1 ###############################################################################
2 # IPFire.org - An Open Source Firewall Solution #
3 # Copyright (C) - IPFire Development Team <info@ipfire.org> #
4 ###############################################################################
10 groups = Application/Internet
11 url = http://www.openssh.com/portable.html
13 summary = An open source implementation of SSH protocol versions 1 and 2.
16 SSH (Secure SHell) is a program for logging into and executing
17 commands on a remote machine. SSH is intended to replace rlogin and
18 rsh, and to provide secure encrypted communications between two
19 untrusted hosts over an insecure network.
22 source_dl = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
33 openssl-devel >= 1.0.2
39 configure_options += \
40 --sysconfdir=%{sysconfdir}/ssh \
41 --datadir=%{datadir}/sshd \
42 --libexecdir=%{libdir}/openssh \
43 --with-default-path=/usr/local/bin:/bin:/usr/bin \
44 --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
45 --with-privsep-path=/var/empty/sshd \
46 --enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
49 --with-authorized-keys-command \
50 --with-ipaddr-display \
60 # Disable GSS API authentication because KRB5 is required for that.
61 sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
63 # Enable PAM usage, disable ChallengeResponseAuthentication and disable Motd.
65 -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
66 -e '/^#PrintMotd yes$/c PrintMotd no' \
67 -e '/^#UsePAM no$/c UsePAM yes' \
68 -i %{BUILDROOT}/etc/ssh/sshd_config
70 # Install scriptfile for key generation
71 mkdir -pv %{BUILDROOT}%{sbindir}
72 install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}
74 # Install ssh-copy-id.
75 install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
76 install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
87 %{sysconfdir}/ssh/moduli
91 getent group ssh_keys >/dev/null || groupadd -r ssh_keys
95 package openssh-clients
96 summary = OpenSSH client applications.
97 description = %{summary}
99 requires = openssh = %{thisver}
102 %{sysconfdir}/ssh/ssh_config
109 %{bindir}/ssh-copy-id
110 %{bindir}/ssh-keyscan
111 %{libdir}/openssh/ssh-pkcs11-helper
112 %{mandir}/man1/scp.1*
113 %{mandir}/man1/sftp.1*
114 %{mandir}/man1/slogin.1*
115 %{mandir}/man1/ssh-add.1*
116 %{mandir}/man1/ssh-agent.1*
117 %{mandir}/man1/ssh-copy-id.1*
118 %{mandir}/man1/ssh-keyscan.1*
119 %{mandir}/man1/ssh.1*
120 %{mandir}/man5/ssh_config.5*
121 %{mandir}/man8/ssh-pkcs11-helper.8*
125 %{sysconfdir}/ssh/ssh_config
129 package openssh-server
130 summary = OpenSSH server applications.
131 description = %{summary}
139 %{sysconfdir}/pam.d/sshd
140 %{sysconfdir}/ssh/sshd_config
141 %{unitdir}/sshd.service
142 %{unitdir}/sshd-keygen.service
143 %{libdir}/openssh/sftp-server
144 %{sbindir}/sshd-keygen
146 %{mandir}/man5/sshd_config.5*
147 %{mandir}/man5/moduli.5*
148 %{mandir}/man8/sshd.8*
149 %{mandir}/man8/sftp-server.8*
154 %{sysconfdir}/ssh/sshd_config
163 # Create unprivileged user and group.
164 getent group sshd >/dev/null || groupadd -r sshd
165 getent passwd sshd >/dev/null || useradd -r -g sshd \
166 -c "Privilege-separated SSH" \
167 -d /var/empty/sshd -s /sbin/nologin sshd
171 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
175 /bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || :
176 /bin/systemctl stop sshd.service >/dev/null 2>&1 || :
180 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
184 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
186 /bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
187 /bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || :
191 package %{name}-debuginfo