1 ###############################################################################
2 # IPFire.org - An Open Source Firewall Solution #
3 # Copyright (C) - IPFire Development Team <info@ipfire.org> #
4 ###############################################################################
10 groups = Application/Internet
11 url = https://www.openssh.com/portable.html
13 summary = An open source implementation of SSH protocol versions 1 and 2.
16 SSH (Secure SHell) is a program for logging into and executing
17 commands on a remote machine. SSH is intended to replace rlogin and
18 rsh, and to provide secure encrypted communications between two
19 untrusted hosts over an insecure network.
22 source_dl = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
32 openssl-devel >= 1.0.2
38 configure_options += \
39 --sysconfdir=%{sysconfdir}/ssh \
40 --datadir=%{datadir}/sshd \
41 --libexecdir=%{libdir}/openssh \
42 --with-default-path=/usr/local/bin:/bin:/usr/bin \
43 --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
44 --with-privsep-path=/var/empty/sshd \
45 --enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
48 --with-authorized-keys-command \
49 --with-ipaddr-display \
58 # Disable GSS API authentication because KRB5 is required for that.
59 sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
61 # Enable PAM usage, disable ChallengeResponseAuthentication, enable root login and disable Motd.
63 -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
64 -e '/^#PrintMotd yes$/c PrintMotd no' \
65 -e '/^#UsePAM no$/c UsePAM yes' \
66 -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
67 -i %{BUILDROOT}/etc/ssh/sshd_config
69 # Install scriptfile for key generation
70 mkdir -pv %{BUILDROOT}%{sbindir}
71 install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}
73 # Install ssh-copy-id.
74 install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
75 install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
86 %{sysconfdir}/ssh/moduli
90 getent group ssh_keys >/dev/null || groupadd -r ssh_keys
94 package openssh-clients
95 summary = OpenSSH client applications.
96 description = %{summary}
98 requires = openssh = %{thisver}
101 %{sysconfdir}/ssh/ssh_config
108 %{bindir}/ssh-copy-id
109 %{bindir}/ssh-keyscan
110 %{libdir}/openssh/ssh-pkcs11-helper
111 %{mandir}/man1/scp.1*
112 %{mandir}/man1/sftp.1*
113 %{mandir}/man1/slogin.1*
114 %{mandir}/man1/ssh-add.1*
115 %{mandir}/man1/ssh-agent.1*
116 %{mandir}/man1/ssh-copy-id.1*
117 %{mandir}/man1/ssh-keyscan.1*
118 %{mandir}/man1/ssh.1*
119 %{mandir}/man5/ssh_config.5*
120 %{mandir}/man8/ssh-pkcs11-helper.8*
124 %{sysconfdir}/ssh/ssh_config
128 package openssh-server
129 summary = OpenSSH server applications.
130 description = %{summary}
137 %{sysconfdir}/pam.d/sshd
138 %{sysconfdir}/ssh/sshd_config
139 %{unitdir}/sshd.service
140 %{unitdir}/sshd-keygen.service
141 %{unitdir}/sshd@.service
142 %{unitdir}/sshd.socket
143 %{libdir}/openssh/sftp-server
144 %{sbindir}/sshd-keygen
146 %{mandir}/man5/sshd_config.5*
147 %{mandir}/man5/moduli.5*
148 %{mandir}/man8/sshd.8*
149 %{mandir}/man8/sftp-server.8*
154 %{sysconfdir}/ssh/sshd_config
163 # Create unprivileged user and group.
164 getent group sshd >/dev/null || groupadd -r sshd
165 getent passwd sshd >/dev/null || useradd -r -g sshd \
166 -c "Privilege-separated SSH" \
167 -d /var/empty/sshd -s /sbin/nologin sshd
171 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
175 /bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || :
176 /bin/systemctl --no-reload disable sshd.socket
177 /bin/systemctl stop sshd.service >/dev/null 2>&1 || :
178 /bin/systemctl stop sshd.socket >/dev/null 2>&1 || :
182 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
187 sed -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
188 -i %{sysconfdir}/ssh/sshd_config
190 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
192 /bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
193 /bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || :
197 package %{name}-debuginfo