1 ###############################################################################
2 # IPFire.org - An Open Source Firewall Solution #
3 # Copyright (C) - IPFire Development Team <info@ipfire.org> #
4 ###############################################################################
10 groups = Application/Internet
11 url = http://www.openssh.com/portable.html
13 summary = An open source implementation of SSH protocol versions 1 and 2.
16 SSH (Secure SHell) is a program for logging into and executing
17 commands on a remote machine. SSH is intended to replace rlogin and
18 rsh, and to provide secure encrypted communications between two
19 untrusted hosts over an insecure network.
22 source_dl = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
34 openssl-devel >= 1.0.0d-2
40 # Apply patches in a special order
42 openssh-5.9p1-coverity.patch
43 openssh-5.8p1-fingerprint.patch
44 openssh-5.8p1-getaddrinfo.patch
45 openssh-5.8p1-packet.patch
46 openssh-5.9p1-2auth.patch
47 openssh-5.9p1-role.patch
48 openssh-5.9p1-mls.patch
49 openssh-5.9p1-sftp-chroot.patch
50 openssh-5.9p1-akc.patch
51 openssh-5.9p1-keygen.patch
52 openssh-5.2p1-allow-ip-opts.patch
53 openssh-5.9p1-randclean.patch
54 openssh-5.8p1-keyperm.patch
55 openssh-5.8p2-remove-stale-control-socket.patch
56 openssh-5.9p1-ipv6man.patch
57 openssh-5.8p2-sigpipe.patch
58 openssh-5.8p2-askpass-ld.patch
59 openssh-5.5p1-x11.patch
60 openssh-5.6p1-exit-deadlock.patch
61 openssh-5.1p1-askpass-progress.patch
62 openssh-4.3p2-askpass-grab-info.patch
63 openssh-5.9p1-edns.patch
64 openssh-5.1p1-scp-manpage.patch
65 openssh-5.8p1-localdomain.patch
66 openssh-5.9p1-ipfire.patch
67 openssh-5.9p1-entropy.patch
68 openssh-5.9p1-vendor.patch
69 openssh-5.8p2-force_krb.patch
70 openssh-5.9p1-kuserok.patch
73 configure_options += \
74 --sysconfdir=%{sysconfdir}/ssh \
75 --datadir=%{datadir}/sshd \
76 --libexecdir=%{libdir}/openssh \
77 --with-default-path=/usr/local/bin:/bin:/usr/bin \
78 --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
79 --with-privsep-path=/var/empty/sshd \
80 --enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
83 --with-authorized-keys-command \
84 --with-ipaddr-display \
96 # Disable GSS API authentication because KRB5 is required for that.
97 sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
99 # Install scriptfile for key generation
100 mkdir -pv %{BUILDROOT}%{sbindir}
101 install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}
103 # Install ssh-copy-id.
104 install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
105 install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
116 openssh-clients = %{thisver}
117 openssh-server = %{thisver}
121 %{sysconfdir}/ssh/moduli
125 getent group ssh_keys >/dev/null || groupadd -r ssh_keys
129 package openssh-clients
130 summary = OpenSSH client applications.
131 description = %{summary}
133 requires = openssh = %{thisver}
136 %{sysconfdir}/ssh/ssh_config
143 %{bindir}/ssh-copy-id
144 %{bindir}/ssh-keyscan
145 %{libdir}/openssh/ssh-pkcs11-helper
146 %{mandir}/man1/scp.1*
147 %{mandir}/man1/sftp.1*
148 %{mandir}/man1/slogin.1*
149 %{mandir}/man1/ssh-add.1*
150 %{mandir}/man1/ssh-agent.1*
151 %{mandir}/man1/ssh-copy-id.1*
152 %{mandir}/man1/ssh-keyscan.1*
153 %{mandir}/man1/ssh.1*
154 %{mandir}/man5/ssh_config.5*
155 %{mandir}/man8/ssh-pkcs11-helper.8*
159 %{sysconfdir}/ssh/ssh_config
163 package openssh-server
164 summary = OpenSSH server applications.
165 description = %{summary}
173 %{sysconfdir}/pam.d/sshd
174 %{sysconfdir}/ssh/sshd_config
175 %{unitdir}/sshd.service
176 %{libdir}/openssh/sftp-server
177 %{sbindir}/sshd-keygen
179 %{mandir}/man5/sshd_config.5*
180 %{mandir}/man5/moduli.5*
181 %{mandir}/man8/sshd.8*
182 %{mandir}/man8/sftp-server.8*
187 %{sysconfdir}/ssh/sshd_config
196 # Create unprivileged user and group.
197 getent group sshd >/dev/null || groupadd -r sshd
198 getent passwd sshd >/dev/null || useradd -r -g sshd \
199 -c "Privilege-separated SSH" \
200 -d /var/empty/sshd -s /sbin/nologin sshd
204 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
208 /bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || :
209 /bin/systemctl stop sshd.service >/dev/null 2>&1 || :
213 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
217 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
219 /bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
220 /bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || :
224 package %{name}-debuginfo