openssh patches from below0
authorMike Baker <mbm@openwrt.org>
Fri, 16 Jul 2004 05:43:10 +0000 (05:43 +0000)
committerMike Baker <mbm@openwrt.org>
Fri, 16 Jul 2004 05:43:10 +0000 (05:43 +0000)
SVN-Revision: 99

14 files changed:
obsolete-buildroot/make/openssh.mk
obsolete-buildroot/sources/openssh.client.conffiles [new file with mode: 0644]
obsolete-buildroot/sources/openssh.client.control [new file with mode: 0644]
obsolete-buildroot/sources/openssh.client.ex.control [new file with mode: 0644]
obsolete-buildroot/sources/openssh.client.preinst [new file with mode: 0644]
obsolete-buildroot/sources/openssh.client.ssh_config [new file with mode: 0644]
obsolete-buildroot/sources/openssh.server.S50sshd-ipk [new file with mode: 0644]
obsolete-buildroot/sources/openssh.server.conffiles [new file with mode: 0644]
obsolete-buildroot/sources/openssh.server.control [new file with mode: 0644]
obsolete-buildroot/sources/openssh.server.postinst [new file with mode: 0644]
obsolete-buildroot/sources/openssh.server.preinst [new file with mode: 0644]
obsolete-buildroot/sources/openssh.server.sshd_config [new file with mode: 0644]
obsolete-buildroot/sources/openssh.sftp-client.control [new file with mode: 0644]
obsolete-buildroot/sources/openssh.sftp-server.control [new file with mode: 0644]

index c7feba20c607a3f5985ea2720e26a304954991ca..7fdb73ed0ad4a8fee088c9f11ecce9ef3c1a920f 100644 (file)
@@ -9,6 +9,13 @@ OPENSSH_DIR:=$(BUILD_DIR)/openssh-3.8p1
 OPENSSH_SOURCE:=openssh-3.8p1.tar.gz
 OPENSSH_PATCH:=$(SOURCE_DIR)/openssh.patch
 
+OPENSSH_IPK_DIR:=$(BUILD_DIR)/openssh-3.8p1-ipk
+OPENSSH_SERVER_IPK:=$(BUILD_DIR)/openssh-server_3.8p1-1_mipsel.ipk
+OPENSSH_CLIENT_IPK:=$(BUILD_DIR)/openssh-client_3.8p1-1_mipsel.ipk
+OPENSSH_SFTP_SERVER_IPK:=$(BUILD_DIR)/openssh-sftp-server_3.8p1-1_mipsel.ipk
+OPENSSH_SFTP_CLIENT_IPK:=$(BUILD_DIR)/openssh-sftp-client_3.8p1-1_mipsel.ipk
+OPENSSH_CLIENT_EX_IPK:=$(BUILD_DIR)/openssh-client-extras_3.8p1-1_mipsel.ipk
+
 $(DL_DIR)/$(OPENSSH_SOURCE):
        $(WGET) -P $(DL_DIR) $(OPENSSH_SITE)/$(OPENSSH_SOURCE)
 
@@ -65,9 +72,94 @@ $(TARGET_DIR)/usr/bin/ssh: $(OPENSSH_DIR)/ssh
        cp $(OPENSSH_DIR)/S50sshd $(TARGET_DIR)/etc/init.d/
        chmod a+x $(TARGET_DIR)/etc/init.d/S50sshd
        rm -rf $(TARGET_DIR)/usr/info $(TARGET_DIR)/usr/man $(TARGET_DIR)/usr/share/doc
+       # since this is the embedded build, keep things to minimum
+       rm $(TARGET_DIR)/etc/moduli
+       rm $(TARGET_DIR)/usr/bin/sftp
+       rm $(TARGET_DIR)/usr/bin/ssh-add
+       rm $(TARGET_DIR)/usr/bin/ssh-agent
+       rm $(TARGET_DIR)/usr/bin/ssh-keyscan
+       rm $(TARGET_DIR)/usr/sbin/sftp-server
+       rm $(TARGET_DIR)/usr/sbin/ssh-keysign
 
 openssh: $(TARGET_DIR)/usr/bin/ssh
 
+$(OPENSSH_IPK_DIR)/usr/bin/ssh: $(OPENSSH_DIR)/ssh
+       $(MAKE) CC=$(TARGET_CC) DESTDIR=$(OPENSSH_IPK_DIR) -C $(OPENSSH_DIR) install
+       mkdir -p $(OPENSSH_IPK_DIR)/etc/init.d/
+       cp $(OPENSSH_DIR)/S50sshd $(OPENSSH_IPK_DIR)/etc/init.d/
+       chmod a+x $(OPENSSH_IPK_DIR)/etc/init.d/S50sshd
+       rm -rf $(OPENSSH_IPK_DIR)/usr/info $(OPENSSH_IPK_DIR)/usr/man $(OPENSSH_IPK_DIR)/usr/share/doc
+
+$(OPENSSH_SERVER_IPK): $(OPENSSH_IPK_DIR)/usr/bin/ssh
+       rm -rf $(OPENSSH_IPK_DIR)/build
+       mkdir -p $(OPENSSH_IPK_DIR)/build/CONTROL
+       cp $(SOURCE_DIR)/openssh.server.control $(OPENSSH_IPK_DIR)/build/CONTROL/control
+       cp $(SOURCE_DIR)/openssh.server.conffiles $(OPENSSH_IPK_DIR)/build/CONTROL/conffiles
+       cp $(SOURCE_DIR)/openssh.server.preinst $(OPENSSH_IPK_DIR)/build/CONTROL/preinst
+       chmod a+x $(OPENSSH_IPK_DIR)/build/CONTROL/preinst
+       cp $(SOURCE_DIR)/openssh.server.postinst $(OPENSSH_IPK_DIR)/build/CONTROL/postinst
+       chmod a+x $(OPENSSH_IPK_DIR)/build/CONTROL/postinst
+       mkdir -p $(OPENSSH_IPK_DIR)/build/etc/init.d
+       cp $(SOURCE_DIR)/openssh.server.sshd_config $(OPENSSH_IPK_DIR)/build/etc/sshd_config
+       cp $(SOURCE_DIR)/openssh.server.S50sshd-ipk $(OPENSSH_IPK_DIR)/build/etc/init.d/S50sshd
+       chmod a+x $(OPENSSH_IPK_DIR)/build/etc/init.d/S50sshd
+       mkdir -p $(OPENSSH_IPK_DIR)/build/usr/sbin
+       cp $(OPENSSH_IPK_DIR)/usr/sbin/sshd $(OPENSSH_IPK_DIR)/build/usr/sbin
+       mkdir -p $(OPENSSH_IPK_DIR)/build/usr/bin
+       cp $(OPENSSH_IPK_DIR)/usr/bin/ssh-keygen $(OPENSSH_IPK_DIR)/build/usr/bin
+       cd $(BUILD_DIR); $(STAGING_DIR)/bin/ipkg-build -c -o root -g root $(OPENSSH_IPK_DIR)/build
+       rm -rf $(OPENSSH_IPK_DIR)/build
+
+$(OPENSSH_CLIENT_IPK): $(OPENSSH_IPK_DIR)/usr/bin/ssh
+       rm -rf $(OPENSSH_IPK_DIR)/build
+       mkdir -p $(OPENSSH_IPK_DIR)/build/CONTROL
+       cp $(SOURCE_DIR)/openssh.client.control $(OPENSSH_IPK_DIR)/build/CONTROL/control
+       cp $(SOURCE_DIR)/openssh.client.conffiles $(OPENSSH_IPK_DIR)/build/CONTROL/conffiles
+       cp $(SOURCE_DIR)/openssh.client.preinst $(OPENSSH_IPK_DIR)/build/CONTROL/preinst
+       chmod a+x $(OPENSSH_IPK_DIR)/build/CONTROL/preinst
+       mkdir -p $(OPENSSH_IPK_DIR)/build/etc
+       cp $(SOURCE_DIR)/openssh.client.ssh_config $(OPENSSH_IPK_DIR)/build/etc/ssh_config
+       mkdir -p $(OPENSSH_IPK_DIR)/build/usr/bin
+       cp $(OPENSSH_IPK_DIR)/usr/bin/ssh $(OPENSSH_IPK_DIR)/build/usr/bin
+       cp $(OPENSSH_IPK_DIR)/usr/bin/scp $(OPENSSH_IPK_DIR)/build/usr/bin
+       cd $(BUILD_DIR); $(STAGING_DIR)/bin/ipkg-build -c -o root -g root $(OPENSSH_IPK_DIR)/build
+       rm -rf $(OPENSSH_IPK_DIR)/build
+
+$(OPENSSH_SFTP_SERVER_IPK): $(OPENSSH_IPK_DIR)/usr/bin/ssh
+       rm -rf $(OPENSSH_IPK_DIR)/build
+       mkdir -p $(OPENSSH_IPK_DIR)/build/CONTROL
+       cp $(SOURCE_DIR)/openssh.sftp-server.control $(OPENSSH_IPK_DIR)/build/CONTROL/control
+       mkdir -p $(OPENSSH_IPK_DIR)/build/usr/sbin
+       cp $(OPENSSH_IPK_DIR)/usr/sbin/sftp-server $(OPENSSH_IPK_DIR)/build/usr/sbin
+       cd $(BUILD_DIR); $(STAGING_DIR)/bin/ipkg-build -c -o root -g root $(OPENSSH_IPK_DIR)/build
+       rm -rf $(OPENSSH_IPK_DIR)/build
+
+$(OPENSSH_SFTP_CLIENT_IPK): $(OPENSSH_IPK_DIR)/usr/bin/ssh
+       rm -rf $(OPENSSH_IPK_DIR)/build
+       mkdir -p $(OPENSSH_IPK_DIR)/build/CONTROL
+       cp $(SOURCE_DIR)/openssh.sftp-client.control $(OPENSSH_IPK_DIR)/build/CONTROL/control
+       mkdir -p $(OPENSSH_IPK_DIR)/build/usr/bin
+       cp $(OPENSSH_IPK_DIR)/usr/bin/sftp $(OPENSSH_IPK_DIR)/build/usr/bin
+       cd $(BUILD_DIR); $(STAGING_DIR)/bin/ipkg-build -c -o root -g root $(OPENSSH_IPK_DIR)/build
+       rm -rf $(OPENSSH_IPK_DIR)/build
+
+$(OPENSSH_CLIENT_EX_IPK): $(OPENSSH_IPK_DIR)/usr/bin/ssh
+       rm -rf $(OPENSSH_IPK_DIR)/build
+       mkdir -p $(OPENSSH_IPK_DIR)/build/CONTROL
+       cp $(SOURCE_DIR)/openssh.client.ex.control $(OPENSSH_IPK_DIR)/build/CONTROL/control
+       mkdir -p $(OPENSSH_IPK_DIR)/build/usr/bin
+       cp $(OPENSSH_IPK_DIR)/usr/bin/ssh-add $(OPENSSH_IPK_DIR)/build/usr/bin
+       cp $(OPENSSH_IPK_DIR)/usr/bin/ssh-agent $(OPENSSH_IPK_DIR)/build/usr/bin
+       cp $(OPENSSH_IPK_DIR)/usr/bin/ssh-keyscan $(OPENSSH_IPK_DIR)/build/usr/bin
+       mkdir -p $(OPENSSH_IPK_DIR)/build/usr/sbin
+       cp $(OPENSSH_IPK_DIR)/usr/sbin/ssh-keysign $(OPENSSH_IPK_DIR)/build/usr/sbin
+       cd $(BUILD_DIR); $(STAGING_DIR)/bin/ipkg-build -c -o root -g root $(OPENSSH_IPK_DIR)/build
+       rm -rf $(OPENSSH_IPK_DIR)/build
+
+openssh-ipk: $(OPENSSH_SERVER_IPK) $(OPENSSH_CLIENT_IPK) \
+             $(OPENSSH_SFTP_SERVER_IPK) $(OPENSSH_SFTP_CLIENT_IPK) \
+            $(OPENSSH_CLIENT_EX_IPK)
+
 openssh-source: $(DL_DIR)/$(OPENSSH_SOURCE)
 
 openssh-clean: 
diff --git a/obsolete-buildroot/sources/openssh.client.conffiles b/obsolete-buildroot/sources/openssh.client.conffiles
new file mode 100644 (file)
index 0000000..cb3c639
--- /dev/null
@@ -0,0 +1 @@
+/etc/ssh_config
diff --git a/obsolete-buildroot/sources/openssh.client.control b/obsolete-buildroot/sources/openssh.client.control
new file mode 100644 (file)
index 0000000..6d55328
--- /dev/null
@@ -0,0 +1,12 @@
+Package: openssh-client
+Priority: optional
+Version: 3.8p1-1
+Architecture: mipsel
+Maintainer: below0
+Section: net
+Depends: zlib openssl
+Source: Embedded in the main OpenWrt buildroot
+Description: The OpenSSH client. Allows for access to remote systems via the SSH protocol.
+ Includes: ssh, scp
+
+
diff --git a/obsolete-buildroot/sources/openssh.client.ex.control b/obsolete-buildroot/sources/openssh.client.ex.control
new file mode 100644 (file)
index 0000000..5eb808a
--- /dev/null
@@ -0,0 +1,12 @@
+Package: openssh-client-extras
+Priority: optional
+Version: 3.8p1-1
+Architecture: mipsel
+Maintainer: below0
+Section: net
+Depends: openssh-client
+Source: Embedded in the main OpenWrt buildroot
+Description: Various optional OpenSSH client tools.
+ Includes: ssh-add, ssh-agent, ssh-keyscan, ssk-keysign
+
+
diff --git a/obsolete-buildroot/sources/openssh.client.preinst b/obsolete-buildroot/sources/openssh.client.preinst
new file mode 100644 (file)
index 0000000..029c789
--- /dev/null
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+# Make sure password and group databases exist
+if [ ! -f /etc/passwd ]; then
+   echo -e "root::0:0::/tmp:/bin/sh\nnobody:x:65534:65534:nobody:/tmp:/bin/sh\nsshd:x:100:65534:sshd:/var:/bin/false\n" > /etc/passwd
+   [ -f /etc/group ] || echo -e "root:x:0:\nnogroup:x:65534:\n" > /etc/group
+   echo "\n\nNOTICE: SSH requires proper root password to be configured, set it now."
+   passwd
+fi
+                
diff --git a/obsolete-buildroot/sources/openssh.client.ssh_config b/obsolete-buildroot/sources/openssh.client.ssh_config
new file mode 100644 (file)
index 0000000..2692e89
--- /dev/null
@@ -0,0 +1,37 @@
+#      $OpenBSD: ssh_config,v 1.19 2003/08/13 08:46:31 markus Exp $
+
+# This is the ssh client system-wide configuration file.  See
+# ssh_config(5) for more information.  This file provides defaults for
+# users, and the values can be changed in per-user configuration files
+# or on the command line.
+
+# Configuration data is parsed as follows:
+#  1. command line options
+#  2. user-specific file
+#  3. system-wide file
+# Any configuration value is only changed the first time it is set.
+# Thus, host-specific definitions should be at the beginning of the
+# configuration file, and defaults at the end.
+
+# Site-wide defaults for various options
+
+# Host *
+#   ForwardAgent no
+#   ForwardX11 no
+#   RhostsRSAAuthentication no
+#   RSAAuthentication yes
+#   PasswordAuthentication yes
+#   HostbasedAuthentication no
+#   BatchMode no
+#   CheckHostIP yes
+#   AddressFamily any
+#   ConnectTimeout 0
+#   StrictHostKeyChecking ask
+#   IdentityFile ~/.ssh/identity
+#   IdentityFile ~/.ssh/id_rsa
+#   IdentityFile ~/.ssh/id_dsa
+#   Port 22
+#   Protocol 2,1
+#   Cipher 3des
+#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
+#   EscapeChar ~
diff --git a/obsolete-buildroot/sources/openssh.server.S50sshd-ipk b/obsolete-buildroot/sources/openssh.server.S50sshd-ipk
new file mode 100644 (file)
index 0000000..6f77ad9
--- /dev/null
@@ -0,0 +1,45 @@
+#!/bin/sh
+#
+# sshd        Starts sshd.
+#
+
+mkdir -p /var/lock
+mkdir -p /var/empty
+chmod 600 /var/empty
+
+umask 077
+
+start() {
+       echo -n "Starting sshd: "
+       /usr/sbin/sshd
+       touch /var/lock/sshd
+       echo "OK"
+}      
+stop() {
+       echo -n "Stopping sshd: "
+        killall        sshd 
+       rm -f /var/lock/sshd
+       echo "OK" 
+}
+restart() {
+       stop
+       start
+}      
+
+case "$1" in
+  start)
+       start
+       ;;
+  stop)
+       stop
+       ;;
+  restart|reload)
+       restart
+       ;;
+  *)
+       echo $"Usage: $0 {start|stop|restart}"
+       exit 1
+esac
+
+exit $?
+
diff --git a/obsolete-buildroot/sources/openssh.server.conffiles b/obsolete-buildroot/sources/openssh.server.conffiles
new file mode 100644 (file)
index 0000000..5877b3b
--- /dev/null
@@ -0,0 +1 @@
+/etc/sshd_config
diff --git a/obsolete-buildroot/sources/openssh.server.control b/obsolete-buildroot/sources/openssh.server.control
new file mode 100644 (file)
index 0000000..6c83c4a
--- /dev/null
@@ -0,0 +1,13 @@
+Package: openssh-server
+Priority: optional
+Version: 3.8p1-1
+Architecture: mipsel
+Maintainer: below0
+Section: net
+Depends: zlib openssl
+Source: Embedded in the main OpenWrt buildroot
+Description: The OpenSSH server daemon. 
+  Allows for access to the system via the SSH client. 
+  Includes: sshd, ssh-keygen
+
+
diff --git a/obsolete-buildroot/sources/openssh.server.postinst b/obsolete-buildroot/sources/openssh.server.postinst
new file mode 100644 (file)
index 0000000..16d2bf4
--- /dev/null
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# Check for the SSH1 RSA key
+if [ ! -f /etc/ssh_host_key ] ; then
+       echo Generating RSA Key...
+       /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh_host_key -C '' -N ''
+fi
+
+# Check for the SSH2 RSA key
+if [ ! -f /etc/ssh_host_rsa_key ] ; then
+       echo Generating RSA Key...
+       /usr/bin/ssh-keygen -t rsa -f /etc/ssh_host_rsa_key -C '' -N ''
+fi
+
+# Check for the SSH2 DSA key
+if [ ! -f /etc/ssh_host_dsa_key ] ; then
+       echo "Generating DSA Key... (Takes a few minutes)"
+        /usr/bin/ssh-keygen -t dsa -f /etc/ssh_host_dsa_key -C '' -N ''
+fi
+                
diff --git a/obsolete-buildroot/sources/openssh.server.preinst b/obsolete-buildroot/sources/openssh.server.preinst
new file mode 100644 (file)
index 0000000..029c789
--- /dev/null
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+# Make sure password and group databases exist
+if [ ! -f /etc/passwd ]; then
+   echo -e "root::0:0::/tmp:/bin/sh\nnobody:x:65534:65534:nobody:/tmp:/bin/sh\nsshd:x:100:65534:sshd:/var:/bin/false\n" > /etc/passwd
+   [ -f /etc/group ] || echo -e "root:x:0:\nnogroup:x:65534:\n" > /etc/group
+   echo "\n\nNOTICE: SSH requires proper root password to be configured, set it now."
+   passwd
+fi
+                
diff --git a/obsolete-buildroot/sources/openssh.server.sshd_config b/obsolete-buildroot/sources/openssh.server.sshd_config
new file mode 100644 (file)
index 0000000..22e5dc2
--- /dev/null
@@ -0,0 +1,100 @@
+#      $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options change a
+# default value.
+
+#Port 22
+#Protocol 2,1
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# HostKey for protocol version 1
+#HostKey /etc/ssh_host_key
+# HostKeys for protocol version 2
+#HostKey /etc/ssh_host_rsa_key
+#HostKey /etc/ssh_host_dsa_key
+
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 768
+
+# Logging
+#obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin yes
+#StrictModes yes
+
+#RSAAuthentication yes
+#PubkeyAuthentication yes
+#AuthorizedKeysFile    .ssh/authorized_keys
+
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication (via challenge-response)
+# and session processing. Depending on your PAM configuration, this may
+# bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords'
+#UsePAM no
+
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+#UsePrivilegeSeparation yes
+#PermitUserEnvironment no
+#Compression yes
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10
+
+# no default banner path
+#Banner /some/path
+
+ClientAliveInterval 15
+ClientAliveCountMax 4
+
+# override default of no subsystems
+Subsystem      sftp    /usr/sbin/sftp-server
diff --git a/obsolete-buildroot/sources/openssh.sftp-client.control b/obsolete-buildroot/sources/openssh.sftp-client.control
new file mode 100644 (file)
index 0000000..12949f1
--- /dev/null
@@ -0,0 +1,12 @@
+Package: openssh-sftp-client
+Priority: optional
+Version: 3.8p1-1
+Architecture: mipsel
+Maintainer: below0
+Section: net
+Depends: openssh-client
+Source: Embedded in the main OpenWrt buildroot
+Description: OpenSSH Secure FTP server. 
+ Includes: sftp-server
+
+
diff --git a/obsolete-buildroot/sources/openssh.sftp-server.control b/obsolete-buildroot/sources/openssh.sftp-server.control
new file mode 100644 (file)
index 0000000..45f5c9a
--- /dev/null
@@ -0,0 +1,12 @@
+Package: openssh-sftp-server
+Priority: optional
+Version: 3.8p1-1
+Architecture: mipsel
+Maintainer: below0
+Section: net
+Depends: openssh-server
+Source: Embedded in the main OpenWrt buildroot
+Description: OpenSSH Secure FTP server. 
+ Includes: sftp-server
+
+