From 9f79d2fbccf76167709a00c2a0276bc58b2b32a7 Mon Sep 17 00:00:00 2001 From: "nslu2-linux.adm@bkbits.net" Date: Sun, 27 Mar 2005 12:41:40 +0000 Subject: Merge bk://oe-devel.bkbits.net/openembedded into bkbits.net:/repos/n/nslu2-linux/openembedded 2005/03/27 13:54:04+02:00 uni-frankfurt.de!mickeyl Merge bk://oe-devel@oe-devel.bkbits.net/openembedded into r2d2.tm.informatik.uni-frankfurt.de:/local/pkg/oe/packages 2005/03/27 13:53:48+02:00 uni-frankfurt.de!mickeyl fix timezones not packaging New York and Los Angeles 2005/03/27 13:53:13+02:00 handhelds.org!CoreDump Merge bk://oe-devel@oe-devel.bkbits.net/openembedded into handhelds.org:/home/mhentges/OpenEmbedded/bitbake/openembedded 2005/03/27 13:52:28+02:00 handhelds.org!CoreDump Fix 2>1 to 2>&1 2005/03/27 13:43:31+02:00 dyndns.org!reenoo Merge oe-devel@oe-devel.bkbits.net:openembedded into sugarcube.dyndns.org:/home2/oe/bakery/openembedded 2005/03/27 13:42:50+02:00 dyndns.org!reenoo openssh: revert to secure "PermitEmptyPasswords no" in the default sshd_config BKrev: 4246aa04vPbpVOO525Z8UyvVO9HH5w --- packages/openssh/openssh-3.8p1/sshd_config | 96 ++++++++++++++++++++++++++++++ packages/openssh/openssh-4.0p1/sshd_config | 96 ++++++++++++++++++++++++++++++ packages/openssh/openssh_4.0p1.bb | 84 ++++++++++++++++++++++++++ 3 files changed, 276 insertions(+) (limited to 'packages/openssh') diff --git a/packages/openssh/openssh-3.8p1/sshd_config b/packages/openssh/openssh-3.8p1/sshd_config index e69de29bb2..8c1069d9a6 100644 --- a/packages/openssh/openssh-3.8p1/sshd_config +++ b/packages/openssh/openssh-3.8p1/sshd_config @@ -0,0 +1,96 @@ +# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +Protocol 2 +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 3600 +#ServerKeyBits 768 + +# Logging +#obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 120 +#PermitRootLogin yes +#StrictModes yes + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# rhosts authentication should not be used +#RhostsAuthentication no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +#AFSTokenPassing no + +# Kerberos TGT Passing only works with the AFS kaserver +#KerberosTgtPassing no + +# Set this to 'yes' to enable PAM keyboard-interactive authentication +# Warning: enabling this may bypass the setting of 'PasswordAuthentication' +#PAMAuthenticationViaKbdInt no + +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#KeepAlive yes +#UseLogin no +UsePrivilegeSeparation yes +#PermitUserEnvironment no +Compression no + +#MaxStartups 10 +# no default banner path +#Banner /some/path +#VerifyReverseMapping no + +ClientAliveInterval 15 +ClientAliveCountMax 4 + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server diff --git a/packages/openssh/openssh-4.0p1/sshd_config b/packages/openssh/openssh-4.0p1/sshd_config index e69de29bb2..8c1069d9a6 100644 --- a/packages/openssh/openssh-4.0p1/sshd_config +++ b/packages/openssh/openssh-4.0p1/sshd_config @@ -0,0 +1,96 @@ +# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +Protocol 2 +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 3600 +#ServerKeyBits 768 + +# Logging +#obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 120 +#PermitRootLogin yes +#StrictModes yes + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# rhosts authentication should not be used +#RhostsAuthentication no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +#AFSTokenPassing no + +# Kerberos TGT Passing only works with the AFS kaserver +#KerberosTgtPassing no + +# Set this to 'yes' to enable PAM keyboard-interactive authentication +# Warning: enabling this may bypass the setting of 'PasswordAuthentication' +#PAMAuthenticationViaKbdInt no + +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#KeepAlive yes +#UseLogin no +UsePrivilegeSeparation yes +#PermitUserEnvironment no +Compression no + +#MaxStartups 10 +# no default banner path +#Banner /some/path +#VerifyReverseMapping no + +ClientAliveInterval 15 +ClientAliveCountMax 4 + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server diff --git a/packages/openssh/openssh_4.0p1.bb b/packages/openssh/openssh_4.0p1.bb index e69de29bb2..e3f78c2de5 100644 --- a/packages/openssh/openssh_4.0p1.bb +++ b/packages/openssh/openssh_4.0p1.bb @@ -0,0 +1,84 @@ +DEPENDS = "zlib openssl" +SECTION = "console/network" +DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \ +Ssh (Secure Shell) is a program for logging into a remote machine \ +and for executing commands on a remote machine. \ +It provides secure encrypted communications between two untrusted \ +hosts over an insecure network. X11 connections and arbitrary TCP/IP \ +ports can also be forwarded over the secure channel. \ +It is intended as a replacement for rlogin, rsh and rcp, and can be \ +used to provide applications with a secure communication channel." +HOMEPAGE = "http://www.openssh.org/" +LICENSE = "BSD" +MAINTAINER = "Bruno Randolf " +PR = "r1" + +SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \ + file://configure.patch;patch=1 \ + file://sshd_config \ + file://init" + +inherit autotools + +export ASKPASS_PROGRAM = "${bindir}/ssh-askpass" +export LD = "${CC}" +CFLAGS_prepend = "-I${S} " +CFLAGS_append = " -D__FILE_OFFSET_BITS=64" +LDFLAGS_prepend = "-L${S} -L${S}/openbsd-compat " +EXTRA_OECONF = "--disable-suid-ssh --with-ssl=${STAGING_LIBDIR}/ssl \ + --with-rand-helper=no --without-pam \ + --without-zlib-version-check \ + --with-privsep-path=/var/run/sshd \ + --sysconfdir=${sysconfdir}/ssh" + +EXTRA_OEMAKE = "'STRIP_OPT='" + +do_configure_prepend () { + if [ ! -e acinclude.m4 -a -e aclocal.m4 ]; then + cp aclocal.m4 acinclude.m4 + fi +} + +do_compile_append () { + install -m 0644 ${WORKDIR}/sshd_config ${S}/ +} + +do_install_append() { + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd +} + +PACKAGES =+ " openssh-scp openssh-ssh openssh-sshd openssh-sftp openssh-misc" +FILES_openssh-scp = "${bindir}/scp" +FILES_openssh-ssh = "${bindir}/ssh ${bindir}/slogin /${sysconfdir}/ssh/ssh_config" +FILES_openssh-sshd = "${sbindir}/sshd /${sysconfdir}/init.d/sshd ${bindir}/ssh-keygen" +FILES_openssh-sshd += " /${sysconfdir}/ssh/moduli /${sysconfdir}/ssh/sshd_config /var/run/sshd" +FILES_openssh-sftp = "${bindir}/sftp ${libdir}exec/sftp-server" +FILES_openssh-misc = "${bindir} ${libdir}exec/" +RDEPENDS_openssh += " openssh-scp openssh-ssh openssh-sshd" +DEPENDS_openssh-sshd += " update-rc.d" +RDEPENDS_openssh-sshd += " update-rc.d" + +pkg_postinst_openssh-sshd() { +if test "x$D" != "x"; then + exit 1 +else + addgroup sshd + adduser --system --home /var/run/sshd --no-create-home --disabled-password --ingroup sshd -s /bin/false sshd + update-rc.d sshd defaults +fi +} + +pkg_postrm_openssh-sshd() { +if test "x$D" != "x"; then + exit 1 +else + ${sysconfdir}/init.d/sshd stop + deluser sshd + delgroup sshd + update-rc.d -f sshd remove +fi +} + +CONFFILES_openssh-sshd_nylon = "${sysconfdir}/ssh/sshd_config" +CONFFILES_openssh-ssh_nylon = "${sysconfdir}/ssh/ssh_config" -- cgit 1.2.3-korg