summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssh/openssh-5.6p1
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh-5.6p1')
-rw-r--r--meta/recipes-connectivity/openssh/openssh-5.6p1/init88
-rw-r--r--meta/recipes-connectivity/openssh/openssh-5.6p1/nostrip.patch16
-rw-r--r--meta/recipes-connectivity/openssh/openssh-5.6p1/ssh_config46
-rw-r--r--meta/recipes-connectivity/openssh/openssh-5.6p1/sshd_config119
4 files changed, 269 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh-5.6p1/init b/meta/recipes-connectivity/openssh/openssh-5.6p1/init
new file mode 100644
index 0000000000..b16cbd61a6
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-5.6p1/init
@@ -0,0 +1,88 @@
1#! /bin/sh
2set -e
3
4# /etc/init.d/ssh: start and stop the OpenBSD "secure shell" daemon
5
6test -x /usr/sbin/sshd || exit 0
7( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0
8
9if test -f /etc/default/ssh; then
10 . /etc/default/ssh
11fi
12
13check_for_no_start() {
14 # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
15 if [ -e /etc/ssh/sshd_not_to_be_run ]; then
16 echo "OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)"
17 exit 0
18 fi
19}
20
21check_privsep_dir() {
22 # Create the PrivSep empty dir if necessary
23 if [ ! -d /var/run/sshd ]; then
24 mkdir /var/run/sshd
25 chmod 0755 /var/run/sshd
26 fi
27}
28
29check_config() {
30 /usr/sbin/sshd -t || exit 1
31}
32
33check_keys() {
34 # create keys if necessary
35 if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
36 echo " generating ssh RSA key..."
37 ssh-keygen -q -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
38 fi
39 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
40 echo " generating ssh DSA key..."
41 ssh-keygen -q -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
42 fi
43}
44
45export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
46
47case "$1" in
48 start)
49 check_for_no_start
50 echo "Starting OpenBSD Secure Shell server: sshd"
51 check_keys
52 check_privsep_dir
53 start-stop-daemon -S -x /usr/sbin/sshd -- $SSHD_OPTS
54 echo "done."
55 ;;
56 stop)
57 echo -n "Stopping OpenBSD Secure Shell server: sshd"
58 start-stop-daemon -K -x /usr/sbin/sshd
59 echo "."
60 ;;
61
62 reload|force-reload)
63 check_for_no_start
64 check_keys
65 check_config
66 echo -n "Reloading OpenBSD Secure Shell server's configuration"
67 start-stop-daemon -K -s 1 -x /usr/sbin/sshd
68 echo "."
69 ;;
70
71 restart)
72 check_keys
73 check_config
74 echo -n "Restarting OpenBSD Secure Shell server: sshd"
75 start-stop-daemon -K -x /usr/sbin/sshd
76 check_for_no_start
77 check_privsep_dir
78 sleep 2
79 start-stop-daemon -S -x /usr/sbin/sshd -- $SSHD_OPTS
80 echo "."
81 ;;
82
83 *)
84 echo "Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart}"
85 exit 1
86esac
87
88exit 0
diff --git a/meta/recipes-connectivity/openssh/openssh-5.6p1/nostrip.patch b/meta/recipes-connectivity/openssh/openssh-5.6p1/nostrip.patch
new file mode 100644
index 0000000000..a88e18e354
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-5.6p1/nostrip.patch
@@ -0,0 +1,16 @@
1# Disable stripping binaries during make install.
2#
3# Signed-off-by: Scott Garman <scott.a.garman@intel.com>
4
5diff -ur openssh-5.6p1.orig/Makefile.in openssh-5.6p1/Makefile.in
6--- openssh-5.6p1.orig/Makefile.in 2010-05-11 23:51:39.000000000 -0700
7+++ openssh-5.6p1/Makefile.in 2010-08-30 16:49:54.000000000 -0700
8@@ -29,7 +29,7 @@
9 RAND_HELPER=$(libexecdir)/ssh-rand-helper
10 PRIVSEP_PATH=@PRIVSEP_PATH@
11 SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
12-STRIP_OPT=@STRIP_OPT@
13+STRIP_OPT=
14
15 PATHS= -DSSHDIR=\"$(sysconfdir)\" \
16 -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
diff --git a/meta/recipes-connectivity/openssh/openssh-5.6p1/ssh_config b/meta/recipes-connectivity/openssh/openssh-5.6p1/ssh_config
new file mode 100644
index 0000000000..4a4a649ba8
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-5.6p1/ssh_config
@@ -0,0 +1,46 @@
1# $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $
2
3# This is the ssh client system-wide configuration file. See
4# ssh_config(5) for more information. This file provides defaults for
5# users, and the values can be changed in per-user configuration files
6# or on the command line.
7
8# Configuration data is parsed as follows:
9# 1. command line options
10# 2. user-specific file
11# 3. system-wide file
12# Any configuration value is only changed the first time it is set.
13# Thus, host-specific definitions should be at the beginning of the
14# configuration file, and defaults at the end.
15
16# Site-wide defaults for some commonly used options. For a comprehensive
17# list of available options, their meanings and defaults, please see the
18# ssh_config(5) man page.
19
20Host *
21 ForwardAgent yes
22 ForwardX11 yes
23# RhostsRSAAuthentication no
24# RSAAuthentication yes
25# PasswordAuthentication yes
26# HostbasedAuthentication no
27# GSSAPIAuthentication no
28# GSSAPIDelegateCredentials no
29# BatchMode no
30# CheckHostIP yes
31# AddressFamily any
32# ConnectTimeout 0
33# StrictHostKeyChecking ask
34# IdentityFile ~/.ssh/identity
35# IdentityFile ~/.ssh/id_rsa
36# IdentityFile ~/.ssh/id_dsa
37# Port 22
38# Protocol 2,1
39# Cipher 3des
40# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
41# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
42# EscapeChar ~
43# Tunnel no
44# TunnelDevice any:any
45# PermitLocalCommand no
46# VisualHostKey no
diff --git a/meta/recipes-connectivity/openssh/openssh-5.6p1/sshd_config b/meta/recipes-connectivity/openssh/openssh-5.6p1/sshd_config
new file mode 100644
index 0000000000..4f9b626fbd
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-5.6p1/sshd_config
@@ -0,0 +1,119 @@
1# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
2
3# This is the sshd server system-wide configuration file. See
4# sshd_config(5) for more information.
5
6# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
7
8# The strategy used for options in the default sshd_config shipped with
9# OpenSSH is to specify options with their default value where
10# possible, but leave them commented. Uncommented options change a
11# default value.
12
13#Port 22
14#AddressFamily any
15#ListenAddress 0.0.0.0
16#ListenAddress ::
17
18# Disable legacy (protocol version 1) support in the server for new
19# installations. In future the default will change to require explicit
20# activation of protocol 1
21Protocol 2
22
23# HostKey for protocol version 1
24#HostKey /etc/ssh/ssh_host_key
25# HostKeys for protocol version 2
26#HostKey /etc/ssh/ssh_host_rsa_key
27#HostKey /etc/ssh/ssh_host_dsa_key
28
29# Lifetime and size of ephemeral version 1 server key
30#KeyRegenerationInterval 1h
31#ServerKeyBits 1024
32
33# Logging
34# obsoletes QuietMode and FascistLogging
35#SyslogFacility AUTH
36#LogLevel INFO
37
38# Authentication:
39
40#LoginGraceTime 2m
41#PermitRootLogin yes
42#StrictModes yes
43#MaxAuthTries 6
44#MaxSessions 10
45
46#RSAAuthentication yes
47#PubkeyAuthentication yes
48#AuthorizedKeysFile .ssh/authorized_keys
49
50# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
51#RhostsRSAAuthentication no
52# similar for protocol version 2
53#HostbasedAuthentication no
54# Change to yes if you don't trust ~/.ssh/known_hosts for
55# RhostsRSAAuthentication and HostbasedAuthentication
56#IgnoreUserKnownHosts no
57# Don't read the user's ~/.rhosts and ~/.shosts files
58#IgnoreRhosts yes
59
60# To disable tunneled clear text passwords, change to no here!
61#PasswordAuthentication yes
62#PermitEmptyPasswords no
63
64# Change to no to disable s/key passwords
65#ChallengeResponseAuthentication yes
66
67# Kerberos options
68#KerberosAuthentication no
69#KerberosOrLocalPasswd yes
70#KerberosTicketCleanup yes
71#KerberosGetAFSToken no
72
73# GSSAPI options
74#GSSAPIAuthentication no
75#GSSAPICleanupCredentials yes
76
77# Set this to 'yes' to enable PAM authentication, account processing,
78# and session processing. If this is enabled, PAM authentication will
79# be allowed through the ChallengeResponseAuthentication and
80# PasswordAuthentication. Depending on your PAM configuration,
81# PAM authentication via ChallengeResponseAuthentication may bypass
82# the setting of "PermitRootLogin without-password".
83# If you just want the PAM account and session checks to run without
84# PAM authentication, then enable this but set PasswordAuthentication
85# and ChallengeResponseAuthentication to 'no'.
86#UsePAM no
87
88#AllowAgentForwarding yes
89#AllowTcpForwarding yes
90#GatewayPorts no
91#X11Forwarding no
92#X11DisplayOffset 10
93#X11UseLocalhost yes
94#PrintMotd yes
95#PrintLastLog yes
96#TCPKeepAlive yes
97#UseLogin no
98UsePrivilegeSeparation yes
99#PermitUserEnvironment no
100Compression no
101ClientAliveInterval 15
102ClientAliveCountMax 4
103#UseDNS yes
104#PidFile /var/run/sshd.pid
105#MaxStartups 10
106#PermitTunnel no
107#ChrootDirectory none
108
109# no default banner path
110#Banner none
111
112# override default of no subsystems
113Subsystem sftp /usr/libexec/sftp-server
114
115# Example of overriding settings on a per-user basis
116#Match User anoncvs
117# X11Forwarding no
118# AllowTcpForwarding no
119# ForceCommand cvs server