--- /dev/null
+#
+# Copyright (C) 2006-2011 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=openssh
+PKG_VERSION:=6.6p1
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
+ ftp://openbsd.wiretapped.net/pub/OpenBSD/OpenSSH/portable/ \
+ ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/ \
+ ftp://ftp.de.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/
+PKG_MD5SUM:=3e9800e6bca1fbac0eea4d41baa7f239
+
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
+
+PKG_BUILD_DEPENDS:=libopenssl
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/openssh/Default
+ SECTION:=net
+ CATEGORY:=Network
+ DEPENDS:=+libopenssl +zlib +SSP_SUPPORT:libssp
+ TITLE:=OpenSSH
+ MAINTAINER:=Peter Wagner <tripolar@gmx.at>
+ URL:=http://www.openssh.com/
+ SUBMENU:=SSH
+ VARIANT:=without-pam
+endef
+
+define Package/openssh-moduli
+ $(call Package/openssh/Default)
+ DEPENDS+= +openssh-keygen
+ TITLE+= moduli file
+endef
+
+define Package/openssh-moduli/description
+OpenSSH server moduli file.
+endef
+
+define Package/openssh-client
+ $(call Package/openssh/Default)
+ TITLE+= client
+endef
+
+define Package/openssh-client/description
+OpenSSH client.
+endef
+
+define Package/openssh-client/conffiles
+/etc/ssh/ssh_config
+endef
+
+define Package/openssh-client-utils
+ $(call Package/openssh/Default)
+ DEPENDS+= +openssh-client +openssh-keygen
+ TITLE+= client utilities
+endef
+
+define Package/openssh-client-utils/description
+OpenSSH client utilities.
+endef
+
+define Package/openssh-keygen
+ $(call Package/openssh/Default)
+ TITLE+= keygen
+endef
+
+define Package/openssh-keygen/description
+OpenSSH keygen.
+endef
+
+define Package/openssh-server
+ $(call Package/openssh/Default)
+ DEPENDS+= +openssh-keygen
+ TITLE+= server
+endef
+
+define Package/openssh-server/description
+OpenSSH server.
+endef
+
+define Package/openssh-server/conffiles
+/etc/ssh/sshd_config
+endef
+
+define Package/openssh-server-pam
+ $(call Package/openssh/Default)
+ DEPENDS+= +libpthread +openssh-keygen +libpam
+ TITLE+= server (with PAM support)
+ VARIANT:=with-pam
+endef
+
+define Package/openssh-server-pam/description
+OpenSSH server (with PAM support).
+endef
+
+define Package/openssh-server-pam/conffiles
+/etc/pam.d/sshd
+/etc/security/access-sshd-local.conf
+/etc/ssh/sshd_config
+endef
+
+define Package/openssh-sftp-client
+ $(call Package/openssh/Default)
+ TITLE+= SFTP client
+endef
+
+define Package/openssh-sftp-client/description
+OpenSSH SFTP client.
+endef
+
+define Package/openssh-sftp-server
+ $(call Package/openssh/Default)
+ TITLE+= SFTP server
+endef
+
+define Package/openssh-sftp-server/description
+OpenSSH SFTP server.
+endef
+
+CONFIGURE_ARGS+= \
+ $(DISABLE_NLS) \
+ --sysconfdir=/etc/ssh \
+ --with-privsep-user=sshd \
+ --with-privsep-path=/var/empty \
+ --enable-shared \
+ --disable-static \
+ --disable-debug \
+ --disable-strip \
+ --disable-etc-default-login \
+ --disable-lastlog \
+ --disable-utmp \
+ --disable-utmpx \
+ --disable-wtmp \
+ --disable-wtmpx \
+ --without-bsd-auth \
+ --without-kerberos5 \
+ --without-x
+
+ifeq ($(BUILD_VARIANT),with-pam)
+CONFIGURE_ARGS += \
+ --with-pam
+else
+CONFIGURE_ARGS += \
+ --without-pam
+endif
+
+ifeq ($(CONFIG_OPENSSL_ENGINE),y)
+CONFIGURE_ARGS+= \
+ --with-ssl-engine
+endif
+
+ifneq ($(CONFIG_SSP_SUPPORT),y)
+CONFIGURE_ARGS += \
+ --without-stackprotect
+endif
+
+CONFIGURE_VARS += LD="$(TARGET_CC)"
+
+ifeq ($(BUILD_VARIANT),with-pam)
+TARGET_LDFLAGS += -lpthread
+endif
+
+define Build/Compile
+ $(MAKE) -C $(PKG_BUILD_DIR) \
+ DESTDIR="$(PKG_INSTALL_DIR)" \
+ LIBS="" \
+ sftp-server
+ $(MAKE) -C $(PKG_BUILD_DIR) \
+ DESTDIR="$(PKG_INSTALL_DIR)" \
+ STRIP_OPT="" \
+ all install
+endef
+
+define Package/openssh-client/preinst
+#!/bin/sh
+if [ -L $${IPKG_INSTROOT}/usr/bin/ssh ] && [ -L $${IPKG_INSTROOT}/usr/bin/scp ]; then
+ rm -f $${IPKG_INSTROOT}/usr/bin/ssh $${IPKG_INSTROOT}/usr/bin/scp;
+fi
+exit 0
+endef
+
+define Package/openssh-client/postrm
+#!/bin/sh
+rm -f $${IPKG_INSTROOT}/usr/bin/ssh $${IPKG_INSTROOT}/usr/bin/scp;
+if [ -x $${IPKG_INSTROOT}/usr/sbin/dropbear ] ; then
+ ln -s /usr/sbin/dropbear $${IPKG_INSTROOT}/usr/bin/ssh;
+ ln -s /usr/sbin/dropbear $${IPKG_INSTROOT}/usr/bin/scp;
+fi
+exit 0
+endef
+
+define Package/openssh-moduli/install
+ $(INSTALL_DIR) $(1)/etc/ssh
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/ssh/moduli $(1)/etc/ssh/
+endef
+
+define Package/openssh-client/install
+ $(INSTALL_DIR) $(1)/etc/ssh
+ chmod 0700 $(1)/etc/ssh
+ $(CP) $(PKG_INSTALL_DIR)/etc/ssh/ssh_config $(1)/etc/ssh/
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ssh $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/scp $(1)/usr/bin/
+endef
+
+define Package/openssh-client-utils/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(foreach bin,add agent keyscan keysign,$(PKG_BUILD_DIR)/ssh-$(bin)) $(1)/usr/bin/
+endef
+
+define Package/openssh-keygen/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ssh-keygen $(1)/usr/bin/
+endef
+
+define Package/openssh-server/install
+ $(INSTALL_DIR) $(1)/etc/ssh
+ chmod 0700 $(1)/etc/ssh
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/ssh/sshd_config $(1)/etc/ssh/
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/sshd.init $(1)/etc/init.d/sshd
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/sshd $(1)/usr/sbin/
+endef
+
+define Package/openssh-server-pam/install
+ $(call Package/openssh-server/install,$(1))
+ sed -i 's,#PasswordAuthentication yes,PasswordAuthentication no,g' $(1)/etc/ssh/sshd_config
+ sed -i 's,#UsePAM no,UsePAM yes,g' $(1)/etc/ssh/sshd_config
+ $(INSTALL_DIR) $(1)/etc/pam.d
+ $(INSTALL_DATA) ./files/sshd.pam $(1)/etc/pam.d/sshd
+ $(INSTALL_DIR) $(1)/etc/security
+ $(INSTALL_DATA) ./files/sshd.pam-access $(1)/etc/security/access-sshd-local.conf
+endef
+
+define Package/openssh-sftp-client/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sftp $(1)/usr/bin/
+endef
+
+define Package/openssh-sftp-server/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/sftp-server $(1)/usr/lib/
+ $(INSTALL_DIR) $(1)/usr/libexec
+ ln -sf ../lib/sftp-server $(1)/usr/libexec/sftp-server
+endef
+
+$(eval $(call BuildPackage,openssh-client))
+$(eval $(call BuildPackage,openssh-moduli))
+$(eval $(call BuildPackage,openssh-client-utils))
+$(eval $(call BuildPackage,openssh-keygen))
+$(eval $(call BuildPackage,openssh-server))
+$(eval $(call BuildPackage,openssh-server-pam))
+$(eval $(call BuildPackage,openssh-sftp-client))
+$(eval $(call BuildPackage,openssh-sftp-server))
--- /dev/null
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2006-2011 OpenWrt.org
+
+START=50
+STOP=50
+
+USE_PROCD=1
+PROG=/usr/sbin/sshd
+
+start_service() {
+ for type in rsa dsa; do {
+ # check for keys
+ key=/etc/ssh/ssh_host_${type}_key
+ [ ! -f $key ] && {
+ # generate missing keys
+ [ -x /usr/bin/ssh-keygen ] && {
+ /usr/bin/ssh-keygen -N '' -t $type -f $key 2>&- >&-
+ }
+ }
+ }; done
+ user_exists sshd 22 || user_add sshd 22 22 sshd /var/empty
+ group_exists sshd 22 || group_add sshd 22
+ mkdir -m 0700 -p /var/empty
+
+ procd_open_instance
+ procd_set_param command $PROG -D
+ procd_close_instance
+}
+
+shutdown() {
+ local pid
+ local pids
+ local pid_mine
+
+ stop
+
+ # kill active clients
+ pid_mine="$$"
+ pids="$(pidof sshd)"
+ for pid in $pids; do
+ [ "$pid" = "$pid_mine" ] && continue
+ [ -e "/proc/$pid/stat" ] && kill $pid
+ done
+}
--- /dev/null
+# PAM configuration for the Secure Shell service
+
+# Read environment variables from /etc/environment and
+# /etc/security/pam_env.conf.
+auth required pam_env.so
+
+# Skip Google Authenticator if logging in from the local network.
+# auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-sshd-local.conf
+# Google Authenticator 2-step verification.
+# auth requisite pam_google_authenticator.so
+
+# Standard Un*x authentication.
+auth include common-auth
+
+# Disallow non-root logins when /etc/nologin exists.
+account required pam_nologin.so
+
+# Uncomment and edit /etc/security/access.conf if you need to set complex
+# access limits that are hard to express in sshd_config.
+# account required pam_access.so
+
+# Standard Un*x authorization.
+account include common-account
+
+# Standard Un*x session setup and teardown.
+session include common-session
+
+# Print the message of the day upon successful login.
+session optional pam_motd.so
+
+# Print the status of the user's mailbox upon successful login.
+session optional pam_mail.so standard noenv
+
+# Set up user limits from /etc/security/limits.conf.
+session required pam_limits.so
+
+# Set up SELinux capabilities (need modified pam)
+# session required pam_selinux.so multiple
+
+# Standard Un*x password updating.
+password include common-password
--- /dev/null
+# Skip Google Authenticator for local network
+#+ : ALL : 192.168.1.0/24
++ : ALL : LOCAL
+- : ALL : ALL
--- /dev/null
+--- a/cipher.c
++++ b/cipher.c
+@@ -80,8 +80,10 @@ static const struct Cipher ciphers[] = {
+ { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
+ { "blowfish-cbc",
+ SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
++#ifndef OPENSSL_NO_CAST
+ { "cast128-cbc",
+ SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc },
++#endif
+ { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 },
+ { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 },
+ { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 },
--- /dev/null
+--- a/includes.h
++++ b/includes.h
+@@ -59,6 +59,9 @@
+ /*
+ *-*-nto-qnx needs these headers for strcasecmp and LASTLOG_FILE respectively
+ */
++#ifdef HAVE_STRING_H
++# include <string.h>
++#endif
+ #ifdef HAVE_STRINGS_H
+ # include <strings.h>
+ #endif
--- /dev/null
+--- a/auth-pam.c
++++ b/auth-pam.c
+@@ -159,7 +159,7 @@ sshpam_sigchld_handler(int sig)
+ }
+ if (WIFSIGNALED(sshpam_thread_status) &&
+ WTERMSIG(sshpam_thread_status) == SIGTERM)
+- return; /* terminated by pthread_cancel */
++ return; /* terminated by pthread2_cancel */
+ if (!WIFEXITED(sshpam_thread_status))
+ sigdie("PAM: authentication thread exited unexpectedly");
+ if (WEXITSTATUS(sshpam_thread_status) != 0)
+@@ -168,14 +168,14 @@ sshpam_sigchld_handler(int sig)
+
+ /* ARGSUSED */
+ static void
+-pthread_exit(void *value)
++pthread2_exit(void *value)
+ {
+ _exit(0);
+ }
+
+ /* ARGSUSED */
+ static int
+-pthread_create(sp_pthread_t *thread, const void *attr,
++pthread2_create(sp_pthread_t *thread, const void *attr,
+ void *(*thread_start)(void *), void *arg)
+ {
+ pid_t pid;
+@@ -201,7 +201,7 @@ pthread_create(sp_pthread_t *thread, con
+ }
+
+ static int
+-pthread_cancel(sp_pthread_t thread)
++pthread2_cancel(sp_pthread_t thread)
+ {
+ signal(SIGCHLD, sshpam_oldsig);
+ return (kill(thread, SIGTERM));
+@@ -209,7 +209,7 @@ pthread_cancel(sp_pthread_t thread)
+
+ /* ARGSUSED */
+ static int
+-pthread_join(sp_pthread_t thread, void **value)
++pthread2_join(sp_pthread_t thread, void **value)
+ {
+ int status;
+
+@@ -510,7 +510,7 @@ sshpam_thread(void *ctxtp)
+ /* XXX - can't do much about an error here */
+ ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer);
+ buffer_free(&buffer);
+- pthread_exit(NULL);
++ pthread2_exit(NULL);
+
+ auth_fail:
+ buffer_put_cstring(&buffer,
+@@ -521,7 +521,7 @@ sshpam_thread(void *ctxtp)
+ else
+ ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
+ buffer_free(&buffer);
+- pthread_exit(NULL);
++ pthread2_exit(NULL);
+
+ return (NULL); /* Avoid warning for non-pthread case */
+ }
+@@ -533,8 +533,8 @@ sshpam_thread_cleanup(void)
+
+ debug3("PAM: %s entering", __func__);
+ if (ctxt != NULL && ctxt->pam_thread != 0) {
+- pthread_cancel(ctxt->pam_thread);
+- pthread_join(ctxt->pam_thread, NULL);
++ pthread2_cancel(ctxt->pam_thread);
++ pthread2_join(ctxt->pam_thread, NULL);
+ close(ctxt->pam_psock);
+ close(ctxt->pam_csock);
+ memset(ctxt, 0, sizeof(*ctxt));
+@@ -698,7 +698,7 @@ sshpam_init_ctx(Authctxt *authctxt)
+ }
+ ctxt->pam_psock = socks[0];
+ ctxt->pam_csock = socks[1];
+- if (pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) {
++ if (pthread2_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) {
+ error("PAM: failed to start authentication thread: %s",
+ strerror(errno));
+ close(socks[0]);
--- /dev/null
+--- a/ssh_config
++++ b/ssh_config
+@@ -46,3 +46,6 @@
+ # VisualHostKey no
+ # ProxyCommand ssh -q -W %h:%p gateway.example.com
+ # RekeyLimit 1G 1h
++
++# enable DSCP QoS values (per RFC-4594)
++#IPQoS AF21 AF11
+--- a/sshd_config
++++ b/sshd_config
+@@ -122,6 +122,9 @@ UsePrivilegeSeparation sandbox # Defaul
+ # no default banner path
+ #Banner none
+
++# enable DSCP QoS values (per RFC-4594)
++#IPQoS AF21 AF11
++
+ # override default of no subsystems
+ Subsystem sftp /usr/libexec/sftp-server
+
projects / feed / packages.git / commitdiff