head	1.23;
access;
symbols
	RELEASE_7_0_0:1.22
	RELEASE_6_3_0:1.22
	PRE_XORG_7:1.22
	RELEASE_4_EOL:1.22
	RELEASE_6_2_0:1.22
	RELEASE_6_1_0:1.21
	RELEASE_5_5_0:1.21
	RELEASE_6_0_0:1.21
	RELEASE_5_4_0:1.21
	RELEASE_4_11_0:1.21
	RELEASE_5_3_0:1.21
	RELEASE_4_10_0:1.21
	RELEASE_5_2_1:1.21
	RELEASE_5_2_0:1.21
	RELEASE_4_9_0:1.21
	RELEASE_5_1_0:1.21
	RELEASE_4_8_0:1.21
	RELEASE_5_0_0:1.21
	RELEASE_4_7_0:1.21
	RELEASE_4_6_2:1.16
	RELEASE_4_6_1:1.16
	RELEASE_4_6_0:1.16
	RELEASE_5_0_DP1:1.16
	RELEASE_4_5_0:1.14
	RELEASE_4_4_0:1.11
	RELEASE_4_3_0:1.10
	RELEASE_4_2_0:1.9
	RELEASE_4_1_1:1.9
	RELEASE_4_1_0:1.9
	RELEASE_3_5_0:1.9
	RELEASE_4_0_0:1.8
	RELEASE_3_4_0:1.8
	openssh_1_2:1.1.1.1
	OPENBSD:1.1.1;
locks; strict;
comment	@# @;


1.23
date	2008.03.05.04.25.41;	author tmclaugh;	state dead;
branches;
next	1.22;

1.22
date	2006.06.09.21.54.02;	author pav;	state Exp;
branches;
next	1.21;

1.21
date	2002.06.26.04.01.02;	author dinoex;	state Exp;
branches;
next	1.20;

1.20
date	2002.06.25.04.52.55;	author dinoex;	state Exp;
branches;
next	1.19;

1.19
date	2002.06.24.23.17.03;	author dinoex;	state Exp;
branches;
next	1.18;

1.18
date	2002.06.24.21.13.06;	author dinoex;	state Exp;
branches;
next	1.17;

1.17
date	2002.06.22.12.31.18;	author dinoex;	state Exp;
branches;
next	1.16;

1.16
date	2002.03.12.17.50.42;	author dinoex;	state Exp;
branches;
next	1.15;

1.15
date	2002.03.11.15.16.48;	author dinoex;	state Exp;
branches;
next	1.14;

1.14
date	2001.12.01.20.12.14;	author dinoex;	state Exp;
branches;
next	1.13;

1.13
date	2001.10.12.08.46.52;	author dinoex;	state Exp;
branches;
next	1.12;

1.12
date	2001.10.03.13.15.13;	author dinoex;	state Exp;
branches;
next	1.11;

1.11
date	2001.06.08.08.03.22;	author dinoex;	state Exp;
branches;
next	1.10;

1.10
date	2001.04.02.10.28.59;	author mharo;	state Exp;
branches;
next	1.9;

1.9
date	2000.05.30.20.43.29;	author green;	state Exp;
branches;
next	1.8;

1.8
date	99.11.20.03.55.29;	author green;	state Exp;
branches;
next	1.7;

1.7
date	99.11.20.03.42.05;	author green;	state Exp;
branches;
next	1.6;

1.6
date	99.11.20.03.05.31;	author green;	state Exp;
branches;
next	1.5;

1.5
date	99.11.20.01.55.53;	author green;	state Exp;
branches;
next	1.4;

1.4
date	99.11.18.01.46.43;	author green;	state Exp;
branches;
next	1.3;

1.3
date	99.11.17.20.12.35;	author green;	state Exp;
branches;
next	1.2;

1.2
date	99.11.13.05.55.42;	author green;	state Exp;
branches;
next	1.1;

1.1
date	99.11.08.06.20.54;	author green;	state Exp;
branches
	1.1.1.1;
next	;

1.1.1.1
date	99.11.08.06.20.54;	author green;	state Exp;
branches;
next	;


desc
@@


1.23
log
@- expire port: Long out of date with multiple security issues.
  (Don't worry, openssh-portable is still there.)
@
text
@bin/slogin
bin/scp
bin/sftp
bin/ssh
bin/ssh-add
bin/ssh-agent
bin/ssh-keygen
bin/ssh-keyscan
etc/ssh/moduli
@@exec [ -f %D/etc/ssh_config ] && [ ! -f %D/etc/ssh/ssh_config ] && ln %D/etc/ssh_config %D/etc/ssh/ssh_config
@@exec [ -f %D/etc/sshd_config ] && [ ! -f %D/etc/ssh/sshd_config ] && ln %D/etc/sshd_config %D/etc/ssh/sshd_config
@@exec [ -f %D/etc/ssh_host_key ] && [ ! -f %D/etc/ssh/ssh_host_key ] && ln %D/etc/ssh_host_key %D/etc/ssh/ssh_host_key
@@exec [ -f %D/etc/ssh_host_key.pub ] && [ ! -f %D/etc/ssh/ssh_host_key.pub ] && ln %D/etc/ssh_host_key.pub %D/etc/ssh/ssh_host_key.pub
@@exec [ -f %D/etc/ssh_host_rsa_key ] && [ ! -f %D/etc/ssh/ssh_host_rsa_key ] && ln %D/etc/ssh_host_rsa_key %D/etc/ssh/ssh_host_rsa_key
@@exec [ -f %D/etc/ssh_host_rsa_key.pub ] && [ ! -f %D/etc/ssh/ssh_host_rsa_key.pub ] && ln %D/etc/ssh_host_rsa_key.pub %D/etc/ssh/ssh_host_rsa_key.pub
@@exec [ -f %D/etc/ssh_host_dsa_key ] && [ ! -f %D/etc/ssh/ssh_host_dsa_key ] && ln %D/etc/ssh_host_dsa_key %D/etc/ssh/ssh_host_dsa_key
@@exec [ -f %D/etc/ssh_host_dsa_key.pub ] && [ ! -f %D/etc/ssh/ssh_host_dsa_key.pub ] && ln %D/etc/ssh_host_dsa_key.pub %D/etc/ssh/ssh_host_dsa_key.pub
@@unexec if cmp -s %D/etc/ssh/ssh_config %D/etc/ssh/ssh_config-dist; then rm -f %D/etc/ssh/ssh_config; fi
@@unexec if cmp -s %D/etc/ssh/sshd_config %D/etc/ssh/sshd_config-dist; then rm -f %D/etc/ssh/sshd_config; fi
etc/ssh/ssh_config-dist
etc/ssh/sshd_config-dist
@@exec [ ! -f %D/etc/ssh/ssh_config ] && cp %D/etc/ssh/ssh_config-dist %D/etc/ssh/ssh_config
@@exec [ ! -f %D/etc/ssh/sshd_config ] && cp %D/etc/ssh/sshd_config-dist %D/etc/ssh/sshd_config
@@dirrm etc/ssh
sbin/sshd
libexec/sftp-server
libexec/ssh-keysign
libdata/ssh/Ssh.bin
@@dirrm libdata/ssh
@@exec if [ ! -f %D/etc/ssh/ssh_host_key ]; then echo ">> Generating a secret RSA1 host key."; %D/bin/ssh-keygen -t rsa1 -N "" -f %D/etc/ssh/ssh_host_key; fi
@@exec if [ ! -f %D/etc/ssh/ssh_host_rsa_key ]; then echo ">> Generating a secret RSA host key."; %D/bin/ssh-keygen -t rsa -N "" -f %D/etc/ssh/ssh_host_rsa_key; fi
@@exec if [ ! -f %D/etc/ssh/ssh_host_dsa_key ]; then echo ">> Generating a secret DSA host key."; %D/bin/ssh-keygen -t dsa -N "" -f %D/etc/ssh/ssh_host_dsa_key; fi
@@exec mkdir -p %D/empty
@@dirrm empty
@@exec if ! pw groupshow sshd 2>/dev/null; then pw groupadd sshd -g 22; fi
@@exec if ! pw usershow sshd 2>/dev/null; then pw useradd sshd -g sshd -u 22 -h - -d %%EMPTYDIR%% -s /nonexistent -c "sshd privilege separation"; fi
@


1.22
log
@- Convert to OPTIONS
- Switch to rc_subr script

PR:		ports/96625
Submitted by:	Peter Thoenen <peter.thoenen@@yahoo.com> <eol1@@yahoo.com>
@
text
@@


1.21
log
@Small cleanups for smoothlees migration to $PREFIX/etc/shh
@
text
@a8 1
etc/rc.d/sshd.sh.sample
@


1.20
log
@Fix a typo, only affects when installing a packae on a clean system.
Submitted by:	anders@@fix.no
@
text
@d1 1
a3 1
bin/slogin
d25 1
a26 1
@@dirrm etc/ssh
a30 2
@@exec mkdir -p %D/empty
@@dirrm empty
d34 1
d37 1
a37 1
@@exec if ! pw usershow sshd 2>/dev/null; then pw useradd sshd -g sshd -u 22 -h - -d %D/empty -s /nonexistent -c "sshd privilege separation"; fi
@


1.19
log
@Create user when package is extracted
@
text
@d38 1
a38 1
@@exec if ! pw usershow sshd 2>/dev/null; then pw useradd sshd -g smmsp -u 22 -h - -d %D/empty -s /nonexistent -c "sshd privilege separation"; fi
@


1.18
log
@Merge PAM-changes from openssh currrent
Fix build with SKEY=yes, pr# 36119
Cleanup pw_expire handling.
Add missing includes
Changes defaults to: PermitRootLogin=no, UsePrivilegeSeparation=no
Use $PREFIX/etc/ssh for config, updating manpages too.
@
text
@d36 3
@


1.17
log
@Update to openssh-3.3
- New program ssh-keysign
- New manpages for ssh_config and sshd_config
- Merge Pathes to new files
- Fix GCC problem with unsupported __func__ in older Releases
@
text
@d10 15
a24 7
etc/moduli
@@unexec if cmp -s %D/etc/ssh_config %D/etc/ssh_config-dist; then rm -f %D/etc/ssh_config; fi
@@unexec if cmp -s %D/etc/sshd_config %D/etc/sshd_config-dist; then rm -f %D/etc/sshd_config; fi
etc/ssh_config-dist
etc/sshd_config-dist
@@exec [ ! -f %D/etc/ssh_config ] && cp %D/etc/ssh_config-dist %D/etc/ssh_config
@@exec [ ! -f %D/etc/sshd_config ] && cp %D/etc/sshd_config-dist %D/etc/sshd_config
d26 1
d31 5
a35 4
@@exec if [ ! -f %D/etc/ssh_host_key ]; then echo ">> Generating a secret RSA1 host key."; %D/bin/ssh-keygen -t rsa1 -N "" -f %D/etc/ssh_host_key; fi
@@exec if [ ! -f %D/etc/ssh_host_rsa_key ]; then echo ">> Generating a secret RSA host key."; %D/bin/ssh-keygen -t rsa -N "" -f %D/etc/ssh_host_rsa_key; fi
@@exec if [ ! -f %D/etc/ssh_host_dsa_key ]; then echo ">> Generating a secret DSA host key."; %D/bin/ssh-keygen -t dsa -N "" -f %D/etc/ssh_host_dsa_key; fi
@@exec if [ ! -x %D/etc/rc.d/sshd.sh ]; then echo "#!/bin/sh" > %D/etc/rc.d/sshd.sh && exec echo "[ -x %D/sbin/sshd ] && %D/sbin/sshd && echo -n ' sshd'" >> %D/etc/rc.d/sshd.sh && exec chmod 0555 %D/etc/rc.d/sshd.sh; fi
@


1.16
log
@create ssh_config-dist and sshd_config-dist
make sure that package install and deinstall
don't temper existing configuration files.
install sshd.sh now as sample.

Package changed, but no need to update
if you have PORTREVISION=2
@
text
@d19 1
@


1.15
log
@Add etc/moduli if it does not exist already.
sshd complainied about it.
@
text
@d9 1
a9 3
etc/rc.d/sshd.sh
etc/ssh_config
etc/sshd_config
d11 6
@


1.14
log
@- generate now all 3 host keyes if they don't exists before
- save patchfile from openbsd, it has been removed.
@
text
@d12 1
@


1.13
log
@Let PREFIX/libdata exists, even as it had been created by the port,
Logs on beton complaining about it.
@
text
@d16 3
a18 2
@@exec if [ ! -f %D/etc/ssh_host_key ]; then echo ">> Generating a secret RSA host key."; %D/bin/ssh-keygen -N "" -f %D/etc/ssh_host_key; fi
@@exec if [ ! -f %D/etc/ssh_host_dsa_key ]; then echo ">> Generating a secret DSA host key."; %D/bin/ssh-keygen -d -N "" -f %D/etc/ssh_host_dsa_key; fi
@


1.12
log
@- Update to OpenSSH 2.9.9
- convert portname into lowercase
- PREFIX support for default sshd_config
- security-patch for cookie files obsolete
@
text
@a15 1
@@dirrm libdata
@


1.11
log
@- Update from OpenSSH 2.2.0 to OpenSSH 2.9
- Features:
  Possible use of sftp/sftp-server with older FreeBSD releases.
  Use a newer version independently from the Base system.
  Easier to test and fix possible security bugs.
- Bugs:
  build of pam_ssm.so isn't be supported any more
  Any file named "cookie" can be deleted by this and any older "sshd"
  with X11 Forwarding.
@
text
@d14 3
@


1.10
log
@make openssh comply with section 4.4.9 (MAN vars in Makefile, not plist)

PR:		18711
Submitted by:	    Trevor Johnson <trevor@@jpj.net>
@
text
@d2 1
d8 1
d13 1
@


1.9
log
@Also generate the DSA key from a package install.

Submitted by:	Dmitry Grigorovich <odip@@bionet.nsc.ru>
@
text
@a9 7
man/man1/scp.1.gz
man/man1/slogin.1.gz
man/man1/ssh-add.1.gz
man/man1/ssh-agent.1.gz
man/man1/ssh-keygen.1.gz
man/man1/ssh.1.gz
man/man8/sshd.8.gz
@


1.8
log
@ARGH! Remember the echo -n ' sshd'.
@
text
@d18 2
a19 1
@@exec if [ ! -f %D/etc/ssh_host_key ]; then echo ">> Generating a secret host key."; %D/bin/ssh-keygen -N "" -f %D/etc/ssh_host_key; fi
@


1.7
log
@Change around sshd.sh for the last time.
@
text
@d19 1
a19 1
@@exec if [ ! -x %D/etc/rc.d/sshd.sh ]; then echo "#!/bin/sh" > %D/etc/rc.d/sshd.sh && exec echo "[ -x %D/sbin/sshd ] && exec %D/sbin/sshd" >> %D/etc/rc.d/sshd.sh && exec chmod 0555 %D/etc/rc.d/sshd.sh; fi
@


1.6
log
@Turn on HAVE_OPENPTY so more than 16 terminals work with sshd.

Put sshd.sh installation in the pre-install, ssh_host_key generation
back in the PLIST, and check for ssh_config, too.  This port now
works much better as a package.  The configuration files and sshd.sh
are also part of the package, and as such removed on deinstall.

The proper upgrade procedure from one OpenSSH version to a newer one is:
chflags schg /usr/local/etc/ssh*	# preserve them from deletion
cd /usr/ports/security/openssh
make all deinstall reinstall clean

Partially submitted by:	peter
@
text
@d19 1
@


1.5
log
@Add that pesky slogin link to the packing list.
@
text
@d7 3
d18 1
@


1.4
log
@Make the second CVS site work for real.

Move sshd.sh to files and ${INSTALL_SCRIPT}/${PERL} -pi it.

Clean up the Makefile's style a bit (MNF anyone? :)

Add WWW: to pkg/DESCR.

Change MASTER_SITES back to CVS_SITES to avoid problems with
MASTER_SITE_OVERRIDE.

Parts submitted by:	Christian Weisgerber <naddy@@mips.rhein-neckar.de>, Robert Muir <rmuir@@gibralter.net>
@
text
@d2 1
@


1.3
log
@Update OpenSSH to the latest CVS_DATE.

CVS_SITE is now MASTER_SITES, and each is tried if the previous fails

Include a :pserver: as one of the CVS repositories, so those inside firewalls
should be able to fetch SSH.  If this doesn't work for everyone, I've still
got a trick up my sleeve.

Fix rlimit-related warnings people are seeing by moving the setclasscontext()
to before the switching of uids.  Let me know if this does not work, as I
never got the warnings in the first place.

Don't clobber sshd_config, etc.  Instead, if they're there, just warn of
their existance.

Take the config files and sshd.sh out of the pkg/PLIST, mainly so you don't
lose your configuration files by doing a "make deinstall reinstall clean"
update.

Parts submitted by:	Robert Muir <rmuir@@gibralter.net>, Travis Mikalson <bofh@@terranova.net>
@
text
@a13 1
@@exec if [ ! -f %D/etc/ssh_host_key ]; then echo "Generating a secret host key..."; %D/bin/ssh-keygen -N "" -f %D/etc/ssh_host_key; fi
@


1.2
log
@Lots of OpenSSH changes, let's see if I remember them all.
	1. Makefile cleanups, pkg/DESCR original comment (obrien)
	2. sshd.sh and automatic host key generation when installed
	   (Christian Weisgerber <naddy@@unix-ag.uni-kl.de>)
	3. Completely redone downloading procedure:
		* CVS is used to download the source (${CVS_CMD} defaults to
		  cvs -z3)
		* MD5 checksums and a specific ${CVS_DATE} are used to get
		  a specific source tree and verify it;  ${CVS_DATE} and
		  checksums can easily be rolled forward once tested.
		* Source is checked out to distfiles like other ports,
		  and is only updated when ${CVS_DATE} changes.
		  Rebuilding the port doesn't require another cvs co.

Enjoy!

Reviewed mostly by:	obrien
@
text
@a5 3
etc/rc.d/sshd.sh
etc/ssh_config
etc/sshd_config
@


1.1
log
@Initial revision
@
text
@d6 1
d17 1
@


1.1.1.1
log
@Say hello to OpenSSH!  It's more secure, has a better license, and
is actively maintained by members of the OpenBSD project.
@
text
@@
