1 ###############################################################################
2 # IPFire.org - An Open Source Firewall Solution #
3 # Copyright (C) - IPFire Development Team <info@ipfire.org> #
4 ###############################################################################
10 groups = Application/Internet
11 url = https://www.openssh.com/portable.html
13 summary = An open source implementation of SSH protocol versions 1 and 2.
16 SSH (Secure SHell) is a program for logging into and executing
17 commands on a remote machine. SSH is intended to replace rlogin and
18 rsh, and to provide secure encrypted communications between two
19 untrusted hosts over an insecure network.
22 source_dl = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
32 openssl-devel >= 1.0.2
39 --sysconfdir=%{sysconfdir}/ssh \
40 --datadir=%{datadir}/sshd \
41 --libexecdir=%{libdir}/openssh \
42 --with-default-path=/usr/local/bin:/bin:/usr/bin \
43 --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
44 --with-privsep-path=%{sharedstatedir}/sshd \
47 --with-ipaddr-display \
50 --without-zlib-version-check
57 # Disable GSS API authentication because KRB5 is required for that.
58 sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
60 # Enable PAM usage, disable ChallengeResponseAuthentication, enable root login and disable Motd.
62 -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
63 -e '/^#PrintMotd yes$/c PrintMotd no' \
64 -e '/^#UsePAM no$/c UsePAM yes' \
65 -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
66 -i %{BUILDROOT}/etc/ssh/sshd_config
68 # Install scriptfile for key generation
69 mkdir -pv %{BUILDROOT}%{sbindir}
70 install -m 755 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}
72 # Install ssh-copy-id.
73 install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
74 install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
85 %{sysconfdir}/ssh/moduli
89 getent group ssh_keys >/dev/null || groupadd -r ssh_keys
93 package openssh-clients
94 summary = OpenSSH client applications.
95 description = %{summary}
97 requires = openssh = %{thisver}
100 %{sysconfdir}/ssh/ssh_config
107 %{bindir}/ssh-copy-id
108 %{bindir}/ssh-keyscan
109 %{libdir}/openssh/ssh-pkcs11-helper
110 %{mandir}/man1/scp.1*
111 %{mandir}/man1/sftp.1*
112 %{mandir}/man1/slogin.1*
113 %{mandir}/man1/ssh-add.1*
114 %{mandir}/man1/ssh-agent.1*
115 %{mandir}/man1/ssh-copy-id.1*
116 %{mandir}/man1/ssh-keyscan.1*
117 %{mandir}/man1/ssh.1*
118 %{mandir}/man5/ssh_config.5*
119 %{mandir}/man8/ssh-pkcs11-helper.8*
123 %{sysconfdir}/ssh/ssh_config
127 package openssh-server
128 summary = OpenSSH server applications.
129 description = %{summary}
136 %{sysconfdir}/pam.d/sshd
137 %{sysconfdir}/ssh/sshd_config
138 %{unitdir}/sshd.service
139 %{unitdir}/sshd-keygen.service
140 %{unitdir}/sshd@.service
141 %{unitdir}/sshd.socket
142 %{libdir}/openssh/sftp-server
143 %{sbindir}/sshd-keygen
145 %{mandir}/man5/sshd_config.5*
146 %{mandir}/man5/moduli.5*
147 %{mandir}/man8/sshd.8*
148 %{mandir}/man8/sftp-server.8*
149 %{sharedstatedir}/sshd
153 %{sysconfdir}/ssh/sshd_config
162 # Create unprivileged user and group.
163 getent group sshd >/dev/null || groupadd -r sshd
164 getent passwd sshd >/dev/null || useradd -r -g sshd \
165 -c "Privilege-separated SSH" \
166 -d /var/lib/sshd -s /sbin/nologin sshd
170 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
174 /bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || :
175 /bin/systemctl --no-reload disable sshd.socket
176 /bin/systemctl stop sshd.service >/dev/null 2>&1 || :
177 /bin/systemctl stop sshd.socket >/dev/null 2>&1 || :
181 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
186 sed -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
187 -i %{sysconfdir}/ssh/sshd_config
189 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
191 /bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
192 /bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || :
196 package %{name}-debuginfo