diff options
Diffstat (limited to 'data/_openssh')
50 files changed, 997 insertions, 0 deletions
diff --git a/data/_openssh/_metadata/depiction b/data/_openssh/_metadata/depiction new file mode 100644 index 000000000..6d11dd20b --- /dev/null +++ b/data/_openssh/_metadata/depiction @@ -0,0 +1 @@ +http://cydia.saurik.com/info/openssh/ diff --git a/data/_openssh/_metadata/description b/data/_openssh/_metadata/description new file mode 100644 index 000000000..8112506c5 --- /dev/null +++ b/data/_openssh/_metadata/description @@ -0,0 +1 @@ +secure remote access between machines diff --git a/data/_openssh/_metadata/in.1200.00 b/data/_openssh/_metadata/in.1200.00 new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/data/_openssh/_metadata/in.1200.00 diff --git a/data/_openssh/_metadata/in.1443.00 b/data/_openssh/_metadata/in.1443.00 new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/data/_openssh/_metadata/in.1443.00 diff --git a/data/_openssh/_metadata/in.550.58 b/data/_openssh/_metadata/in.550.58 new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/data/_openssh/_metadata/in.550.58 diff --git a/data/_openssh/_metadata/libssl1.1.1.dep b/data/_openssh/_metadata/libssl1.1.1.dep new file mode 120000 index 000000000..254747b12 --- /dev/null +++ b/data/_openssh/_metadata/libssl1.1.1.dep @@ -0,0 +1 @@ +../../libssl1.1.1
\ No newline at end of file diff --git a/data/_openssh/_metadata/license b/data/_openssh/_metadata/license new file mode 100644 index 000000000..3964b1d77 --- /dev/null +++ b/data/_openssh/_metadata/license @@ -0,0 +1,338 @@ +This file is part of the OpenSSH software. + +The licences which components of this software fall under are as +follows. First, we will summarize and say that all components +are under a BSD licence, or a licence more free than that. + +OpenSSH contains no GPL code. + +1) + * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + + [Tatu continues] + * However, I am not implying to give any licenses to any patents or + * copyrights held by third parties, and the software includes parts that + * are not under my direct control. As far as I know, all included + * source code is used in accordance with the relevant license agreements + * and can be used freely for any purpose (the GNU license being the most + * restrictive); see below for details. + + [However, none of that term is relevant at this point in time. All of + these restrictively licenced software components which he talks about + have been removed from OpenSSH, i.e., + + - RSA is no longer included, found in the OpenSSL library + - IDEA is no longer included, its use is deprecated + - DES is now external, in the OpenSSL library + - GMP is no longer used, and instead we call BN code from OpenSSL + - Zlib is now external, in a library + - The make-ssh-known-hosts script is no longer included + - TSS has been removed + - MD5 is now external, in the OpenSSL library + - RC4 support has been replaced with ARC4 support from OpenSSL + - Blowfish is now external, in the OpenSSL library + + [The licence continues] + + Note that any information and cryptographic algorithms used in this + software are publicly available on the Internet and at any major + bookstore, scientific library, and patent office worldwide. More + information can be found e.g. at "http://www.cs.hut.fi/crypto". + + The legal status of this program is some combination of all these + permissions and restrictions. Use only at your own responsibility. + You will be responsible for any legal consequences yourself; I am not + making any claims whether possessing or using this is legal or not in + your country, and I am not taking any responsibility on your behalf. + + + NO WARRANTY + + BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY + FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN + OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES + PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED + OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS + TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE + PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, + REPAIR OR CORRECTION. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING + WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR + REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, + INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING + OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED + TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY + YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER + PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE + POSSIBILITY OF SUCH DAMAGES. + +2) + The 32-bit CRC compensation attack detector in deattack.c was + contributed by CORE SDI S.A. under a BSD-style license. + + * Cryptographic attack detector for ssh - source code + * + * Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina. + * + * All rights reserved. Redistribution and use in source and binary + * forms, with or without modification, are permitted provided that + * this copyright notice is retained. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI S.A. BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR + * CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OR MISUSE OF THIS + * SOFTWARE. + * + * Ariel Futoransky <futo@core-sdi.com> + * <http://www.core-sdi.com> + +3) + ssh-keyscan was contributed by David Mazieres under a BSD-style + license. + + * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. + * + * Modification and redistribution in source and binary forms is + * permitted provided that due credit is given to the author and the + * OpenBSD project by leaving this copyright notice intact. + +4) + The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers + and Paulo Barreto is in the public domain and distributed + with the following license: + + * @version 3.0 (December 2000) + * + * Optimised ANSI C code for the Rijndael cipher (now AES) + * + * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be> + * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be> + * @author Paulo Barreto <paulo.barreto@terra.com.br> + * + * This code is hereby placed in the public domain. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +5) + One component of the ssh source code is under a 3-clause BSD license, + held by the University of California, since we pulled these parts from + original Berkeley code. + + * Copyright (c) 1983, 1990, 1992, 1993, 1995 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + +6) + Remaining components of the software are provided under a standard + 2-term BSD licence with the following names as copyright holders: + + Markus Friedl + Theo de Raadt + Niels Provos + Dug Song + Aaron Campbell + Damien Miller + Kevin Steves + Daniel Kouril + Wesley Griffin + Per Allansson + Nils Nordman + Simon Wilkinson + + Portable OpenSSH additionally includes code from the following copyright + holders, also under the 2-term BSD license: + + Ben Lindstrom + Tim Rice + Andre Lucas + Chris Adams + Corinna Vinschen + Cray Inc. + Denis Parker + Gert Doering + Jakob Schlyter + Jason Downs + Juha Yrjölä + Michael Stone + Networks Associates Technology, Inc. + Solar Designer + Todd C. Miller + Wayne Schroeder + William Jones + Darren Tucker + Sun Microsystems + The SCO Group + Daniel Walsh + + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +8) Portable OpenSSH contains the following additional licenses: + + a) md5crypt.c, md5crypt.h + + * "THE BEER-WARE LICENSE" (Revision 42): + * <phk@login.dknet.dk> wrote this file. As long as you retain this + * notice you can do whatever you want with this stuff. If we meet + * some day, and you think this stuff is worth it, you can buy me a + * beer in return. Poul-Henning Kamp + + b) snprintf replacement + + * Copyright Patrick Powell 1995 + * This code is based on code written by Patrick Powell + * (papowell@astart.com) It may be used for any purpose as long as this + * notice remains intact on all source code distributions + + c) Compatibility code (openbsd-compat) + + Apart from the previously mentioned licenses, various pieces of code + in the openbsd-compat/ subdirectory are licensed as follows: + + Some code is licensed under a 3-term BSD license, to the following + copyright holders: + + Todd C. Miller + Theo de Raadt + Damien Miller + Eric P. Allman + The Regents of the University of California + Constantin S. Svintsoff + + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + + Some code is licensed under an ISC-style license, to the following + copyright holders: + + Internet Software Consortium. + Todd C. Miller + Reyk Floeter + Chad Mynhier + + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND TODD C. MILLER DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL TODD C. MILLER BE LIABLE + * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + Some code is licensed under a MIT-style license to the following + copyright holders: + + Free Software Foundation, Inc. + + * Permission is hereby granted, free of charge, to any person obtaining a * + * copy of this software and associated documentation files (the * + * "Software"), to deal in the Software without restriction, including * + * without limitation the rights to use, copy, modify, merge, publish, * + * distribute, distribute with modifications, sublicense, and/or sell * + * copies of the Software, and to permit persons to whom the Software is * + * furnished to do so, subject to the following conditions: * + * * + * The above copyright notice and this permission notice shall be included * + * in all copies or substantial portions of the Software. * + * * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS * + * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. * + * IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, * + * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR * + * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR * + * THE USE OR OTHER DEALINGS IN THE SOFTWARE. * + * * + * Except as contained in this notice, the name(s) of the above copyright * + * holders shall not be used in advertising or otherwise to promote the * + * sale, use or other dealings in this Software without prior written * + * authorization. * + ****************************************************************************/ + + +------ +$OpenBSD: LICENCE,v 1.19 2004/08/30 09:18:08 markus Exp $ diff --git a/data/_openssh/_metadata/maintainer b/data/_openssh/_metadata/maintainer new file mode 120000 index 000000000..573d7ebef --- /dev/null +++ b/data/_openssh/_metadata/maintainer @@ -0,0 +1 @@ +../../../people/sbingner
\ No newline at end of file diff --git a/data/_openssh/_metadata/name b/data/_openssh/_metadata/name new file mode 100644 index 000000000..721aee556 --- /dev/null +++ b/data/_openssh/_metadata/name @@ -0,0 +1 @@ +OpenSSH diff --git a/data/_openssh/_metadata/openssh-client/breaks b/data/_openssh/_metadata/openssh-client/breaks new file mode 100644 index 000000000..7437a6f3d --- /dev/null +++ b/data/_openssh/_metadata/openssh-client/breaks @@ -0,0 +1 @@ +openssh (<= 8.4-1) diff --git a/data/_openssh/_metadata/openssh-client/description b/data/_openssh/_metadata/openssh-client/description new file mode 100644 index 000000000..025130bda --- /dev/null +++ b/data/_openssh/_metadata/openssh-client/description @@ -0,0 +1,8 @@ +secure shell (SSH) client, for secure access to remote machines +This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group. +. +Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It can be used to provide applications with a secure communication channel. +. +This package provides the client binaries. +. +In some countries it may be illegal to use any encryption at all without a special permit. diff --git a/data/_openssh/_metadata/openssh-client/name b/data/_openssh/_metadata/openssh-client/name new file mode 100644 index 000000000..6d03a7b74 --- /dev/null +++ b/data/_openssh/_metadata/openssh-client/name @@ -0,0 +1 @@ +OpenSSH Clients diff --git a/data/_openssh/_metadata/openssh-global-listener/breaks b/data/_openssh/_metadata/openssh-global-listener/breaks new file mode 100644 index 000000000..7437a6f3d --- /dev/null +++ b/data/_openssh/_metadata/openssh-global-listener/breaks @@ -0,0 +1 @@ +openssh (<= 8.4-1) diff --git a/data/_openssh/_metadata/openssh-global-listener/depends b/data/_openssh/_metadata/openssh-global-listener/depends new file mode 100644 index 000000000..9ceb541c6 --- /dev/null +++ b/data/_openssh/_metadata/openssh-global-listener/depends @@ -0,0 +1 @@ +openssh-server (>= %MYVERSION%) diff --git a/data/_openssh/_metadata/openssh-global-listener/description b/data/_openssh/_metadata/openssh-global-listener/description new file mode 100644 index 000000000..833ed8f3c --- /dev/null +++ b/data/_openssh/_metadata/openssh-global-listener/description @@ -0,0 +1,8 @@ +secure shell (SSH) server, for secure access from remote machines +This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group. +. +Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It can be used to provide applications with a secure communication channel. +. +This package provides a global listener on port 22. +. +In some countries it may be illegal to use any encryption at all without a special permit. diff --git a/data/_openssh/_metadata/openssh-global-listener/extrainst_ b/data/_openssh/_metadata/openssh-global-listener/extrainst_ new file mode 100755 index 000000000..007af8999 --- /dev/null +++ b/data/_openssh/_metadata/openssh-global-listener/extrainst_ @@ -0,0 +1,12 @@ +#!/bin/sh + +if [[ $1 == upgrade ]]; then + /bin/launchctl unload /Library/LaunchDaemons/com.openssh.sshd.plist + /bin/launchctl load /Library/LaunchDaemons/com.openssh.sshd.plist +fi + +if [[ $1 == install ]]; then + /bin/launchctl load -w /Library/LaunchDaemons/com.openssh.sshd.plist +fi + +exit 0 diff --git a/data/_openssh/_metadata/openssh-global-listener/name b/data/_openssh/_metadata/openssh-global-listener/name new file mode 100644 index 000000000..3deddc21f --- /dev/null +++ b/data/_openssh/_metadata/openssh-global-listener/name @@ -0,0 +1 @@ +OpenSSH Global Listener diff --git a/data/_openssh/_metadata/openssh-global-listener/prerm b/data/_openssh/_metadata/openssh-global-listener/prerm new file mode 100755 index 000000000..71be0c498 --- /dev/null +++ b/data/_openssh/_metadata/openssh-global-listener/prerm @@ -0,0 +1,7 @@ +#!/bin/sh + +if [[ $1 == remove || $1 == purge ]]; then + /bin/launchctl unload /Library/LaunchDaemons/com.openssh.sshd.plist +fi + +exit 0 diff --git a/data/_openssh/_metadata/openssh-local-listener/depends b/data/_openssh/_metadata/openssh-local-listener/depends new file mode 100644 index 000000000..9ceb541c6 --- /dev/null +++ b/data/_openssh/_metadata/openssh-local-listener/depends @@ -0,0 +1 @@ +openssh-server (>= %MYVERSION%) diff --git a/data/_openssh/_metadata/openssh-local-listener/description b/data/_openssh/_metadata/openssh-local-listener/description new file mode 100644 index 000000000..555730edf --- /dev/null +++ b/data/_openssh/_metadata/openssh-local-listener/description @@ -0,0 +1,8 @@ +secure shell (SSH) server, for secure access from remote machines +This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group. +. +Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It can be used to provide applications with a secure communication channel. +. +This package provides a listener for only localhost on port 22. +. +In some countries it may be illegal to use any encryption at all without a special permit. diff --git a/data/_openssh/_metadata/openssh-local-listener/extrainst_ b/data/_openssh/_metadata/openssh-local-listener/extrainst_ new file mode 100755 index 000000000..a90ba8854 --- /dev/null +++ b/data/_openssh/_metadata/openssh-local-listener/extrainst_ @@ -0,0 +1,12 @@ +#!/bin/sh + +if [[ $1 == upgrade ]]; then + /bin/launchctl unload /Library/LaunchDaemons/com.openssh.sshd-localhost.plist + /bin/launchctl load /Library/LaunchDaemons/com.openssh.sshd-localhost.plist +fi + +if [[ $1 == install ]]; then + /bin/launchctl load -w /Library/LaunchDaemons/com.openssh.sshd-localhost.plist +fi + +exit 0 diff --git a/data/_openssh/_metadata/openssh-local-listener/name b/data/_openssh/_metadata/openssh-local-listener/name new file mode 100644 index 000000000..23d81c442 --- /dev/null +++ b/data/_openssh/_metadata/openssh-local-listener/name @@ -0,0 +1 @@ +OpenSSH Localhost Listener diff --git a/data/_openssh/_metadata/openssh-local-listener/prerm b/data/_openssh/_metadata/openssh-local-listener/prerm new file mode 100755 index 000000000..7d5a11e55 --- /dev/null +++ b/data/_openssh/_metadata/openssh-local-listener/prerm @@ -0,0 +1,7 @@ +#!/bin/sh + +if [[ $1 == remove || $1 == purge ]]; then + /bin/launchctl unload /Library/LaunchDaemons/com.openssh.sshd-localhost.plist +fi + +exit 0 diff --git a/data/_openssh/_metadata/openssh-server/breaks b/data/_openssh/_metadata/openssh-server/breaks new file mode 100644 index 000000000..7437a6f3d --- /dev/null +++ b/data/_openssh/_metadata/openssh-server/breaks @@ -0,0 +1 @@ +openssh (<= 8.4-1) diff --git a/data/_openssh/_metadata/openssh-server/depends b/data/_openssh/_metadata/openssh-server/depends new file mode 100644 index 000000000..22aeda7ea --- /dev/null +++ b/data/_openssh/_metadata/openssh-server/depends @@ -0,0 +1 @@ +openssh-client (>= %MYVERSION%) diff --git a/data/_openssh/_metadata/openssh-server/description b/data/_openssh/_metadata/openssh-server/description new file mode 100644 index 000000000..3f610cca2 --- /dev/null +++ b/data/_openssh/_metadata/openssh-server/description @@ -0,0 +1,8 @@ +secure shell (SSH) server, for secure access from remote machines +This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group. +. +Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It can be used to provide applications with a secure communication channel. +. +This package provides the sshd server. +. +In some countries it may be illegal to use any encryption at all without a special permit. diff --git a/data/_openssh/_metadata/openssh-server/name b/data/_openssh/_metadata/openssh-server/name new file mode 100644 index 000000000..1f0d9f0e6 --- /dev/null +++ b/data/_openssh/_metadata/openssh-server/name @@ -0,0 +1 @@ +OpenSSH Server Binaries diff --git a/data/_openssh/_metadata/openssh/depends b/data/_openssh/_metadata/openssh/depends new file mode 100644 index 000000000..eca877aaa --- /dev/null +++ b/data/_openssh/_metadata/openssh/depends @@ -0,0 +1 @@ +openssh-server, openssh-client, openssh-global-listener diff --git a/data/_openssh/_metadata/openssh/description b/data/_openssh/_metadata/openssh/description new file mode 100644 index 000000000..3f610cca2 --- /dev/null +++ b/data/_openssh/_metadata/openssh/description @@ -0,0 +1,8 @@ +secure shell (SSH) server, for secure access from remote machines +This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group. +. +Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It can be used to provide applications with a secure communication channel. +. +This package provides the sshd server. +. +In some countries it may be illegal to use any encryption at all without a special permit. diff --git a/data/_openssh/_metadata/priority b/data/_openssh/_metadata/priority new file mode 100644 index 000000000..ea5b3d7ee --- /dev/null +++ b/data/_openssh/_metadata/priority @@ -0,0 +1 @@ +important diff --git a/data/_openssh/_metadata/role b/data/_openssh/_metadata/role new file mode 100644 index 000000000..762113e87 --- /dev/null +++ b/data/_openssh/_metadata/role @@ -0,0 +1 @@ +enduser diff --git a/data/_openssh/_metadata/section b/data/_openssh/_metadata/section new file mode 100644 index 000000000..8708e4b54 --- /dev/null +++ b/data/_openssh/_metadata/section @@ -0,0 +1 @@ +Networking diff --git a/data/_openssh/_metadata/tags b/data/_openssh/_metadata/tags new file mode 100644 index 000000000..6297beb06 --- /dev/null +++ b/data/_openssh/_metadata/tags @@ -0,0 +1 @@ +purpose::daemon, purpose::console diff --git a/data/_openssh/_metadata/version b/data/_openssh/_metadata/version new file mode 100644 index 000000000..c9dc04908 --- /dev/null +++ b/data/_openssh/_metadata/version @@ -0,0 +1 @@ +8.4 diff --git a/data/_openssh/com.openssh.sshd-localhost.plist b/data/_openssh/com.openssh.sshd-localhost.plist new file mode 100644 index 000000000..a4aa4ab94 --- /dev/null +++ b/data/_openssh/com.openssh.sshd-localhost.plist @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> + <dict> + <key>Label</key> + <string>com.openssh.sshd-localhost</string> + + <key>Program</key> + <string>/bin/sh</string> + + <key>ProgramArguments</key> + <array> + <string>/bin/sh</string> + <string>/usr/libexec/sshd-keygen-wrapper</string> + <string>-i</string> + </array> + + <key>SessionCreate</key> + <true/> + + <key>Sockets</key> + <dict> + <key>SSHV6Listener</key> + <dict> + <key>SockNodeName</key> + <string>::1</string> + <key>SockServiceName</key> + <string>ssh</string> + </dict> + <key>SSHV4Listener</key> + <dict> + <key>SockNodeName</key> + <string>127.0.0.1</string> + <key>SockServiceName</key> + <string>ssh</string> + </dict> + </dict> + + <key>StandardErrorPath</key> + <string>/dev/null</string> + + <key>inetdCompatibility</key> + <dict> + <key>Wait</key> + <false/> + </dict> + <key>ExecuteAllowed</key> + <true/> + </dict> + +</plist> diff --git a/data/_openssh/com.openssh.sshd.plist b/data/_openssh/com.openssh.sshd.plist new file mode 100644 index 000000000..450056bd6 --- /dev/null +++ b/data/_openssh/com.openssh.sshd.plist @@ -0,0 +1,39 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <key>ExecuteAllowed</key> + <true/> + <key>Label</key> + <string>com.openssh.sshd</string> + <key>POSIXSpawnType</key> + <string>Interactive</string> + <key>EnablePressuredExit</key> + <false/> + <key>Program</key> + <string>/bin/sh</string> + <key>ProgramArguments</key> + <array> + <string>/bin/sh</string> + <string>/usr/libexec/sshd-keygen-wrapper</string> + <string>-i</string> + </array> + <key>SessionCreate</key> + <true/> + <key>Sockets</key> + <dict> + <key>SSHListener</key> + <dict> + <key>SockServiceName</key> + <string>ssh</string> + </dict> + </dict> + <key>StandardErrorPath</key> + <string>/dev/null</string> + <key>inetdCompatibility</key> + <dict> + <key>Wait</key> + <false/> + </dict> +</dict> +</plist> diff --git a/data/_openssh/dirent.diff b/data/_openssh/dirent.diff new file mode 100644 index 000000000..2d5238250 --- /dev/null +++ b/data/_openssh/dirent.diff @@ -0,0 +1,14 @@ +diff -ur openssh-8.4p1/configure.ac openssh-8.4p1+iOS/configure.ac +--- openssh-8.4p1/configure.ac 2021-01-26 23:09:30.000000000 -1000 ++++ openssh-8.4p1+iOS/configure.ac 2020-09-26 21:25:01.000000000 -1000 +@@ -1534,8 +1534,8 @@ + allocate extra space for d_name]) + ], + [ +- AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) +- AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) ++ AC_MSG_WARN([cross compiling: assuming yes]) ++ AC_MSG_RESULT([yes]) + ] + ) + diff --git a/data/_openssh/install.diff b/data/_openssh/install.diff new file mode 100644 index 000000000..88866e26b --- /dev/null +++ b/data/_openssh/install.diff @@ -0,0 +1,12 @@ +diff -ru openssh-6.7p1/Makefile.in openssh-6.7p1+iPhone/Makefile.in +--- openssh-6.7p1/Makefile.in 2014-08-30 06:23:07.000000000 +0000 ++++ openssh-6.7p1+iPhone/Makefile.in 2014-12-03 08:17:45.000000000 +0000 +@@ -270,7 +270,7 @@ + $(AUTORECONF) + -rm -rf autom4te.cache + +-install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config ++install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf + install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf + install-nosysconf: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files + diff --git a/data/_openssh/make.sh b/data/_openssh/make.sh new file mode 100644 index 000000000..cef4f65e0 --- /dev/null +++ b/data/_openssh/make.sh @@ -0,0 +1,11 @@ +pkg:setup +autoconf +pkg:configure --disable-strip --sysconfdir=/etc/ssh --disable-libutil --disable-utmp --disable-wtmp +pkg:make +pkg:install INSTALL_SSH_RAND_HELPER=yes +pkg: cp -a %/sshd-keygen-wrapper /usr/libexec +pkg: mkdir -p /Library/LaunchDaemons +pkg: cp -a %/com.openssh.sshd.plist /Library/LaunchDaemons +pkg: cp -a %/com.openssh.sshd-localhost.plist /Library/LaunchDaemons +pkg: cp -af %/ssh{d,}_config /etc/ssh +subpkg:stage diff --git a/data/_openssh/openssh-8.4p1.tar.gz b/data/_openssh/openssh-8.4p1.tar.gz Binary files differnew file mode 100644 index 000000000..ec913a33a --- /dev/null +++ b/data/_openssh/openssh-8.4p1.tar.gz diff --git a/data/_openssh/openssh-client.install b/data/_openssh/openssh-client.install new file mode 100644 index 000000000..9ded1dd17 --- /dev/null +++ b/data/_openssh/openssh-client.install @@ -0,0 +1,5 @@ +/etc/ssh/moduli +/etc/ssh/ssh_config +/usr/bin/* +/usr/libexec/ssh-* +/var/empty diff --git a/data/_openssh/openssh-global-listener.install b/data/_openssh/openssh-global-listener.install new file mode 100644 index 000000000..e592d2999 --- /dev/null +++ b/data/_openssh/openssh-global-listener.install @@ -0,0 +1 @@ +/Library/LaunchDaemons/com.openssh.sshd.plist diff --git a/data/_openssh/openssh-local-listener.install b/data/_openssh/openssh-local-listener.install new file mode 100644 index 000000000..2d7c6e206 --- /dev/null +++ b/data/_openssh/openssh-local-listener.install @@ -0,0 +1 @@ +/Library/LaunchDaemons/com.openssh.sshd-localhost.plist diff --git a/data/_openssh/openssh-server.install b/data/_openssh/openssh-server.install new file mode 100644 index 000000000..af73dc21f --- /dev/null +++ b/data/_openssh/openssh-server.install @@ -0,0 +1,4 @@ +/etc/ssh/sshd_config +/usr/libexec/sftp-server +/usr/libexec/sshd-keygen-wrapper +/usr/sbin/sshd diff --git a/data/_openssh/openssh.install b/data/_openssh/openssh.install new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/data/_openssh/openssh.install diff --git a/data/_openssh/privsep.diff b/data/_openssh/privsep.diff new file mode 100644 index 000000000..1ded9e741 --- /dev/null +++ b/data/_openssh/privsep.diff @@ -0,0 +1,211 @@ +diff -ur openssh-8.1p1/contrib/cygwin/ssh-host-config openssh-8.1p1+iOS/contrib/cygwin/ssh-host-config +--- openssh-8.1p1/contrib/cygwin/ssh-host-config 2019-10-08 14:31:03.000000000 -1000 ++++ openssh-8.1p1+iOS/contrib/cygwin/ssh-host-config 2020-01-03 13:45:51.000000000 -1000 +@@ -63,6 +63,7 @@ + port_number=22 + service_name=cygsshd + strictmodes=yes ++privsep_used=yes + cygwin_value="" + user_account= + password_value= +@@ -139,21 +140,33 @@ + + # ====================================================================== + # Routine: sshd_privsep +-# Try to create ssshd user account ++# MODIFIES: privsep_used + # ====================================================================== + sshd_privsep() { + local ret=0 + + if [ "${sshd_config_configured}" != "yes" ] + then +- if ! csih_create_unprivileged_user sshd +- then +- csih_error_recoverable "Could not create user 'sshd'!" +- csih_error_recoverable "You will not be able to run an sshd service" +- csih_error_recoverable "under a privileged account successfully." +- csih_error_recoverable "Make sure to create a non-privileged user 'sshd'" +- csih_error_recoverable "manually before trying to run the service!" +- let ++ret ++ echo ++ csih_inform "Privilege separation is set to 'sandbox' by default since" ++ csih_inform "OpenSSH 6.1. This is unsupported by Cygwin and has to be set" ++ csih_inform "to 'yes' or 'no'." ++ csih_inform "However, using privilege separation requires a non-privileged account" ++ csih_inform "called 'sshd'." ++ csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep." ++ if csih_request "Should privilege separation be used?" ++ then ++ privsep_used=yes ++ if ! csih_create_unprivileged_user sshd ++ then ++ csih_error_recoverable "Couldn't create user 'sshd'!" ++ csih_error_recoverable "Privilege separation set to 'no' again!" ++ csih_error_recoverable "Check your ${SYSCONFDIR}/sshd_config file!" ++ let ++ret ++ privsep_used=no ++ fi ++ else ++ privsep_used=no + fi + fi + return $ret +@@ -189,6 +202,18 @@ + let ++ret + fi + fi ++ if [ "${sshd_config_configured}" != "yes" ] ++ then ++ /usr/bin/sed -i -e " ++ s/^#\?UsePrivilegeSeparation .*/UsePrivilegeSeparation ${privsep_used}/" \ ++ ${SYSCONFDIR}/sshd_config ++ if [ $? -ne 0 ] ++ then ++ csih_warning "Setting privilege separation failed!" ++ csih_warning "Check your ${SYSCONFDIR}/sshd_config file!" ++ let ++ret ++ fi ++ fi + return $ret + } # --- End of sshd_config_tweak --- # + +diff -ur openssh-8.1p1/servconf.c openssh-8.1p1+iOS/servconf.c +--- openssh-8.1p1/servconf.c 2019-10-08 14:31:03.000000000 -1000 ++++ openssh-8.1p1+iOS/servconf.c 2020-01-03 13:45:51.000000000 -1000 +@@ -627,7 +627,7 @@ + { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, + { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, + { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, +- { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL}, ++ { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, + { "acceptenv", sAcceptEnv, SSHCFG_ALL }, + { "setenv", sSetEnv, SSHCFG_ALL }, + { "permittunnel", sPermitTunnel, SSHCFG_ALL }, +@@ -1202,6 +1202,13 @@ + { "no", 0 }, + { NULL, -1 } + }; ++static const struct multistate multistate_privsep[] = { ++ { "yes", PRIVSEP_NOSANDBOX }, ++ { "sandbox", PRIVSEP_ON }, ++ { "nosandbox", PRIVSEP_NOSANDBOX }, ++ { "no", PRIVSEP_OFF }, ++ { NULL, -1 } ++}; + static const struct multistate multistate_tcpfwd[] = { + { "yes", FORWARD_ALLOW }, + { "all", FORWARD_ALLOW }, +@@ -1666,6 +1673,11 @@ + intptr = &options->disable_forwarding; + goto parse_flag; + ++ case sUsePrivilegeSeparation: ++ intptr = &use_privsep; ++ multistate_ptr = multistate_privsep; ++ goto parse_multistate; ++ + case sAllowUsers: + while ((arg = strdelim(&cp)) && *arg != '\0') { + if (match_user(NULL, NULL, NULL, arg) == -1) +@@ -2431,6 +2443,8 @@ + return fmt_multistate_int(val, multistate_gatewayports); + case sCompression: + return fmt_multistate_int(val, multistate_compression); ++ case sUsePrivilegeSeparation: ++ return fmt_multistate_int(val, multistate_privsep); + case sAllowTcpForwarding: + return fmt_multistate_int(val, multistate_tcpfwd); + case sAllowStreamLocalForwarding: +@@ -2610,6 +2624,7 @@ + dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); + dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); + dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); ++ dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); + dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); + dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info); + +diff -ur openssh-8.1p1/sshd.c openssh-8.1p1+iOS/sshd.c +--- openssh-8.1p1/sshd.c 2019-10-08 14:31:03.000000000 -1000 ++++ openssh-8.1p1+iOS/sshd.c 2020-01-03 13:45:51.000000000 -1000 +@@ -238,7 +238,6 @@ + int use_privsep = -1; + struct monitor *pmonitor = NULL; + int privsep_is_preauth = 1; +-static int privsep_chroot = 1; + + /* global connection state and authentication contexts */ + Authctxt *the_authctxt = NULL; +@@ -456,7 +455,7 @@ + demote_sensitive_data(); + + /* Demote the child */ +- if (privsep_chroot) { ++ if (getuid() == 0 || geteuid() == 0) { + /* Change our root directory */ + if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) + fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, +@@ -1684,9 +1683,8 @@ + ); + + /* Store privilege separation user for later use if required. */ +- privsep_chroot = use_privsep && (getuid() == 0 || geteuid() == 0); + if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { +- if (privsep_chroot || options.kerberos_authentication) ++ if (use_privsep || options.kerberos_authentication) + fatal("Privilege separation user %s does not exist", + SSH_PRIVSEP_USER); + } else { +@@ -1821,7 +1819,7 @@ + sshkey_type(key)); + } + +- if (privsep_chroot) { ++ if (use_privsep) { + struct stat st; + + if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) || +diff -ur openssh-8.1p1/sshd_config openssh-8.1p1+iOS/sshd_config +--- openssh-8.1p1/sshd_config 2019-10-08 14:31:03.000000000 -1000 ++++ openssh-8.1p1+iOS/sshd_config 2020-01-03 13:45:51.000000000 -1000 +@@ -90,6 +90,7 @@ + #PermitTTY yes + #PrintMotd yes + #PrintLastLog yes ++#UsePrivilegeSeparation sandbox + #TCPKeepAlive yes + #PermitUserEnvironment no + #Compression delayed +diff -ur openssh-8.1p1/sshd_config.5 openssh-8.1p1+iOS/sshd_config.5 +--- openssh-8.1p1/sshd_config.5 2019-10-08 14:31:03.000000000 -1000 ++++ openssh-8.1p1+iOS/sshd_config.5 2020-01-03 13:45:51.000000000 -1000 +@@ -1642,6 +1642,28 @@ + as a non-root user. + The default is + .Cm no . ++.It Cm UsePrivilegeSeparation ++Specifies whether ++.Xr sshd 8 ++separates privileges by creating an unprivileged child process ++to deal with incoming network traffic. ++After successful authentication, another process will be created that has ++the privilege of the authenticated user. ++The goal of privilege separation is to prevent privilege ++escalation by containing any corruption within the unprivileged processes. ++The argument must be ++.Cm yes , ++.Cm no , ++or ++.Cm sandbox . ++If ++.Cm UsePrivilegeSeparation ++is set to ++.Cm sandbox ++then the pre-authentication unprivileged process is subject to additional ++restrictions. ++The default is ++.Cm sandbox . + .It Cm VersionAddendum + Optionally specifies additional text to append to the SSH protocol banner + sent by the server upon connection. diff --git a/data/_openssh/ssh_config b/data/_openssh/ssh_config new file mode 100644 index 000000000..2f22fc980 --- /dev/null +++ b/data/_openssh/ssh_config @@ -0,0 +1,47 @@ +# $OpenBSD: ssh_config,v 1.23 2007/06/08 04:40:40 pvalchev Exp $ + +# This is the ssh client system-wide configuration file. See +# ssh_config(5) for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. + +# Configuration data is parsed as follows: +# 1. command line options +# 2. user-specific file +# 3. system-wide file +# Any configuration value is only changed the first time it is set. +# Thus, host-specific definitions should be at the beginning of the +# configuration file, and defaults at the end. + +# Site-wide defaults for some commonly used options. For a comprehensive +# list of available options, their meanings and defaults, please see the +# ssh_config(5) man page. + +Host * +# ForwardAgent no + ForwardX11 yes +# RhostsRSAAuthentication no +# RSAAuthentication yes +# PasswordAuthentication yes +# HostbasedAuthentication no +# GSSAPIAuthentication no +# GSSAPIDelegateCredentials no +# BatchMode no +# CheckHostIP yes +# AddressFamily any +# ConnectTimeout 0 +# StrictHostKeyChecking ask +# IdentityFile ~/.ssh/identity +# IdentityFile ~/.ssh/id_rsa +# IdentityFile ~/.ssh/id_dsa +# Port 22 +# Protocol 2,1 +# Cipher 3des +# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc +# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 +# EscapeChar ~ +# Tunnel no +# TunnelDevice any:any +# PermitLocalCommand no + SendEnv LANG LC_* + HashKnownHosts yes diff --git a/data/_openssh/sshd-keygen-wrapper b/data/_openssh/sshd-keygen-wrapper new file mode 100755 index 000000000..07f2631e3 --- /dev/null +++ b/data/_openssh/sshd-keygen-wrapper @@ -0,0 +1,7 @@ +#!/bin/sh + +[ ! -f /etc/ssh/ssh_host_key ] && ssh-keygen -q -t rsa1 -f /etc/ssh/ssh_host_key -N "" -C "" < /dev/null > /dev/null 2> /dev/null +[ ! -f /etc/ssh/ssh_host_rsa_key ] && ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -N "" -C "" < /dev/null > /dev/null 2> /dev/null +[ ! -f /etc/ssh/ssh_host_dsa_key ] && ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -N "" -C "" < /dev/null > /dev/null 2> /dev/null + +exec /usr/sbin/sshd $@ diff --git a/data/_openssh/sshd_config b/data/_openssh/sshd_config new file mode 100644 index 000000000..7276adf09 --- /dev/null +++ b/data/_openssh/sshd_config @@ -0,0 +1,116 @@ +# $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# Disable legacy (protocol version 1) support in the server for new +# installations. In future the default will change to require explicit +# activation of protocol 1 +Protocol 2 + +# HostKey for protocol version 1 +# HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 768 + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM no + +#AllowTcpForwarding yes +GatewayPorts clientspecified +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +UsePrivilegeSeparation no +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10 +#PermitTunnel no + +# no default banner path +#Banner /some/path + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server diff --git a/data/_openssh/utmp.diff b/data/_openssh/utmp.diff new file mode 100644 index 000000000..6a5cf8617 --- /dev/null +++ b/data/_openssh/utmp.diff @@ -0,0 +1,41 @@ +diff -ru openssh-6.7p1/includes.h openssh-6.7p1+iPhone/includes.h +--- openssh-6.7p1/includes.h 2013-03-22 01:51:09.000000000 +0000 ++++ openssh-6.7p1+iPhone/includes.h 2014-12-03 08:07:53.000000000 +0000 +@@ -18,6 +18,8 @@ + + #include "config.h" + ++#define _UTMPX_COMPAT ++ + #ifndef _GNU_SOURCE + #define _GNU_SOURCE /* activate extra prototypes for glibc */ + #endif +@@ -66,6 +68,10 @@ + # include <login.h> + #endif + ++#ifdef HAVE_UTIL_H ++# include <util.h> ++#endif ++ + #ifdef HAVE_UTMP_H + # include <utmp.h> + #endif +diff -ru openssh-6.7p1/loginrec.c openssh-6.7p1+iPhone/loginrec.c +--- openssh-6.7p1/loginrec.c 2014-01-17 01:23:24.000000000 +0000 ++++ openssh-6.7p1+iPhone/loginrec.c 2014-12-03 08:07:53.000000000 +0000 +@@ -184,12 +184,12 @@ + ** prototypes for helper functions in this file + **/ + +-#if HAVE_UTMP_H ++#if defined(USE_UTMP) || defined (USE_WTMP) || defined (USE_LOGIN) + void set_utmp_time(struct logininfo *li, struct utmp *ut); + void construct_utmp(struct logininfo *li, struct utmp *ut); + #endif + +-#ifdef HAVE_UTMPX_H ++#if defined(USE_UTMPX) || defined (USE_WTMPX) + void set_utmpx_time(struct logininfo *li, struct utmpx *ut); + void construct_utmpx(struct logininfo *li, struct utmpx *ut); + #endif |