
# install fsl configuration file
%{l_shtool} mkdir -f -p -m 755 $RPM_BUILD_ROOT%{l_prefix}/etc/fsl/
%{l_shtool} install -c -m 644 -e 's;@l_prefix@;%{l_prefix};g' \
%{SOURCE fsl.openssh} $RPM_BUILD_ROOT%{l_prefix}/etc/fsl/
# install reasonable ssh server and client configuration files
%{l_shtool} mkdir -f -p -m 755 $RPM_BUILD_ROOT%{l_prefix}/etc/openssh/
%{l_shtool} install -c -m 644 \
-e 's;@l_prefix@;%{l_prefix};g' \
-e 's;@l_x11forwarding@;%{with_x11};' \
%{SOURCE sshd_config} $RPM_BUILD_ROOT%{l_prefix}/etc/openssh/
%{l_shtool} install -c -m 644 -e 's;@l_prefix@;%{l_prefix};g' \
%{SOURCE ssh_config} $RPM_BUILD_ROOT%{l_prefix}/etc/openssh/
# determine installation files
%{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
%{l_files_std} \
'%config %{l_prefix}/etc/openssh/*' \
'%attr(4711,root,%{l_mgrp}) %{l_prefix}/libexec/openssh/ssh-keysign' \
'%dir %attr(700,root,root) %{l_prefix}/var/openssh/empty' \
'%config %{l_prefix}/etc/fsl/fsl.openssh' \
'%not %dir %{l_prefix}/etc/fsl'
%files -f files
%clean
rm -rf $RPM_BUILD_ROOT
%post
# generate server RSA1 (SSHv1) key
if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_key" -o \
! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_key" ] ; then
$RPM_INSTALL_PREFIX/bin/ssh-keygen -t rsa1 -b 2048 \
-f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_key \
-N '' -C `hostname` 1>&2
fi
# generate server RSA (SSHv2) key
if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_rsa_key" -o \
! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_rsa_key" ] ; then
$RPM_INSTALL_PREFIX/bin/ssh-keygen -t rsa -b 2048 \
-f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_rsa_key \
-N '' -C `hostname` 1>&2
fi
# generate server DSA (SSHv2) key
if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key" -o \
! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key" ] ; then
$RPM_INSTALL_PREFIX/bin/ssh-keygen -t dsa -b 2048 \
-f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key \
-N '' -C `hostname` 1>&2
fi
# add PAM configuration entry
%if "%{with_pam}" == "yes"
$RPM_INSTALL_PREFIX/sbin/pamtool --add --smart --name=openssh
%endif
%preun
# remove PAM configuration entry
%if "%{with_pam}" == "yes"
$RPM_INSTALL_PREFIX/sbin/pamtool --remove --smart --name=openssh
%endif
Index: openpkg-src/openssh3.5/rc.openssh
============================================================
$ cvs update -p -r1.1 rc.openssh
#!@l_prefix@/lib/openpkg/bash @l_prefix@/etc/rc
##
## rc.openssh -- Run-Commands for OpenSSH Daemon
##
%config
openssh_enable="yes"
openssh_log_prolog="true"
openssh_log_epilog="true"
openssh_log_numfiles="10"
openssh_log_minsize="1M"
openssh_log_complevel="9"
%common
openssh_signal () {
if [ -f "@l_prefix@/var/openssh/sshd.pid" ]; then
kill -$1 `cat @l_prefix@/var/openssh/sshd.pid`
fi
}
%start -p 200 -u root
opServiceEnabled openssh || exit 0
@l_prefix@/bin/sshd
%stop -p 200 -u root
opServiceEnabled openssh || exit 0
openssh_signal TERM
%restart -u root
opServiceEnabled openssh || exit 0
openssh_signal TERM
sleep 2
@l_prefix@/bin/sshd
%daily -u root
opServiceEnabled openssh || exit 0
opTmpDirGen openssh
opTmpDirFile openssh hint hintfile
prolog="true"
if [ ".$openssh_log_prolog" != . ]; then
prolog="$prolog; $openssh_log_prolog"
fi
epilog="echo 'epilog' >$hintfile"
if [ ".$openssh_log_epilog" != . ]; then
epilog="$epilog; $openssh_log_epilog"
fi
shtool rotate -f \
-n${openssh_log_numfiles} -s${openssh_log_minsize} \
-d -z${openssh_log_complevel} \
-o@l_musr@ -g@l_mgrp@ -m644 \
-P "$prolog" \
-E "$epilog" \
@l_prefix@/var/openssh/sshd.log
if [ ".`cat $hintfile`" = ".epilog" ]; then
openssh_signal TERM
sleep 2
@l_prefix@/bin/sshd
fi
opTmpDirDel openssh
Index: openpkg-src/openssh3.5/ssh-askpass
============================================================
$ cvs update -p -r1.1 ssh-askpass
#!/bin/sh
##
## ssh-askpass -- Internal OpenSSH wrapper for ssh-askpass
##
ssh_askpass=""
if [ ".$SSH_ASKPASS" != . ]; then
ssh_askpass="$SSH_ASKPASS"
else
for p in @l_prefix@ `echo $PATH | sed -e 's/:/ /g'`; do
if [ -f $p/ssh-askpass ]; then
ssh_askpass="$p/ssh-askpass"
break
elif [ -f $p/x11-ssh-askpass ]; then
ssh_askpass="$p/x11-ssh-askpass"
break
fi
done
fi
if [ ".$ssh_askpass" = . ]; then
echo "ssh:ERROR: neither \"[x11-]ssh-askpass\" installed nor \$SSH_ASKPASS
provided" 1>&2
exit 1
fi
exec $ssh_askpass "$@"
Index: openpkg-src/openssh3.5/ssh-keyman
============================================================
$ cvs update -p -r1.1 ssh-keyman
#!/bin/sh
##
## ssh-keyman -- authentication key agent management
## Copyright (c) 2002 Ralf S. Engelschall <[EMAIL PROTECTED]>
##
## Permission to use, copy, modify, and distribute this software for
## any purpose with or without fee is hereby granted, provided that
## the above copyright notice and this permission notice appear in all
## copies.
##
## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
## SUCH DAMAGE.
##
## ssh-keyman: program implementation (language: Bourne-Shell)
##
# program information
prog_name="ssh-keyman"
prog_vers="1.0.1"
prog_date="31-May-2002"
# OpenSSH programs
ssh_agent="@l_prefix@/bin/ssh-agent"
ssh_add="@l_prefix@/bin/ssh-add"
# parse command line options
opt_q=no; alias_quiet=q
opt_c=no; alias_cluster=c
opt_e=no; alias_env=e
opt_s=no; alias_start=s
opt_k=no; alias_kill=k
opt_a=no; alias_add=a
opt_d=no; alias_delete=d
opt_l=no; alias_list=l
opt_h=no; alias_help=h
opt_v=no; alias_version=v
if [ $# -eq 0 ]; then
opt_h=yes
fi
while [ $# -gt 0 ]; do
if [ ".$1" = ".--" ]; then
shift
break
fi
case $1 in
--quiet|--cluster|--env|--start|--kill|--add|--delete|--list|--help|--version )
name=`echo x$1 | sed -e 's;^x--;;'`
eval "name=\$alias_${name}"
eval "opt_${name}=yes"
;;
-[qceskadlhv] )
name=`echo x$1 | sed -e 's;^x-;;'`
eval "opt_${name}=yes"
;;
-* )
echo "$prog_name:ERROR: unknown option \"$opt\"" 1>&2
exit 1
;;
* )
break
;;
esac
shift
done
# stand-alone operation: display help information
if [ ".$opt_h" = .yes ]; then
echo "Usage: $prog_name [-h] [-v] [-q] [-c] [-e] [-s] [-k] [-a] [-d] [-l]
[keyfile ...]"
exit 0
fi
# stand-alone operation: display version information
if [ ".$opt_v" = .yes ]; then
echo "$prog_name $prog_vers ($prog_date)"
exit 0
fi
# determine agent information filename
hostname=`hostname`
agentfile="$HOME/.ssh/agent-$hostname"
if [ ".$opt_c" = .no ]; then
if [ ! -f $agentfile ]; then
agentfile="$HOME/.ssh/agent"
fi
fi
# export agent configuration
export SSH_AUTH_SOCK
export SSH_AGENT_PID
# perform agent information sanity check
check_agent_info () {
context="$1"
invalid1=""
invalid2=""
if [ ".$SSH_AUTH_SOCK" != . ]; then
# make sure the agent socket is (still) working
if [ ! -r $SSH_AUTH_SOCK ]; then
invalid1="agent socket $SSH_AUTH_SOCK no longer exists"
else
ssh-add -l >/dev/null 2>&1
if [ $? -eq 2 ]; then
invalid1="agent socket $SSH_AUTH_SOCK no longer valid"
fi
fi
fi
if [ ".$SSH_AGENT_PID" != . ]; then
# make sure the agent process is (still) running
kill -0 $SSH_AGENT_PID >/dev/null 2>&1
if [ $? -ne 0 ]; then
invalid2="agent process $SSH_AGENT_PID no longer exists"
fi
fi
if [ ".$invalid1" != . -o ".$invalid2" != . ]; then
if [ ".$opt_e" = .no ]; then
echo "$prog_name:WARNING: invalid agent setup found in $context." 1>&2
if [ ".$invalid1" != . ]; then
echo "$prog_name:WARNING: reason: $invalid1." 1>&2
fi
if [ ".$invalid2" != . ]; then
echo "$prog_name:WARNING: reason: $invalid2." 1>&2
fi
if [ ".$context" = ".your shell environment" ]; then
echo "$prog_name:HINT: run \"eval \`$prog_name -q -s -e\`\" to fix."
1>&2
fi
fi
unset SSH_AUTH_SOCK
unset SSH_AGENT_PID
fi
}
check_agent_info "your shell environment"
if [ -f $agentfile ]; then
. $agentfile
check_agent_info "in saved agent state"
if [ ".$SSH_AUTH_SOCK" = . -o ".$SSH_AGENT_PID" = . ]; then
rm -f $agentfile
fi
fi
# if (now guarrantied to be correct) agent state is in
# environment, but it is (no longer?) saved, save it now to fix situation.
if [ ! -f $agentfile ]; then
if [ ".$SSH_AUTH_SOCK" != . -a ".$SSH_AGENT_PID" != . ]; then
( echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK"
echo "SSH_AGENT_PID=$SSH_AGENT_PID"
) >$agentfile && chmod 600 $agentfile
echo "$prog_name:WARNING: valid agent information in your environment" 1>&2
echo "$prog_name:WARNING: but no saved agent state file -- fixed" 1>&2
fi
fi
# stop the agent
if [ ".$opt_k" = .yes ]; then
# stop the agent
kill=yes
if [ ".$SSH_AUTH_SOCK" != . -a ".$SSH_AGENT_PID" != . ]; then
kill $SSH_AGENT_PID >/dev/null 2>&1 || true
if [ ".$opt_q" = .no ]; then
echo "$prog_name: stopped agent (pid $SSH_AGENT_PID)" 1>&2
fi
rm -f $agentfile
unset SSH_AUTH_SOCK
unset SSH_AGENT_PID
elif [ ".$SSH_AUTH_SOCK" != . -a ".$SSH_AGENT_PID" = . ]; then
if [ ".$opt_q" = .no ]; then
echo "$prog_name: agent running remotely - cannot kill locally" 1>&2
fi
else
if [ ".$opt_q" = .no ]; then
echo "$prog_name: agent not running" 1>&2
fi
fi
fi
# start the agent
if [ ".$opt_s" = .yes ]; then
if [ ".$SSH_AUTH_SOCK" = . -a ".$SSH_AGENT_PID" = . ]; then
eval `nohup $ssh_agent -s </dev/null 2>/dev/null | grep -v 'Agent pid'`
if [ ".$opt_q" != .yes ]; then
echo "$prog_name: spawned agent (pid $SSH_AGENT_PID)" 1>&2
fi
( echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK"
echo "SSH_AGENT_PID=$SSH_AGENT_PID"
) >$agentfile && chmod 600 $agentfile
elif [ ".$SSH_AUTH_SOCK" != . -a ".$SSH_AGENT_PID" = . ]; then
if [ ".$opt_q" = .no ]; then
echo "$prog_name: agent already running remotely - no need to start
locally" 1>&2
fi
else
if [ ".$opt_q" = .no ]; then
echo "$prog_name: agent already running" 1>&2
fi
fi
fi
# setup environment
if [ ".$opt_e" = .yes ]; then
if [ -r $agentfile ]; then
sed -e 's/$/;/g' <$agentfile
echo "export SSH_AUTH_SOCK;"
echo "export SSH_AGENT_PID;"
else
echo "$prog_name:WARNING: agent not (or no longer) available" 1>&2
echo "unset SSH_AUTH_SOCK;"
echo "unset SSH_AGENT_PID;"
fi
fi
# delete key(s) from agent
if [ ".$opt_d" = .yes ]; then
if [ ".$SSH_AUTH_SOCK" = . ]; then
echo "$prog_name:WARNING: agent not available" 1>&2
else
if [ $# -eq 0 ]; then
if [ ".$opt_q" = .no ]; then
echo "$prog_name: deleting all keys" 1>&2
fi
$ssh_add -D
else
if [ ".$opt_q" = .no ]; then
for key in "$@"; do
echo "$prog_name: deleting key $key" 1>&2
done
fi
$ssh_add -d "$@"
fi
fi
fi
# add key(s) into agent
if [ ".$opt_a" = .yes ]; then
if [ ".$SSH_AUTH_SOCK" = . ]; then
echo "$prog_name:WARNING: agent not available" 1>&2
else
if [ $# -eq 0 ]; then
echo "$prog_name:ERROR: no keys specified on command line" 1>&2
exit 1
fi
key_loaded=`$ssh_add -l | awk '{ print $2; }'`
key_missing=""
for key_file in "$@"; do
if [ -f "${key_file}.pub" ]; then
key_this=`ssh-keygen -l -f ${key_file}.pub 2>&1 | awk '{ print $2;
}'`
else
key_this=`ssh-keygen -l -f ${key_file} 2>&1 | awk '{ print $2; }'`
fi
load=yes
for key in $key_loaded; do
if [ ".$key" = ".$key_this" ]; then
load=no
break
fi
done
if [ ".$load" = .yes ]; then
if [ ".$opt_q" = .no ]; then
echo "$prog_name: loading key $key_file" 1>&2
fi
key_missing="$key_missing $key_file"
else
if [ ".$opt_q" = .no ]; then
echo "$prog_name: skipping key $key_file (already loaded)" 1>&2
fi
fi
done
if [ ".$key_missing" != . ]; then
$ssh_add $key_missing
fi
fi
fi
# list key(s) available in agent
if [ ".$opt_l" = .yes ]; then
if [ ".$SSH_AUTH_SOCK" = . ]; then
echo "$prog_name:WARNING: agent not available" 1>&2
else
$ssh_add -l
fi
fi
Index: openpkg-src/openssh3.5/ssh-keyman.1
============================================================
$ cvs update -p -r1.1 ssh-keyman.1
.\" Automatically generated by Pod::Man version 1.15
.\" Tue May 7 19:43:46 2002
.\"
.\" Standard preamble:
.\" ======================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" index entries marked with X<> in POD. Of course, you'll have to process
.\" the output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
.\"
.\" For nroff, turn off justification. Always turn off hyphenation; it
.\" makes way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
.bd B 3
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds :
\\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "SSH-KEYMAN 1"
.TH SSH-KEYMAN 1 "perl v5.6.1" "2002-05-07" "User Contributed Perl Documentation"
.UC
.SH "NAME"
\&\fBssh-keyman\fR \- authentication key agent management
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
\&\fBssh-keyman\fR
[\fB\-q\fR]
[\fB\-c\fR]
[\fB\-k\fR]
[\fB\-s\fR]
[\fB\-e\fR]
[\fB\-d\fR]
[\fB\-a\fR]
[\fB\-l\fR]
[\fIkeyfile\fR ...]
.PP
\&\fBssh-keyman\fR
\&\fB\-h\fR
\&\fB\-v\fR
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fBssh-keyman\fR is a frontend to the \fBssh-agent\fR and \fBssh-add\fR commands
for managing a long-running \fBssh-agent\fR process. The idea is that
a single \fBssh-agent\fR process is kept persistently running across
multiple user login sessions in order to prevent the startup of multiple
\&\fBssh-agent\fR processes and to avoid having to enter pass-phrases more
often than really necessary from a security point of view.
.PP
The command line options can be combined and are executed internally in
the given order below.
.Ip "\fB\-q\fR, \fB\*(--quiet\fR" 4
.IX Item "-q, quiet"
Quiet operation. Do not print verbose messages.
.Ip "\fB\-c\fR, \fB\*(--cluster\fR" 4
.IX Item "-c, cluster"
Cluster indicator. This forces the use of
\&\fB$HOME/.ssh/agent-\fR\fIhostname\fR as the agent attachment informations
file instead of the default \fB$HOME/.ssh/agent\fR. Use this if your home
directory is NFS-mounted on a cluster of desktops.
.Ip "\fB\-k\fR, \fB\*(--kill\fR" 4
.IX Item "-k, kill"
Kill agent. This makes sure the \fBssh-agent\fR process
is no longer running.
.Ip "\fB\-s\fR, \fB\*(--start\fR" 4
.IX Item "-s, start"
Start agent. This makes sure the \fBssh-agent\fR process is
running. If not, it automatically spawns a new one.
.Ip "\fB\-e\fR, \fB\*(--env\fR" 4
.IX Item "-e, env"
Environment setup. This outputs to \fIstdout\fR the Bourne-Shell commands
necessary to attach the current shell session to the \fBssh-agent\fR
process. The intended usage is "\f(CW\*(C`eval `\f(CBssh-keyman\f(CW \-q \-e
\-s`\*(C'\fR" from
within \fB$HOME/.xsession\fR or \fB$HOME/.bash_login\fR scripts.
.Ip "\fB\-d\fR, \fB\*(--delete\fR" 4
.IX Item "-d, delete"
Delete key. This deletes one or more (or all if not \fIkeyfile\fR arguments
are specified at all) from the \fBssh-agent\fR process.
.Ip "\fB\-a\fR, \fB\*(--add\fR" 4
.IX Item "-a, add"
Add key. This adds one or more keys (in \fIkeyfile\fR) to the \fBssh-agent\fR
process. If a key is already loaded, it is skipped and not reloaded.
Additionally, all specified keys are loaded with a single \fBssh-add\fR
call. This way the pass-phrase dialog is reduced to its possible
minimum.
.Ip "\fB\-l\fR, \fB\*(--list\fR" 4
.IX Item "-l, list"
List keys. This lists the currently available keys in the \fBssh-agent\fR
process.
.Ip "\fB\-h\fR, \fB\*(--help\fR" 4
.IX Item "-h, help"
Help information. Display a usage summary on \fIstdout\fR.
.Ip "\fB\-v\fR, \fB\*(--version\fR" 4
.IX Item "-v, version"
Version information. Display a version summary on \fIstdout\fR.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
\&\fI.xsession\fR:
.PP
.Vb 5
\& eval `ssh-keyman -q -s -e`
\& ssh-keyman -q -a </dev/null \e
\& ~/.ssh/id_rsa_1 \e
\& ~/.ssh/id_rsa_2 \e
\& ~/.ssh/id_rsa_3
.Ve
\&\fI.bash_login\fR:
.PP
.Vb 1
\& eval `ssh-keyman -q -s -e`
.Ve
.SH "FILES"
.IX Header "FILES"
.Ip "\fB$HOME/.ssh/agent\fR" 4
.IX Item "$HOME/.ssh/agent"
The generated shell script for attaching the current shell
session (and all of its sub-processes) to the \fBssh-agent\fR process.
At any time this can be directly sourced from within the shell session
or indirectly through the \fBssh-keyman\fR \fB\-e\fR option.
This file is used if the cluster option \fB\-c\fR is not used.
.Ip "\fB$HOME/.ssh/agent-\fR\fIhostname\fR" 4
.IX Item "$HOME/.ssh/agent-hostname"
The generated shell script for attaching the current shell
session (and all of its sub-processes) to the \fBssh-agent\fR process.
At any time this can be directly sourced from within the shell session
or indirectly through the \fBssh-keyman\fR \fB\-e\fR option.
This file is used if the cluster option \fB\-c\fR is used.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBssh-agent\fR(1), \fBssh-add\fR(1).
.SH "HISTORY"
.IX Header "HISTORY"
\&\fBssh-keyman\fR was written in May 2002 by Ralf S. Engelschall
<[EMAIL PROTECTED]>. It was inspired by the similar program
\&\fBkeychain\fR from Daniel Robbins <[EMAIL PROTECTED]>. The main
difference between \fBkeychain\fR and \fBssh-keyman\fR is that \fBssh-keyman\fR
uses a more orthogonal interface which even allows you to combine
multiple actions into a single call.
Index: openpkg-src/openssh3.5/ssh-keyman.pod
============================================================
$ cvs update -p -r1.1 ssh-keyman.pod
##
## ssh-keyman -- authentication key agent management
## Copyright (c) 2002 Ralf S. Engelschall <[EMAIL PROTECTED]>
##
## Permission to use, copy, modify, and distribute this software for
## any purpose with or without fee is hereby granted, provided that
## the above copyright notice and this permission notice appear in all
## copies.
##
## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
## SUCH DAMAGE.
##
## ssh-keyman.pod: Unix manual page (language: POD)
##
=pod
=head1 NAME
B<ssh-keyman> - authentication key agent management
=head1 SYNOPSIS
B<ssh-keyman>
[B<-q>]
[B<-c>]
[B<-k>]
[B<-s>]
[B<-e>]
[B<-d>]
[B<-a>]
[B<-l>]
[I<keyfile> ...]
B<ssh-keyman>
B<-h>
B<-v>
=head1 DESCRIPTION
B<ssh-keyman> is a frontend to the B<ssh-agent> and B<ssh-add> commands
for managing a long-running B<ssh-agent> process. The idea is that
a single B<ssh-agent> process is kept persistently running across
multiple user login sessions in order to prevent the startup of multiple
B<ssh-agent> processes and to avoid having to enter pass-phrases more
often than really necessary from a security point of view.
The command line options can be combined and are executed internally in
the given order below.
=over 4
=item B<-q>, B<--quiet>
Quiet operation. Do not print verbose messages.
=item B<-c>, B<--cluster>
Cluster indicator. This forces the use of
B<$HOME/.ssh/agent->I<hostname> as the agent attachment informations
file instead of the default B<$HOME/.ssh/agent>. Use this if your home
directory is NFS-mounted on a cluster of desktops.
=item B<-k>, B<--kill>
Kill agent. This makes sure the B<ssh-agent> process
is no longer running.
=item B<-s>, B<--start>
Start agent. This makes sure the B<ssh-agent> process is
running. If not, it automatically spawns a new one.
=item B<-e>, B<--env>
Environment setup. This outputs to F<stdout> the Bourne-Shell commands
necessary to attach the current shell session to the B<ssh-agent>
process. The intended usage is "C<eval `B<ssh-keyman> -q -e -s`>" from
within B<$HOME/.xsession> or B<$HOME/.bash_login> scripts.
=item B<-d>, B<--delete>
Delete key. This deletes one or more (or all if not I<keyfile> arguments
are specified at all) from the B<ssh-agent> process.
=item B<-a>, B<--add>
Add key. This adds one or more keys (in I<keyfile>) to the B<ssh-agent>
process. If a key is already loaded, it is skipped and not reloaded.
Additionally, all specified keys are loaded with a single B<ssh-add>
call. This way the pass-phrase dialog is reduced to its possible
minimum.
=item B<-l>, B<--list>
List keys. This lists the currently available keys in the B<ssh-agent>
process.
=item B<-h>, B<--help>
Help information. Display a usage summary on F<stdout>.
=item B<-v>, B<--version>
Version information. Display a version summary on F<stdout>.
=back
=head1 EXAMPLE
F<.xsession>:
eval `ssh-keyman -q -s -e`
ssh-keyman -q -a </dev/null \
~/.ssh/id_rsa_1 \
~/.ssh/id_rsa_2 \
~/.ssh/id_rsa_3
F<.bash_login>:
eval `ssh-keyman -q -s -e`
=head1 FILES
=over 4
=item B<$HOME/.ssh/agent>
The generated shell script for attaching the current shell
session (and all of its sub-processes) to the B<ssh-agent> process.
At any time this can be directly sourced from within the shell session
or indirectly through the B<ssh-keyman> B<-e> option.
This file is used if the cluster option B<-c> is not used.
=item B<$HOME/.ssh/agent->I<hostname>
The generated shell script for attaching the current shell
session (and all of its sub-processes) to the B<ssh-agent> process.
At any time this can be directly sourced from within the shell session
or indirectly through the B<ssh-keyman> B<-e> option.
This file is used if the cluster option B<-c> is used.
=back
=head1 SEE ALSO
B<ssh-agent>(1), B<ssh-add>(1).
=head1 HISTORY
B<ssh-keyman> was written in May 2002 by Ralf S. Engelschall
E<lt>[EMAIL PROTECTED]<gt>. It was inspired by the similar program
B<keychain> from Daniel Robbins E<lt>[EMAIL PROTECTED]<gt>. The main
difference between B<keychain> and B<ssh-keyman> is that B<ssh-keyman>
uses a more orthogonal interface which even allows you to combine
multiple actions into a single call.
=cut
Index: openpkg-src/openssh3.5/ssh_config
============================================================
$ cvs update -p -r1.1 ssh_config
##
## ssh_config -- OpenSSH Client Configuration
##
Host localhost
Compression no
ForwardX11 yes
KeepAlive yes
# Global Default Settings
# (keep this section last here, because
# the rule is "first matching is used")
Host *
BatchMode no
CheckHostIP yes
Protocol 1,2
HostKeyAlgorithms ssh-rsa,ssh-dss
PreferredAuthentications hostbased,publickey,keyboard-interactive,password
Cipher 3des
Ciphers
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
MACs
hmac-sha1,hmac-md5,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
Compression yes
CompressionLevel 4
ConnectionAttempts 2
PubkeyAuthentication yes
DSAAuthentication yes
RSAAuthentication yes
ChallengeResponseAuthentication yes
PasswordAuthentication yes
NumberOfPasswordPrompts 2
RhostsAuthentication no
RhostsRSAAuthentication no
StrictHostKeyChecking no
UsePrivilegedPort no
UseRsh no
FallBackToRsh no
EscapeChar ~
ForwardAgent yes
ForwardX11 no
GatewayPorts no
KeepAlive no
LogLevel INFO
Index: openpkg-src/openssh3.5/sshd_config
============================================================
$ cvs update -p -r1.1 sshd_config
##
## sshd_config -- OpenSSH Daemon Configuration
##
Port 22
ListenAddress 0.0.0.0
Subsystem sftp @l_prefix@/libexec/openssh/sftp-server
Protocol 2,1
HostKey @l_prefix@/etc/openssh/ssh_host_key
HostDsaKey @l_prefix@/etc/openssh/ssh_host_dsa_key
ServerKeyBits 768
KeyRegenerationInterval 3600
PidFile @l_prefix@/var/openssh/sshd.pid
SyslogFacility AUTH
LogLevel INFO
PubkeyAuthentication yes
RSAAuthentication yes
DSAAuthentication yes
PasswordAuthentication yes
RhostsAuthentication no
RhostsRSAAuthentication no
StrictModes yes
IgnoreRhosts yes
KeepAlive yes
GatewayPorts no
X11Forwarding @l_x11forwarding@
Compression yes
UsePrivilegeSeparation no
LoginGraceTime 600
MaxStartups 10:30:60
PermitRootLogin yes
PermitEmptyPasswords no
UseLogin no
PrintMotd yes
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
