1 ###############################################################################
2 # IPFire.org - An Open Source Firewall Solution #
3 # Copyright (C) - IPFire Development Team <info@ipfire.org> #
4 ###############################################################################
10 groups = Application/Internet
11 url = http://www.openssh.com/portable.html
13 summary = An open source implementation of SSH protocol versions 1 and 2.
16 SSH (Secure SHell) is a program for logging into and executing
17 commands on a remote machine. SSH is intended to replace rlogin and
18 rsh, and to provide secure encrypted communications between two
19 untrusted hosts over an insecure network.
22 source_dl = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
34 openssl-devel >= 1.0.0d-2
40 configure_options += \
41 --sysconfdir=%{sysconfdir}/ssh \
42 --datadir=%{datadir}/sshd \
43 --libexecdir=%{libdir}/openssh \
44 --with-default-path=/usr/local/bin:/bin:/usr/bin \
45 --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
46 --with-privsep-path=/var/empty/sshd \
47 --enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
50 --with-authorized-keys-command \
51 --with-ipaddr-display \
62 # Disable GSS API authentication because KRB5 is required for that.
63 sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
65 # Enable PAM usage, disable ChallengeResponseAuthentication and disable Motd.
67 -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
68 -e '/^#PrintMotd yes$/c PrintMotd no' \
69 -e '/^#UsePAM no$/c UsePAM yes' \
70 -i %{BUILDROOT}/etc/ssh/sshd_config
72 # Install scriptfile for key generation
73 mkdir -pv %{BUILDROOT}%{sbindir}
74 install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}
76 # Install ssh-copy-id.
77 install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
78 install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
89 %{sysconfdir}/ssh/moduli
93 getent group ssh_keys >/dev/null || groupadd -r ssh_keys
97 package openssh-clients
98 summary = OpenSSH client applications.
99 description = %{summary}
101 requires = openssh = %{thisver}
104 %{sysconfdir}/ssh/ssh_config
111 %{bindir}/ssh-copy-id
112 %{bindir}/ssh-keyscan
113 %{libdir}/openssh/ssh-pkcs11-helper
114 %{mandir}/man1/scp.1*
115 %{mandir}/man1/sftp.1*
116 %{mandir}/man1/slogin.1*
117 %{mandir}/man1/ssh-add.1*
118 %{mandir}/man1/ssh-agent.1*
119 %{mandir}/man1/ssh-copy-id.1*
120 %{mandir}/man1/ssh-keyscan.1*
121 %{mandir}/man1/ssh.1*
122 %{mandir}/man5/ssh_config.5*
123 %{mandir}/man8/ssh-pkcs11-helper.8*
127 %{sysconfdir}/ssh/ssh_config
131 package openssh-server
132 summary = OpenSSH server applications.
133 description = %{summary}
141 %{sysconfdir}/pam.d/sshd
142 %{sysconfdir}/ssh/sshd_config
143 %{unitdir}/sshd.service
144 %{unitdir}/sshd-keygen.service
145 %{libdir}/openssh/sftp-server
146 %{sbindir}/sshd-keygen
148 %{mandir}/man5/sshd_config.5*
149 %{mandir}/man5/moduli.5*
150 %{mandir}/man8/sshd.8*
151 %{mandir}/man8/sftp-server.8*
156 %{sysconfdir}/ssh/sshd_config
165 # Create unprivileged user and group.
166 getent group sshd >/dev/null || groupadd -r sshd
167 getent passwd sshd >/dev/null || useradd -r -g sshd \
168 -c "Privilege-separated SSH" \
169 -d /var/empty/sshd -s /sbin/nologin sshd
173 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
177 /bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || :
178 /bin/systemctl stop sshd.service >/dev/null 2>&1 || :
182 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
186 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
188 /bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
189 /bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || :
193 package %{name}-debuginfo