OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src openpkg-web Date: 01-Jan-2004 14:06:49
Branch: HEAD Handle: 2004010113064701
Modified files:
openpkg-src/openssh openssh.spec rc.openssh ssh-keyman.1
ssh-keyman.pod ssh_config sshd_config
openpkg-web news.txt
Log:
happy new year OpenSSH: this is your new dress (configuration
cleanups, fixes, adjustments, etc)
Summary:
Revision Changes Path
1.120 +24 -14 openpkg-src/openssh/openssh.spec
1.19 +1 -1 openpkg-src/openssh/rc.openssh
1.2 +47 -54 openpkg-src/openssh/ssh-keyman.1
1.4 +1 -4 openpkg-src/openssh/ssh-keyman.pod
1.5 +33 -32 openpkg-src/openssh/ssh_config
1.13 +8 -4 openpkg-src/openssh/sshd_config
1.7936 +1 -0 openpkg-web/news.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.spec
============================================================================
$ cvs diff -u -r1.119 -r1.120 openssh.spec
--- openpkg-src/openssh/openssh.spec 31 Dec 2003 19:13:10 -0000 1.119
+++ openpkg-src/openssh/openssh.spec 1 Jan 2004 13:06:48 -0000 1.120
@@ -41,7 +41,7 @@
Group: Security
License: BSD
Version: %{V_base}%{V_portable}
-Release: 20031231
+Release: 20040101
# package options
%option with_fsl yes
@@ -199,9 +199,11 @@
strip $RPM_BUILD_ROOT%{l_prefix}/libexec/openssh/* 2>/dev/null || true
# install ssh-askpass wrapper
- %{l_shtool} mkdir -f -p -m 755 $RPM_BUILD_ROOT%{l_prefix}/libexec/openssh
+ %{l_shtool} mkdir -f -p -m 755 \
+ $RPM_BUILD_ROOT%{l_prefix}/libexec/openssh
%{l_shtool} install -c -m 755 %{l_value -s -a} \
- %{SOURCE ssh-askpass} $RPM_BUILD_ROOT%{l_prefix}/libexec/openssh/
+ %{SOURCE ssh-askpass} \
+ $RPM_BUILD_ROOT%{l_prefix}/libexec/openssh/
# make sure the state directory exists
%{l_shtool} mkdir -f -p -m 755 \
@@ -213,25 +215,33 @@
$RPM_BUILD_ROOT%{l_prefix}/bin \
$RPM_BUILD_ROOT%{l_prefix}/man/man1
%{l_shtool} install -c -m 755 %{l_value -s -a} \
- %{SOURCE ssh-keyman} $RPM_BUILD_ROOT%{l_prefix}/bin/
+ %{SOURCE ssh-keyman} \
+ $RPM_BUILD_ROOT%{l_prefix}/bin/
%{l_shtool} install -c -m 644 %{l_value -s -a} \
- %{SOURCE ssh-keyman.1} $RPM_BUILD_ROOT%{l_prefix}/man/man1/
+ %{SOURCE ssh-keyman.1} \
+ $RPM_BUILD_ROOT%{l_prefix}/man/man1/
# install run-command script
- %{l_shtool} mkdir -f -p -m 755 $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d
+ %{l_shtool} mkdir -f -p -m 755 \
+ $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d
%{l_shtool} install -c -m 755 %{l_value -s -a} \
- %{SOURCE rc.openssh} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
+ %{SOURCE rc.openssh} \
+ $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
# install reasonable ssh server and client configuration files
- %{l_shtool} mkdir -f -p -m 755 $RPM_BUILD_ROOT%{l_prefix}/etc/openssh
+ %{l_shtool} mkdir -f -p -m 755 \
+ $RPM_BUILD_ROOT%{l_prefix}/etc/openssh
%{l_shtool} install -c -m 644 %{l_value -s -a} \
-e 's;@l_x11forwarding@;%{with_x11};' \
- %{SOURCE sshd_config} $RPM_BUILD_ROOT%{l_prefix}/etc/openssh/
+ %{SOURCE sshd_config} \
+ $RPM_BUILD_ROOT%{l_prefix}/etc/openssh/
%{l_shtool} install -c -m 644 %{l_value -s -a} \
- %{SOURCE ssh_config} $RPM_BUILD_ROOT%{l_prefix}/etc/openssh/
+ %{SOURCE ssh_config} \
+ $RPM_BUILD_ROOT%{l_prefix}/etc/openssh/
# install OSSP fsl configuration
- %{l_shtool} mkdir -f -p -m 755 $RPM_BUILD_ROOT%{l_prefix}/etc/fsl
+ %{l_shtool} mkdir -f -p -m 755 \
+ $RPM_BUILD_ROOT%{l_prefix}/etc/fsl
%{l_shtool} install -c -m 644 %{l_value -s -a} \
%{SOURCE fsl.openssh} \
$RPM_BUILD_ROOT%{l_prefix}/etc/fsl/
@@ -251,7 +261,7 @@
rm -rf $RPM_BUILD_ROOT
%post
- # generate server RSA1 (SSHv1) key
+ # generate server RSA1 (SSH1) key
if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_key" -o \
! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_key" ] ; then
$RPM_INSTALL_PREFIX/bin/ssh-keygen -t rsa1 -b 2048 \
@@ -259,7 +269,7 @@
-N '' -C `hostname` 1>&2
fi
- # generate server RSA (SSHv2) key
+ # generate server RSA (SSH2) key
if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_rsa_key" -o \
! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_rsa_key" ] ; then
$RPM_INSTALL_PREFIX/bin/ssh-keygen -t rsa -b 2048 \
@@ -267,7 +277,7 @@
-N '' -C `hostname` 1>&2
fi
- # generate server DSA (SSHv2) key
+ # generate server DSA (SSH2) key
if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key" -o \
! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key" ] ; then
$RPM_INSTALL_PREFIX/bin/ssh-keygen -t dsa -b 2048 \
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/rc.openssh
============================================================================
$ cvs diff -u -r1.18 -r1.19 rc.openssh
--- openpkg-src/openssh/rc.openssh 22 Jul 2003 09:41:51 -0000 1.18
+++ openpkg-src/openssh/rc.openssh 1 Jan 2004 13:06:48 -0000 1.19
@@ -13,7 +13,7 @@
%common
openssh_signal () {
- openssh_pidfile="@l_prefix@/var/openssh/sshd.pid"
+ openssh_pidfile="@l_prefix@/var/openssh/openssh.pid"
[ -f $openssh_pidfile ] && kill -$1 `cat $openssh_pidfile`
}
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/ssh-keyman.1
============================================================================
$ cvs diff -u -r1.1 -r1.2 ssh-keyman.1
--- openpkg-src/openssh/ssh-keyman.1 7 May 2002 18:01:42 -0000 1.1
+++ openpkg-src/openssh/ssh-keyman.1 1 Jan 2004 13:06:48 -0000 1.2
@@ -1,8 +1,7 @@
-.\" Automatically generated by Pod::Man version 1.15
-.\" Tue May 7 19:43:46 2002
+.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.13
.\"
.\" Standard preamble:
-.\" ======================================================================
+.\" ========================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
@@ -15,12 +14,6 @@
.if t .sp .5v
.if n .sp
..
-.de Ip \" List item
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
.de Vb \" Begin verbatim text
.ft CW
.nf
@@ -28,15 +21,14 @@
..
.de Ve \" End verbatim text
.ft R
-
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a
-.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
-.\" to do unbreakable dashes and therefore won't be available. \*(C` and
-.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
+.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to
+.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C'
+.\" expand to `' in nroff, nothing in troff, for use with C<>.
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
@@ -56,10 +48,10 @@
. ds R" ''
'br\}
.\"
-.\" If the F register is turned on, we'll generate index entries on stderr
-.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
-.\" index entries marked with X<> in POD. Of course, you'll have to process
-.\" the output yourself in some meaningful fashion.
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
@@ -68,14 +60,13 @@
. rr F
.\}
.\"
-.\" For nroff, turn off justification. Always turn off hyphenation; it
-.\" makes way too many mistakes in technical documents.
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
-.bd B 3
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
@@ -135,13 +126,12 @@
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
-.\" ======================================================================
+.\" ========================================================================
.\"
.IX Title "SSH-KEYMAN 1"
-.TH SSH-KEYMAN 1 "perl v5.6.1" "2002-05-07" "User Contributed Perl Documentation"
-.UC
+.TH SSH-KEYMAN 1 "2004-01-01" "perl v5.8.2" "User Contributed Perl Documentation"
.SH "NAME"
-\&\fBssh-keyman\fR \- authentication key agent management
+\&\fBssh\-keyman\fR \- authentication key agent management
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
\&\fBssh-keyman\fR
@@ -153,6 +143,7 @@
[\fB\-d\fR]
[\fB\-a\fR]
[\fB\-l\fR]
+[\fB\-i\fR]
[\fIkeyfile\fR ...]
.PP
\&\fBssh-keyman\fR
@@ -169,61 +160,63 @@
.PP
The command line options can be combined and are executed internally in
the given order below.
-.Ip "\fB\-q\fR, \fB\*(--quiet\fR" 4
-.IX Item "-q, quiet"
+.IP "\fB\-q\fR, \fB\-\-quiet\fR" 4
+.IX Item "-q, --quiet"
Quiet operation. Do not print verbose messages.
-.Ip "\fB\-c\fR, \fB\*(--cluster\fR" 4
-.IX Item "-c, cluster"
+.IP "\fB\-c\fR, \fB\-\-cluster\fR" 4
+.IX Item "-c, --cluster"
Cluster indicator. This forces the use of
-\&\fB$HOME/.ssh/agent-\fR\fIhostname\fR as the agent attachment informations
+\&\fB$HOME/.ssh/agent\-\fR\fIhostname\fR as the agent attachment informations
file instead of the default \fB$HOME/.ssh/agent\fR. Use this if your home
directory is NFS-mounted on a cluster of desktops.
-.Ip "\fB\-k\fR, \fB\*(--kill\fR" 4
-.IX Item "-k, kill"
+.IP "\fB\-k\fR, \fB\-\-kill\fR" 4
+.IX Item "-k, --kill"
Kill agent. This makes sure the \fBssh-agent\fR process
is no longer running.
-.Ip "\fB\-s\fR, \fB\*(--start\fR" 4
-.IX Item "-s, start"
+.IP "\fB\-s\fR, \fB\-\-start\fR" 4
+.IX Item "-s, --start"
Start agent. This makes sure the \fBssh-agent\fR process is
running. If not, it automatically spawns a new one.
-.Ip "\fB\-e\fR, \fB\*(--env\fR" 4
-.IX Item "-e, env"
+.IP "\fB\-e\fR, \fB\-\-env\fR" 4
+.IX Item "-e, --env"
Environment setup. This outputs to \fIstdout\fR the Bourne-Shell commands
necessary to attach the current shell session to the \fBssh-agent\fR
process. The intended usage is "\f(CW\*(C`eval `\f(CBssh-keyman\f(CW \-q \-e
\-s`\*(C'\fR" from
within \fB$HOME/.xsession\fR or \fB$HOME/.bash_login\fR scripts.
-.Ip "\fB\-d\fR, \fB\*(--delete\fR" 4
-.IX Item "-d, delete"
+.IP "\fB\-d\fR, \fB\-\-delete\fR" 4
+.IX Item "-d, --delete"
Delete key. This deletes one or more (or all if not \fIkeyfile\fR arguments
are specified at all) from the \fBssh-agent\fR process.
-.Ip "\fB\-a\fR, \fB\*(--add\fR" 4
-.IX Item "-a, add"
+.IP "\fB\-a\fR, \fB\-\-add\fR" 4
+.IX Item "-a, --add"
Add key. This adds one or more keys (in \fIkeyfile\fR) to the \fBssh-agent\fR
process. If a key is already loaded, it is skipped and not reloaded.
Additionally, all specified keys are loaded with a single \fBssh-add\fR
call. This way the pass-phrase dialog is reduced to its possible
minimum.
-.Ip "\fB\-l\fR, \fB\*(--list\fR" 4
-.IX Item "-l, list"
+.IP "\fB\-l\fR, \fB\-\-list\fR" 4
+.IX Item "-l, --list"
List keys. This lists the currently available keys in the \fBssh-agent\fR
process.
-.Ip "\fB\-h\fR, \fB\*(--help\fR" 4
-.IX Item "-h, help"
+.IP "\fB\-i\fR, \fB\-\-install\fR" 4
+.IX Item "-i, --install"
+Install public keys into remote account. This extracts the currently available
public keys in the \fBssh-agent\fR
+process and installs them into "\f(CW\*(C`~/.ssh/authorized_keys\*(C'\fR" on a
specified remote account.
+.IP "\fB\-h\fR, \fB\-\-help\fR" 4
+.IX Item "-h, --help"
Help information. Display a usage summary on \fIstdout\fR.
-.Ip "\fB\-v\fR, \fB\*(--version\fR" 4
-.IX Item "-v, version"
+.IP "\fB\-v\fR, \fB\-\-version\fR" 4
+.IX Item "-v, --version"
Version information. Display a version summary on \fIstdout\fR.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
\&\fI.xsession\fR:
.PP
-.Vb 5
+.Vb 2
\& eval `ssh-keyman -q -s -e`
-\& ssh-keyman -q -a </dev/null \e
-\& ~/.ssh/id_rsa_1 \e
-\& ~/.ssh/id_rsa_2 \e
-\& ~/.ssh/id_rsa_3
+\& ssh-keyman -q -a </dev/null ~/.ssh/id_rsa ~/.ssh/id_dsa
.Ve
+.PP
\&\fI.bash_login\fR:
.PP
.Vb 1
@@ -231,17 +224,17 @@
.Ve
.SH "FILES"
.IX Header "FILES"
-.Ip "\fB$HOME/.ssh/agent\fR" 4
+.IP "\fB$HOME/.ssh/agent\fR" 4
.IX Item "$HOME/.ssh/agent"
The generated shell script for attaching the current shell
-session (and all of its sub-processes) to the \fBssh-agent\fR process.
+session (and all of its sub\-processes) to the \fBssh-agent\fR process.
At any time this can be directly sourced from within the shell session
or indirectly through the \fBssh-keyman\fR \fB\-e\fR option.
This file is used if the cluster option \fB\-c\fR is not used.
-.Ip "\fB$HOME/.ssh/agent-\fR\fIhostname\fR" 4
+.IP "\fB$HOME/.ssh/agent\-\fR\fIhostname\fR" 4
.IX Item "$HOME/.ssh/agent-hostname"
The generated shell script for attaching the current shell
-session (and all of its sub-processes) to the \fBssh-agent\fR process.
+session (and all of its sub\-processes) to the \fBssh-agent\fR process.
At any time this can be directly sourced from within the shell session
or indirectly through the \fBssh-keyman\fR \fB\-e\fR option.
This file is used if the cluster option \fB\-c\fR is used.
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/ssh-keyman.pod
============================================================================
$ cvs diff -u -r1.3 -r1.4 ssh-keyman.pod
--- openpkg-src/openssh/ssh-keyman.pod 31 Dec 2003 19:13:10 -0000 1.3
+++ openpkg-src/openssh/ssh-keyman.pod 1 Jan 2004 13:06:48 -0000 1.4
@@ -127,10 +127,7 @@
F<.xsession>:
eval `ssh-keyman -q -s -e`
- ssh-keyman -q -a </dev/null \
- ~/.ssh/id_rsa_1 \
- ~/.ssh/id_rsa_2 \
- ~/.ssh/id_rsa_3
+ ssh-keyman -q -a </dev/null ~/.ssh/id_rsa ~/.ssh/id_dsa
F<.bash_login>:
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/ssh_config
============================================================================
$ cvs diff -u -r1.4 -r1.5 ssh_config
--- openpkg-src/openssh/ssh_config 19 Dec 2002 13:09:42 -0000 1.4
+++ openpkg-src/openssh/ssh_config 1 Jan 2004 13:06:48 -0000 1.5
@@ -3,39 +3,40 @@
##
Host localhost
- Compression no
- ForwardX11 yes
- KeepAlive yes
+ Compression no
+ ForwardX11 yes
+ KeepAlive yes
# Global Default Settings
-# (keep this section last here, because
-# the rule is "first matching is used")
+# (keep this host section last here, because the
+# rule is "first matching host section is used")
Host *
- BatchMode no
- CheckHostIP yes
- Protocol 1,2
- HostKeyAlgorithms ssh-rsa,ssh-dss
- PreferredAuthentications
hostbased,publickey,keyboard-interactive,password
- Cipher 3des
- Ciphers
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
- MACs
hmac-sha1,hmac-md5,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
- Compression yes
- CompressionLevel 4
- ConnectionAttempts 2
- PubkeyAuthentication yes
- DSAAuthentication yes
- RSAAuthentication yes
- ChallengeResponseAuthentication yes
- PasswordAuthentication yes
- NumberOfPasswordPrompts 2
- RhostsAuthentication no
- RhostsRSAAuthentication no
- StrictHostKeyChecking no
- UsePrivilegedPort no
- EscapeChar ~
- ForwardAgent yes
- ForwardX11 no
- GatewayPorts no
- KeepAlive no
- LogLevel INFO
+ BatchMode no
+ CheckHostIP yes
+ Protocol 2,1
+ HostKeyAlgorithms ssh-rsa,ssh-dss
+ PreferredAuthentications
hostbased,publickey,keyboard-interactive,password
+ Cipher 3des
+ Ciphers
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
+ MACs
hmac-sha1,hmac-md5,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
+ Compression yes
+ CompressionLevel 4
+ ConnectionAttempts 2
+ PubkeyAuthentication yes
+ DSAAuthentication yes
+ RSAAuthentication yes
+ ChallengeResponseAuthentication yes
+ PasswordAuthentication yes
+ NumberOfPasswordPrompts 2
+ NoHostAuthenticationForLocalhost yes
+ HostbasedAuthentication no
+ RhostsRSAAuthentication no
+ StrictHostKeyChecking no
+ UsePrivilegedPort no
+ EscapeChar ~
+ ForwardAgent yes
+ ForwardX11 no
+ GatewayPorts no
+ KeepAlive no
+ LogLevel INFO
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/sshd_config
============================================================================
$ cvs diff -u -r1.12 -r1.13 sshd_config
--- openpkg-src/openssh/sshd_config 29 Jul 2003 09:19:05 -0000 1.12
+++ openpkg-src/openssh/sshd_config 1 Jan 2004 13:06:48 -0000 1.13
@@ -9,33 +9,37 @@
Protocol 2,1
HostKey @l_prefix@/etc/openssh/ssh_host_key
+HostKey @l_prefix@/etc/openssh/ssh_host_rsa_key
HostKey @l_prefix@/etc/openssh/ssh_host_dsa_key
ServerKeyBits 768
-KeyRegenerationInterval 3600
+KeyRegenerationInterval 1h
-PidFile @l_prefix@/var/openssh/sshd.pid
+PidFile @l_prefix@/var/openssh/openssh.pid
SyslogFacility AUTH
LogLevel INFO
PubkeyAuthentication yes
RSAAuthentication yes
PasswordAuthentication yes
-RhostsAuthentication no
+HostbasedAuthentication no
RhostsRSAAuthentication no
StrictModes yes
IgnoreRhosts yes
KeepAlive yes
GatewayPorts no
+AllowTcpForwarding yes
X11Forwarding @l_x11forwarding@
Compression yes
UsePrivilegeSeparation no
-LoginGraceTime 600
+LoginGraceTime 2m
MaxStartups 10:30:60
PermitRootLogin no
PermitEmptyPasswords no
UseLogin no
+UseDNS yes
PrintMotd yes
+PrintLastLog yes
PermitUserEnvironment yes
@@ .
patch -p0 <<'@@ .'
Index: openpkg-web/news.txt
============================================================================
$ cvs diff -u -r1.7935 -r1.7936 news.txt
--- openpkg-web/news.txt 1 Jan 2004 11:05:30 -0000 1.7935
+++ openpkg-web/news.txt 1 Jan 2004 13:06:47 -0000 1.7936
@@ -1,3 +1,4 @@
+01-Jan-2004: Upgraded package: P<openssh-3.7.1p2-20040101>
01-Jan-2004: Upgraded package: P<gcc34-3.4s20031231-20040101>
01-Jan-2004: Upgraded package: P<uvscan-4.24+4312-20040101>
01-Jan-2004: Upgraded package: P<rt-3.0.7-20040101>
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
