"Niels M�ller" wrote:
>
> News for the lsh-0.1.17 release
>
> More support for host authentication and SPKI.
>
> First version that includes Bazsi's work on an ssh-proxy (i.e.
> a program that implements the traditional Man-in-the-middle
> attack on the ssh2 protocol). Could be useful for people
> running firewalls, and also for those of us who want to point
> out that it's a bad idea to use unauthenticated hostkeys.
>
> This release is mostly untested, but contains some new stuff. Try lsh
> --sloppy, and then sexp_conv -i advanced < ~/.lsh/captured_keys.
Okay, that works. Now is there some ACL or something that I can
put the key in so that I don't have to use --sloppy to connect or
is that somthing not yet implimented?
> At the usual places,
>
> http://www.lysator.liu.se/~nisse/archive/lsh-0.1.17.tar.gz
> ftp://ftp.lysator.liu.se/pub/security/lsh/lsh-0.1.17.tar.gz
>
> Happy hacking,
> /Niels
These might be useful (although I don't think they're the
most current):
/etc/rc.d/init.d/lshd (lshd.rhlinux.init)
----------------------------------------------------------------
#!/bin/sh
#
# Version 0.1
#
# chkconfig: 345 99 01
# description: provides secure connections through untrusted networks
# lsh is based on the specification for ssh2 and should (eventually)
# be compatible.
#
# processname: lshd
#
# Source function library.
. /etc/rc.d/init.d/functions
PATH=/bin:/usr/bin:/sbin:/usr/sbin
export PATH
if [ ! -x /usr/sbin/lshd -o \
! -f /etc/lsh_host_key -o \
! -f /etc/lsh_host_key.pub ]
then
cat 1>&2 <<EOF!
ERROR: lsh is not installed properly
check the existence of these files:
/usr/sbin/lshd
EOF!
exit 1
fi
case "$1" in
start)
echo -n "Starting lshd secure connection service: "
daemon lshd
touch /var/lock/subsys/lshd
echo
;;
stop)
echo -n "Stopping lshd secure connection service:"
killproc lshd
rm -f /var/lock/subsys/lshd
echo
;;
status)
status lshd
;;
restart|reload)
$0 stop
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart|reload|status}"
exit 1
esac
exit 0
----------------------------------------------------------------
lsh.spec
----------------------------------------------------------------
Summary: lsh - secure connections
Name: lsh
Version: 0.1.17
Release: ns1
Copyright: GPL
Group: Aplication/Internet
Source0:
ftp://ftp.lysator.liu.se/pub/security/lsh/%{name}-%{version}.tar.gz
Source1: lshd.rhlinux.init
BuildRoot: /var/tmp/%{name}-%{version}-root
Prefix: /usr
Packager: Thayne Harbaugh <[EMAIL PROTECTED]>
URL: http://www.net.lut.ac.uk/psst/
Requires: chkconfig
%description
lsh impliments the secsh2 protocol
%prep
%setup
%build
CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%prefix
if [ "$SMP" != "" ]; then
(make "MAKE=gmake -k -j $SMP"; exit 0)
gmake
else
gmake
fi
%install
rm -rf $RPM_BUILD_ROOT
gmake prefix=$RPM_BUILD_ROOT%{prefix} install
( for man in doc/*.[0-9]
do
MAN_NUM=`echo $man | sed 's/.*\.//'`
install -d -m 0755 $RPM_BUILD_ROOT%{prefix}/man/man$MAN_NUM
install -m 0644 $man $RPM_BUILD_ROOT%{prefix}/man/man$MAN_NUM
rm -f $man
done )
install -d -m 0755 $RPM_BUILD_ROOT/etc/rc.d/init.d
install -m 0755 $RPM_SOURCE_DIR/lshd.rhlinux.init \
$RPM_BUILD_ROOT/etc/rc.d/init.d/lshd
strip $RPM_BUILD_ROOT%{prefix}/bin/lsh
strip $RPM_BUILD_ROOT%{prefix}/bin/lsh_keygen
strip $RPM_BUILD_ROOT%{prefix}/bin/lsh_writekey
# strip $RPM_BUILD_ROOT%{prefix}/lib/*
strip $RPM_BUILD_ROOT%{prefix}/sbin/*
rm -rf doc/Makefile*
%clean
rm -rf $RPM_BUILD_ROOT
%post
chkconfig --add lshd
if [ ! -e /etc/lsh_host_key -o ! -e /etc/lsh_host_key.pub ]
then
rm -f /etc/lsh_host_key*
/usr/bin/lsh_keygen -l 8 | /usr/bin/lsh_writekey
/etc/lsh_host_key
fi
%preun
if [ "$1" -eq 1 ]
then
chkconfig --del lshd || exit 0
fi
%files
%defattr(-, root, root)
%doc AUTHORS COPYING ChangeLog FAQ NEWS README
%doc doc
%config/etc/rc.d/init.d/lshd
%{prefix}/bin/*
%{prefix}/man/*/*
%{prefix}/sbin/*
%changelog
* Thu Sep 28 1999 Thayne Harbaugh <[EMAIL PROTECTED]>
- first rpm
