From: Mike Baker Date: Fri, 16 Jul 2004 05:43:10 +0000 (+0000) Subject: openssh patches from below0 X-Git-Tag: reboot~33609 X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=646b193d675faa6a371bf8a13384deb96a035a1e;p=openwrt%2Fopenwrt.git openssh patches from below0 SVN-Revision: 99 --- diff --git a/obsolete-buildroot/make/openssh.mk b/obsolete-buildroot/make/openssh.mk index c7feba20c6..7fdb73ed0a 100644 --- a/obsolete-buildroot/make/openssh.mk +++ b/obsolete-buildroot/make/openssh.mk @@ -9,6 +9,13 @@ OPENSSH_DIR:=$(BUILD_DIR)/openssh-3.8p1 OPENSSH_SOURCE:=openssh-3.8p1.tar.gz OPENSSH_PATCH:=$(SOURCE_DIR)/openssh.patch +OPENSSH_IPK_DIR:=$(BUILD_DIR)/openssh-3.8p1-ipk +OPENSSH_SERVER_IPK:=$(BUILD_DIR)/openssh-server_3.8p1-1_mipsel.ipk +OPENSSH_CLIENT_IPK:=$(BUILD_DIR)/openssh-client_3.8p1-1_mipsel.ipk +OPENSSH_SFTP_SERVER_IPK:=$(BUILD_DIR)/openssh-sftp-server_3.8p1-1_mipsel.ipk +OPENSSH_SFTP_CLIENT_IPK:=$(BUILD_DIR)/openssh-sftp-client_3.8p1-1_mipsel.ipk +OPENSSH_CLIENT_EX_IPK:=$(BUILD_DIR)/openssh-client-extras_3.8p1-1_mipsel.ipk + $(DL_DIR)/$(OPENSSH_SOURCE): $(WGET) -P $(DL_DIR) $(OPENSSH_SITE)/$(OPENSSH_SOURCE) @@ -65,9 +72,94 @@ $(TARGET_DIR)/usr/bin/ssh: $(OPENSSH_DIR)/ssh cp $(OPENSSH_DIR)/S50sshd $(TARGET_DIR)/etc/init.d/ chmod a+x $(TARGET_DIR)/etc/init.d/S50sshd rm -rf $(TARGET_DIR)/usr/info $(TARGET_DIR)/usr/man $(TARGET_DIR)/usr/share/doc + # since this is the embedded build, keep things to minimum + rm $(TARGET_DIR)/etc/moduli + rm $(TARGET_DIR)/usr/bin/sftp + rm $(TARGET_DIR)/usr/bin/ssh-add + rm $(TARGET_DIR)/usr/bin/ssh-agent + rm $(TARGET_DIR)/usr/bin/ssh-keyscan + rm $(TARGET_DIR)/usr/sbin/sftp-server + rm $(TARGET_DIR)/usr/sbin/ssh-keysign openssh: $(TARGET_DIR)/usr/bin/ssh +$(OPENSSH_IPK_DIR)/usr/bin/ssh: $(OPENSSH_DIR)/ssh + $(MAKE) CC=$(TARGET_CC) DESTDIR=$(OPENSSH_IPK_DIR) -C $(OPENSSH_DIR) install + mkdir -p $(OPENSSH_IPK_DIR)/etc/init.d/ + cp $(OPENSSH_DIR)/S50sshd $(OPENSSH_IPK_DIR)/etc/init.d/ + chmod a+x $(OPENSSH_IPK_DIR)/etc/init.d/S50sshd + rm -rf $(OPENSSH_IPK_DIR)/usr/info $(OPENSSH_IPK_DIR)/usr/man $(OPENSSH_IPK_DIR)/usr/share/doc + +$(OPENSSH_SERVER_IPK): $(OPENSSH_IPK_DIR)/usr/bin/ssh + rm -rf $(OPENSSH_IPK_DIR)/build + mkdir -p $(OPENSSH_IPK_DIR)/build/CONTROL + cp $(SOURCE_DIR)/openssh.server.control $(OPENSSH_IPK_DIR)/build/CONTROL/control + cp $(SOURCE_DIR)/openssh.server.conffiles $(OPENSSH_IPK_DIR)/build/CONTROL/conffiles + cp $(SOURCE_DIR)/openssh.server.preinst $(OPENSSH_IPK_DIR)/build/CONTROL/preinst + chmod a+x $(OPENSSH_IPK_DIR)/build/CONTROL/preinst + cp $(SOURCE_DIR)/openssh.server.postinst $(OPENSSH_IPK_DIR)/build/CONTROL/postinst + chmod a+x $(OPENSSH_IPK_DIR)/build/CONTROL/postinst + mkdir -p $(OPENSSH_IPK_DIR)/build/etc/init.d + cp $(SOURCE_DIR)/openssh.server.sshd_config $(OPENSSH_IPK_DIR)/build/etc/sshd_config + cp $(SOURCE_DIR)/openssh.server.S50sshd-ipk $(OPENSSH_IPK_DIR)/build/etc/init.d/S50sshd + chmod a+x $(OPENSSH_IPK_DIR)/build/etc/init.d/S50sshd + mkdir -p $(OPENSSH_IPK_DIR)/build/usr/sbin + cp $(OPENSSH_IPK_DIR)/usr/sbin/sshd $(OPENSSH_IPK_DIR)/build/usr/sbin + mkdir -p $(OPENSSH_IPK_DIR)/build/usr/bin + cp $(OPENSSH_IPK_DIR)/usr/bin/ssh-keygen $(OPENSSH_IPK_DIR)/build/usr/bin + cd $(BUILD_DIR); $(STAGING_DIR)/bin/ipkg-build -c -o root -g root $(OPENSSH_IPK_DIR)/build + rm -rf $(OPENSSH_IPK_DIR)/build + +$(OPENSSH_CLIENT_IPK): $(OPENSSH_IPK_DIR)/usr/bin/ssh + rm -rf $(OPENSSH_IPK_DIR)/build + mkdir -p $(OPENSSH_IPK_DIR)/build/CONTROL + cp $(SOURCE_DIR)/openssh.client.control $(OPENSSH_IPK_DIR)/build/CONTROL/control + cp $(SOURCE_DIR)/openssh.client.conffiles $(OPENSSH_IPK_DIR)/build/CONTROL/conffiles + cp $(SOURCE_DIR)/openssh.client.preinst $(OPENSSH_IPK_DIR)/build/CONTROL/preinst + chmod a+x $(OPENSSH_IPK_DIR)/build/CONTROL/preinst + mkdir -p $(OPENSSH_IPK_DIR)/build/etc + cp $(SOURCE_DIR)/openssh.client.ssh_config $(OPENSSH_IPK_DIR)/build/etc/ssh_config + mkdir -p $(OPENSSH_IPK_DIR)/build/usr/bin + cp $(OPENSSH_IPK_DIR)/usr/bin/ssh $(OPENSSH_IPK_DIR)/build/usr/bin + cp $(OPENSSH_IPK_DIR)/usr/bin/scp $(OPENSSH_IPK_DIR)/build/usr/bin + cd $(BUILD_DIR); $(STAGING_DIR)/bin/ipkg-build -c -o root -g root $(OPENSSH_IPK_DIR)/build + rm -rf $(OPENSSH_IPK_DIR)/build + +$(OPENSSH_SFTP_SERVER_IPK): $(OPENSSH_IPK_DIR)/usr/bin/ssh + rm -rf $(OPENSSH_IPK_DIR)/build + mkdir -p $(OPENSSH_IPK_DIR)/build/CONTROL + cp $(SOURCE_DIR)/openssh.sftp-server.control $(OPENSSH_IPK_DIR)/build/CONTROL/control + mkdir -p $(OPENSSH_IPK_DIR)/build/usr/sbin + cp $(OPENSSH_IPK_DIR)/usr/sbin/sftp-server $(OPENSSH_IPK_DIR)/build/usr/sbin + cd $(BUILD_DIR); $(STAGING_DIR)/bin/ipkg-build -c -o root -g root $(OPENSSH_IPK_DIR)/build + rm -rf $(OPENSSH_IPK_DIR)/build + +$(OPENSSH_SFTP_CLIENT_IPK): $(OPENSSH_IPK_DIR)/usr/bin/ssh + rm -rf $(OPENSSH_IPK_DIR)/build + mkdir -p $(OPENSSH_IPK_DIR)/build/CONTROL + cp $(SOURCE_DIR)/openssh.sftp-client.control $(OPENSSH_IPK_DIR)/build/CONTROL/control + mkdir -p $(OPENSSH_IPK_DIR)/build/usr/bin + cp $(OPENSSH_IPK_DIR)/usr/bin/sftp $(OPENSSH_IPK_DIR)/build/usr/bin + cd $(BUILD_DIR); $(STAGING_DIR)/bin/ipkg-build -c -o root -g root $(OPENSSH_IPK_DIR)/build + rm -rf $(OPENSSH_IPK_DIR)/build + +$(OPENSSH_CLIENT_EX_IPK): $(OPENSSH_IPK_DIR)/usr/bin/ssh + rm -rf $(OPENSSH_IPK_DIR)/build + mkdir -p $(OPENSSH_IPK_DIR)/build/CONTROL + cp $(SOURCE_DIR)/openssh.client.ex.control $(OPENSSH_IPK_DIR)/build/CONTROL/control + mkdir -p $(OPENSSH_IPK_DIR)/build/usr/bin + cp $(OPENSSH_IPK_DIR)/usr/bin/ssh-add $(OPENSSH_IPK_DIR)/build/usr/bin + cp $(OPENSSH_IPK_DIR)/usr/bin/ssh-agent $(OPENSSH_IPK_DIR)/build/usr/bin + cp $(OPENSSH_IPK_DIR)/usr/bin/ssh-keyscan $(OPENSSH_IPK_DIR)/build/usr/bin + mkdir -p $(OPENSSH_IPK_DIR)/build/usr/sbin + cp $(OPENSSH_IPK_DIR)/usr/sbin/ssh-keysign $(OPENSSH_IPK_DIR)/build/usr/sbin + cd $(BUILD_DIR); $(STAGING_DIR)/bin/ipkg-build -c -o root -g root $(OPENSSH_IPK_DIR)/build + rm -rf $(OPENSSH_IPK_DIR)/build + +openssh-ipk: $(OPENSSH_SERVER_IPK) $(OPENSSH_CLIENT_IPK) \ + $(OPENSSH_SFTP_SERVER_IPK) $(OPENSSH_SFTP_CLIENT_IPK) \ + $(OPENSSH_CLIENT_EX_IPK) + openssh-source: $(DL_DIR)/$(OPENSSH_SOURCE) openssh-clean: diff --git a/obsolete-buildroot/sources/openssh.client.conffiles b/obsolete-buildroot/sources/openssh.client.conffiles new file mode 100644 index 0000000000..cb3c639ba6 --- /dev/null +++ b/obsolete-buildroot/sources/openssh.client.conffiles @@ -0,0 +1 @@ +/etc/ssh_config diff --git a/obsolete-buildroot/sources/openssh.client.control b/obsolete-buildroot/sources/openssh.client.control new file mode 100644 index 0000000000..6d55328a2b --- /dev/null +++ b/obsolete-buildroot/sources/openssh.client.control @@ -0,0 +1,12 @@ +Package: openssh-client +Priority: optional +Version: 3.8p1-1 +Architecture: mipsel +Maintainer: below0 +Section: net +Depends: zlib openssl +Source: Embedded in the main OpenWrt buildroot +Description: The OpenSSH client. Allows for access to remote systems via the SSH protocol. + Includes: ssh, scp + + diff --git a/obsolete-buildroot/sources/openssh.client.ex.control b/obsolete-buildroot/sources/openssh.client.ex.control new file mode 100644 index 0000000000..5eb808a979 --- /dev/null +++ b/obsolete-buildroot/sources/openssh.client.ex.control @@ -0,0 +1,12 @@ +Package: openssh-client-extras +Priority: optional +Version: 3.8p1-1 +Architecture: mipsel +Maintainer: below0 +Section: net +Depends: openssh-client +Source: Embedded in the main OpenWrt buildroot +Description: Various optional OpenSSH client tools. + Includes: ssh-add, ssh-agent, ssh-keyscan, ssk-keysign + + diff --git a/obsolete-buildroot/sources/openssh.client.preinst b/obsolete-buildroot/sources/openssh.client.preinst new file mode 100644 index 0000000000..029c78978a --- /dev/null +++ b/obsolete-buildroot/sources/openssh.client.preinst @@ -0,0 +1,10 @@ +#!/bin/sh + +# Make sure password and group databases exist +if [ ! -f /etc/passwd ]; then + echo -e "root::0:0::/tmp:/bin/sh\nnobody:x:65534:65534:nobody:/tmp:/bin/sh\nsshd:x:100:65534:sshd:/var:/bin/false\n" > /etc/passwd + [ -f /etc/group ] || echo -e "root:x:0:\nnogroup:x:65534:\n" > /etc/group + echo "\n\nNOTICE: SSH requires proper root password to be configured, set it now." + passwd +fi + diff --git a/obsolete-buildroot/sources/openssh.client.ssh_config b/obsolete-buildroot/sources/openssh.client.ssh_config new file mode 100644 index 0000000000..2692e89137 --- /dev/null +++ b/obsolete-buildroot/sources/openssh.client.ssh_config @@ -0,0 +1,37 @@ +# $OpenBSD: ssh_config,v 1.19 2003/08/13 08:46:31 markus Exp $ + +# This is the ssh client system-wide configuration file. See +# ssh_config(5) for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. + +# Configuration data is parsed as follows: +# 1. command line options +# 2. user-specific file +# 3. system-wide file +# Any configuration value is only changed the first time it is set. +# Thus, host-specific definitions should be at the beginning of the +# configuration file, and defaults at the end. + +# Site-wide defaults for various options + +# Host * +# ForwardAgent no +# ForwardX11 no +# RhostsRSAAuthentication no +# RSAAuthentication yes +# PasswordAuthentication yes +# HostbasedAuthentication no +# BatchMode no +# CheckHostIP yes +# AddressFamily any +# ConnectTimeout 0 +# StrictHostKeyChecking ask +# IdentityFile ~/.ssh/identity +# IdentityFile ~/.ssh/id_rsa +# IdentityFile ~/.ssh/id_dsa +# Port 22 +# Protocol 2,1 +# Cipher 3des +# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc +# EscapeChar ~ diff --git a/obsolete-buildroot/sources/openssh.server.S50sshd-ipk b/obsolete-buildroot/sources/openssh.server.S50sshd-ipk new file mode 100644 index 0000000000..6f77ad9b1c --- /dev/null +++ b/obsolete-buildroot/sources/openssh.server.S50sshd-ipk @@ -0,0 +1,45 @@ +#!/bin/sh +# +# sshd Starts sshd. +# + +mkdir -p /var/lock +mkdir -p /var/empty +chmod 600 /var/empty + +umask 077 + +start() { + echo -n "Starting sshd: " + /usr/sbin/sshd + touch /var/lock/sshd + echo "OK" +} +stop() { + echo -n "Stopping sshd: " + killall sshd + rm -f /var/lock/sshd + echo "OK" +} +restart() { + stop + start +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart|reload) + restart + ;; + *) + echo $"Usage: $0 {start|stop|restart}" + exit 1 +esac + +exit $? + diff --git a/obsolete-buildroot/sources/openssh.server.conffiles b/obsolete-buildroot/sources/openssh.server.conffiles new file mode 100644 index 0000000000..5877b3bdbc --- /dev/null +++ b/obsolete-buildroot/sources/openssh.server.conffiles @@ -0,0 +1 @@ +/etc/sshd_config diff --git a/obsolete-buildroot/sources/openssh.server.control b/obsolete-buildroot/sources/openssh.server.control new file mode 100644 index 0000000000..6c83c4a3af --- /dev/null +++ b/obsolete-buildroot/sources/openssh.server.control @@ -0,0 +1,13 @@ +Package: openssh-server +Priority: optional +Version: 3.8p1-1 +Architecture: mipsel +Maintainer: below0 +Section: net +Depends: zlib openssl +Source: Embedded in the main OpenWrt buildroot +Description: The OpenSSH server daemon. + Allows for access to the system via the SSH client. + Includes: sshd, ssh-keygen + + diff --git a/obsolete-buildroot/sources/openssh.server.postinst b/obsolete-buildroot/sources/openssh.server.postinst new file mode 100644 index 0000000000..16d2bf4d76 --- /dev/null +++ b/obsolete-buildroot/sources/openssh.server.postinst @@ -0,0 +1,20 @@ +#!/bin/sh + +# Check for the SSH1 RSA key +if [ ! -f /etc/ssh_host_key ] ; then + echo Generating RSA Key... + /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh_host_key -C '' -N '' +fi + +# Check for the SSH2 RSA key +if [ ! -f /etc/ssh_host_rsa_key ] ; then + echo Generating RSA Key... + /usr/bin/ssh-keygen -t rsa -f /etc/ssh_host_rsa_key -C '' -N '' +fi + +# Check for the SSH2 DSA key +if [ ! -f /etc/ssh_host_dsa_key ] ; then + echo "Generating DSA Key... (Takes a few minutes)" + /usr/bin/ssh-keygen -t dsa -f /etc/ssh_host_dsa_key -C '' -N '' +fi + diff --git a/obsolete-buildroot/sources/openssh.server.preinst b/obsolete-buildroot/sources/openssh.server.preinst new file mode 100644 index 0000000000..029c78978a --- /dev/null +++ b/obsolete-buildroot/sources/openssh.server.preinst @@ -0,0 +1,10 @@ +#!/bin/sh + +# Make sure password and group databases exist +if [ ! -f /etc/passwd ]; then + echo -e "root::0:0::/tmp:/bin/sh\nnobody:x:65534:65534:nobody:/tmp:/bin/sh\nsshd:x:100:65534:sshd:/var:/bin/false\n" > /etc/passwd + [ -f /etc/group ] || echo -e "root:x:0:\nnogroup:x:65534:\n" > /etc/group + echo "\n\nNOTICE: SSH requires proper root password to be configured, set it now." + passwd +fi + diff --git a/obsolete-buildroot/sources/openssh.server.sshd_config b/obsolete-buildroot/sources/openssh.server.sshd_config new file mode 100644 index 0000000000..22e5dc2128 --- /dev/null +++ b/obsolete-buildroot/sources/openssh.server.sshd_config @@ -0,0 +1,100 @@ +# $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +#Protocol 2,1 +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# HostKey for protocol version 1 +#HostKey /etc/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh_host_rsa_key +#HostKey /etc/ssh_host_dsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 768 + +# Logging +#obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin yes +#StrictModes yes + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication (via challenge-response) +# and session processing. Depending on your PAM configuration, this may +# bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords' +#UsePAM no + +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression yes +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10 + +# no default banner path +#Banner /some/path + +ClientAliveInterval 15 +ClientAliveCountMax 4 + +# override default of no subsystems +Subsystem sftp /usr/sbin/sftp-server diff --git a/obsolete-buildroot/sources/openssh.sftp-client.control b/obsolete-buildroot/sources/openssh.sftp-client.control new file mode 100644 index 0000000000..12949f18f3 --- /dev/null +++ b/obsolete-buildroot/sources/openssh.sftp-client.control @@ -0,0 +1,12 @@ +Package: openssh-sftp-client +Priority: optional +Version: 3.8p1-1 +Architecture: mipsel +Maintainer: below0 +Section: net +Depends: openssh-client +Source: Embedded in the main OpenWrt buildroot +Description: OpenSSH Secure FTP server. + Includes: sftp-server + + diff --git a/obsolete-buildroot/sources/openssh.sftp-server.control b/obsolete-buildroot/sources/openssh.sftp-server.control new file mode 100644 index 0000000000..45f5c9aaea --- /dev/null +++ b/obsolete-buildroot/sources/openssh.sftp-server.control @@ -0,0 +1,12 @@ +Package: openssh-sftp-server +Priority: optional +Version: 3.8p1-1 +Architecture: mipsel +Maintainer: below0 +Section: net +Depends: openssh-server +Source: Embedded in the main OpenWrt buildroot +Description: OpenSSH Secure FTP server. + Includes: sftp-server + +