###############################################################################
name = openssh
-version = 6.8p1
+version = 9.4p1
release = 1
groups = Application/Internet
-url = http://www.openssh.com/portable.html
+url = https://www.openssh.com/portable.html
license = MIT
summary = An open source implementation of SSH protocol versions 1 and 2.
untrusted hosts over an insecure network.
end
-source_dl = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
+source_dl = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
build
requires
- audit-devel
autoconf
automake
groff
libedit-devel
- libselinux-devel
ncurses-devel
openldap-devel
- openssl-devel >= 1.0.0d-2
+ openssl-devel >= 1.0.2
pam-devel
util-linux
zlib-devel
end
- configure_options += \
+ configure += \
--sysconfdir=%{sysconfdir}/ssh \
--datadir=%{datadir}/sshd \
--libexecdir=%{libdir}/openssh \
--with-default-path=/usr/local/bin:/bin:/usr/bin \
--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
- --with-privsep-path=/var/empty/sshd \
- --enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
+ --with-privsep-path=%{sharedstatedir}/sshd \
--disable-strip \
--with-ssl-engine \
- --with-authorized-keys-command \
--with-ipaddr-display \
--with-pam \
--with-libedit \
- --with-selinux \
- --with-audit=linux
+ --without-zlib-version-check
prepare_cmds
autoreconf -vfi
# Disable GSS API authentication because KRB5 is required for that.
sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
- # Enable PAM usage, disable ChallengeResponseAuthentication and disable Motd.
+ # Enable PAM usage, disable ChallengeResponseAuthentication, enable root login and disable Motd.
sed \
-e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
-e '/^#PrintMotd yes$/c PrintMotd no' \
-e '/^#UsePAM no$/c UsePAM yes' \
+ -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
-i %{BUILDROOT}/etc/ssh/sshd_config
# Install scriptfile for key generation
mkdir -pv %{BUILDROOT}%{sbindir}
- install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}
+ install -m 755 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}
# Install ssh-copy-id.
install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
description = %{summary}
requires
- audit
openssh = %{thisver}
end
%{sysconfdir}/ssh/sshd_config
%{unitdir}/sshd.service
%{unitdir}/sshd-keygen.service
+ %{unitdir}/sshd@.service
+ %{unitdir}/sshd.socket
%{libdir}/openssh/sftp-server
%{sbindir}/sshd-keygen
%{sbindir}/sshd
%{mandir}/man5/moduli.5*
%{mandir}/man8/sshd.8*
%{mandir}/man8/sftp-server.8*
- /var/empty/sshd
+ %{sharedstatedir}/sshd
end
configfiles
getent group sshd >/dev/null || groupadd -r sshd
getent passwd sshd >/dev/null || useradd -r -g sshd \
-c "Privilege-separated SSH" \
- -d /var/empty/sshd -s /sbin/nologin sshd
+ -d /var/lib/sshd -s /sbin/nologin sshd
end
script postin
script preun
/bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || :
+ /bin/systemctl --no-reload disable sshd.socket
/bin/systemctl stop sshd.service >/dev/null 2>&1 || :
+ /bin/systemctl stop sshd.socket >/dev/null 2>&1 || :
end
script postun
end
script postup
+ # Enable root login.
+ sed -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
+ -i %{sysconfdir}/ssh/sshd_config
+
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
/bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :