diff options
author | Torsten Blum <torstenb@FreeBSD.org> | 1995-10-07 01:19:27 +0000 |
---|---|---|
committer | Torsten Blum <torstenb@FreeBSD.org> | 1995-10-07 01:19:27 +0000 |
commit | e92e7e24d1f199cca989606bab31b9b2c5d93a20 (patch) | |
tree | 25094edcad39b9a824ca04ac2345c5d7885d573f /security/ssh2 | |
parent | Correct device names for [serialports] and [parallelports]. (diff) |
Ssh is a secure rlogin/rsh/rcp replacement with strong authentication
(.rhosts together with RSA based host authentication, and pure RSA
authentication) and improved privacy (all communications are automatically
and transparently encrypted).
Notes
Notes:
svn path=/head/; revision=2294
Diffstat (limited to 'security/ssh2')
-rw-r--r-- | security/ssh2/Makefile | 90 | ||||
-rw-r--r-- | security/ssh2/distinfo | 2 | ||||
-rw-r--r-- | security/ssh2/files/patch-aa | 19 | ||||
-rw-r--r-- | security/ssh2/files/patch-ab | 19 | ||||
-rw-r--r-- | security/ssh2/pkg-comment | 1 | ||||
-rw-r--r-- | security/ssh2/pkg-descr | 96 | ||||
-rw-r--r-- | security/ssh2/pkg-plist | 19 |
7 files changed, 246 insertions, 0 deletions
diff --git a/security/ssh2/Makefile b/security/ssh2/Makefile new file mode 100644 index 000000000000..9331a05c50a0 --- /dev/null +++ b/security/ssh2/Makefile @@ -0,0 +1,90 @@ +# New ports collection makefile for: ssh +# Version required: 1.2.10 +# Date created: 30 Jul 1995 +# Whom: torstenb@FreeBSD.ORG +# +# $Id$ +# + +DISTNAME= ssh-1.2.10 +CATEGORIES= security +MASTER_SITES= ftp://ftp.funet.fi/pub/unix/security/ \ + ftp://ftp.cs.hut.fi/pub/ssh/snapshots/ + +.if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES +DISTFILES= ${DISTNAME}.tar.gz rsaref2.tar.gz +MASTER_SITES= \ + ftp://ftp.cs.hut.fi/pub/ssh/snapshots/ \ + ftp://ftp.funet.fi/pub/unix/security/ \ + ftp://nic.funet.fi/pub/crypt/mirrors/ftp.dsi.unimi.it/applied-crypto/ \ + ftp://rzsun2.informatik.uni-hamburg.de/pub/virus/crypt/ripem/ \ + ftp://ftp.dsi.unimi.it/pub/security/crypt/math/ \ + ftp://ftp.univie.ac.at/security/crypt/cryptography/asymmetric/rsa/ \ + ftp://isdec.vc.cvut.cz/pub/security/unimi/crypt/applied-crypto/ +.endif + +NO_PACKAGE= YES +IS_INTERACTIVE= YES + +GNU_CONFIGURE= YES + +CONFIGURE_ARGS= --prefix=${PREFIX} --with-etcdir=${PREFIX}/etc + +.if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES +CONFIGURE_ARGS+= --with-rsaref +.endif + +# Include SOCKS firewall support +# Warning: untested ! +.if defined(USE_SOCKS) && ${USE_SOCKS} == YES +CONFIGURE_ARGS+= --with-socks +.endif + +# Include tcp-wrapper support and identd support +# Warning: untested ! +.if defined(USE_TCPWRAP_AND_IDENTD) && ${USE_TCPWRAP_AND_IDENTD} == YES +CONFIGURE_ARGS+= --with-libwrap +.endif + +# Include support for the SecureID card +# Warning: untested ! +.if defined(USE_SECUREID) && ${USE_SECUREID} == YES +CONFIGURE_ARGS+= --with-secureid +.endif + +# Don't use IDEA. IDEA can be freely used for non-commercial use. However, +# commercial use may require a licence in a number of countried +# Warning: untested ! +.if defined(DONT_USE_IDEA) && ${DONT_USE_IDEA} == YES +CONFIGURE_ARGS+= --without-idea +.endif + +pre-patch: + @mv -f ${WRKSRC}/make-ssh-known-hosts.pl \ + ${WRKSRC}/make-ssh-known-hosts.pl.in + +fetch-depends: +.if !defined(USA_RESIDENT) || ${USA_RESIDENT} != YES && ${USA_RESIDENT} != NO + @echo + @echo You must set variable USA_RESIDENT to YES if you are a USA + @echo resident. + @echo If you are a USA resident you have to get the RSAREF2 + @echo library \(RSA Inc. holds a patent on RSA and public key + @echo cypto in general - using RSA implementations other thann + @echo RSAREF will violate the US patent law\) + @echo and extract it to ${WRKSRC}. + @false +.endif + +post-extract: +.if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES + @mv ${WRKDIR}/rsaref2 ${WRKSRC}/rsaref2 +.endif + +post-install: + gzip -9nf ${PREFIX}/man/man1/scp.1 ${PREFIX}/man/man1/ssh-add.1 \ + ${PREFIX}/man/man1/ssh-agent.1 ${PREFIX}/man/man1/ssh-keygen.1 \ + ${PREFIX}/man/man1/ssh.1 ${PREFIX}/man/man8/sshd.8 \ + ${PREFIX}/man/man1/make-ssh-known-hosts.1 + +.include <bsd.port.mk> diff --git a/security/ssh2/distinfo b/security/ssh2/distinfo new file mode 100644 index 000000000000..ee5de3ad76f5 --- /dev/null +++ b/security/ssh2/distinfo @@ -0,0 +1,2 @@ +MD5 (ssh-1.2.10.tar.gz) = 85b1938f462d13ccebe9d341c63bddbe +MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d diff --git a/security/ssh2/files/patch-aa b/security/ssh2/files/patch-aa new file mode 100644 index 000000000000..870fdd02bbbb --- /dev/null +++ b/security/ssh2/files/patch-aa @@ -0,0 +1,19 @@ +*** make-ssh-known-hosts.pl.in.orig Fri Oct 6 21:12:34 1995 +--- make-ssh-known-hosts.pl.in Fri Oct 6 21:14:28 1995 +*************** +*** 74,80 **** + $sshdisablepasswordoption="-o 'PasswordAuthentication no'"; + $defserver = ''; + $bell='\a'; +! $public_key = '/etc/ssh_host_key.pub'; + if (!defined($ENV{'HOME'})) { + ($junk, $junk, $junk, $junk, $junk, $junk, $junk, $dir, $junk) = + getpwuid($<); +--- 74,80 ---- + $sshdisablepasswordoption="-o 'PasswordAuthentication no'"; + $defserver = ''; + $bell='\a'; +! $public_key = '@ETCDIR@/ssh_host_key.pub'; + if (!defined($ENV{'HOME'})) { + ($junk, $junk, $junk, $junk, $junk, $junk, $junk, $dir, $junk) = + getpwuid($<); diff --git a/security/ssh2/files/patch-ab b/security/ssh2/files/patch-ab new file mode 100644 index 000000000000..ac0c5136f0bb --- /dev/null +++ b/security/ssh2/files/patch-ab @@ -0,0 +1,19 @@ +*** configure.orig Fri Oct 6 21:16:53 1995 +--- configure Fri Oct 6 21:17:16 1995 +*************** +*** 3621,3627 **** + EOF + cat >> $CONFIG_STATUS <<EOF + +! CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.1"} + EOF + cat >> $CONFIG_STATUS <<\EOF + for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then +--- 3621,3627 ---- + EOF + cat >> $CONFIG_STATUS <<EOF + +! CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 make-ssh-known-hosts.pl"} + EOF + cat >> $CONFIG_STATUS <<\EOF + for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then diff --git a/security/ssh2/pkg-comment b/security/ssh2/pkg-comment new file mode 100644 index 000000000000..fc8bc364039a --- /dev/null +++ b/security/ssh2/pkg-comment @@ -0,0 +1 @@ +ssh - secure shell client (remote login program) diff --git a/security/ssh2/pkg-descr b/security/ssh2/pkg-descr new file mode 100644 index 000000000000..fb9e196439ff --- /dev/null +++ b/security/ssh2/pkg-descr @@ -0,0 +1,96 @@ +Secure Shell is a program to log into another computer over a network, +to execute commands in a remote machine, and to move files from one +machine to another. It provides strong authentication and secure +communications over insecure channels. It is inteded as a replacement +for rlogin, rsh, and rcp. + +FEATURES + + o Complete replacement for rlogin, rsh, and rcp. + + o Strong authentication. Closes several security holes (e.g., IP, + routing, and DNS spoofing). New authentication methods: .rhosts + together with RSA based host authentication, and pure RSA + authentication. + + o Improved privacy. All communications are automatically and + transparently encrypted. RSA is used for key exchange, and a + conventional cipher (normally IDEA, DES, or triple-DES) for + encrypting the session. Encryption is started before + authentication, and no passwords or other information is + transmitted in the clear. Encryption is also used to protect + against spoofed packets. + + o Secure X11 sessions. The program automatically sets DISPLAY on + the server machine, and forwards any X11 connections over the + secure channel. Fake Xauthority information is automatically + generated and forwarded to the remote machine; the local client + automatically examines incoming X11 connections and replaces the + fake authorization data with the real data (never telling the + remote machine the real information). + + o Arbitrary TCP/IP ports can be redirected through the encrypted channel + in both directions (e.g., for e-cash transactions). + + o No retraining needed for normal users; everything happens + automatically, and old .rhosts files will work with strong + authentication if administration installs host key files. + + o Never trusts the network. Minimal trust on the remote side of + the connection. Minimal trust on domain name servers. Pure RSA + authentication never trusts anything but the private key. + + o Client RSA-authenticates the server machine in the beginning of + every connection to prevent trojan horses (by routing or DNS + spoofing) and man-in-the-middle attacks, and the server + RSA-authenticates the client machine before accepting .rhosts or + /etc/hosts.equiv authentication (to prevent DNS, routing, or + IP-spoofing). + + o Host authentication key distribution can be centrally by the + administration, automatically when the first connection is made + to a machine (the key obtained on the first connection will be + recorded and used for authentication in the future), or manually + by each user for his/her own use. The central and per-user host + key repositories are both used and complement each other. Host + keys can be generated centrally or automatically when the software + is installed. Host authentication keys are typically 1024 bits. + + o Any user can create any number of user authentication RSA keys for + his/her own use. Each user has a file which lists the RSA public + keys for which proof of possession of the corresponding private + key is accepted as authentication. User authentication keys are + typically 1024 bits. + + o The server program has its own server RSA key which is + automatically regenerated every hour. This key is never saved in + any file. Exchanged session keys are encrypted using both the + server key and the server host key. The purpose of the separate + server key is to make it impossible to decipher a captured session by + breaking into the server machine at a later time; one hour from + the connection even the server machine cannot decipher the session + key. The key regeneration interval is configurable. The server + key is normally 768 bits. + + o An authentication agent, running in the user's laptop or local + workstation, can be used to hold the user's RSA authentication + keys. Ssh automatically forwards the connection to the + authentication agent over any connections, and there is no need to + store the RSA authentication keys on any machine in the network + (except the user's own local machine). The authentication + protocols never reveal the keys; they can only be used to verify + that the user's agent has a certain key. Eventually the agent + could rely on a smart card to perform all authentication + computations. + + o The software can be installed and used (with restricted + functionality) even without root privileges. + + o The client is customizable in system-wide and per-user + configuration files. Most aspects of the client's operation can + be configured. Different options can be specified on a per-host basis. + + o Automatically executes conventional rsh (after displaying a + warning) if the server machine is not running sshd. + + diff --git a/security/ssh2/pkg-plist b/security/ssh2/pkg-plist new file mode 100644 index 000000000000..239bc7cce898 --- /dev/null +++ b/security/ssh2/pkg-plist @@ -0,0 +1,19 @@ +bin/scp +bin/slogin +bin/ssh +bin/ssh-add +bin/ssh-agent +bin/ssh-askpass +bin/ssh-keygen +etc/ssh_config +etc/ssh_host_key +etc/ssh_host_key.pub +etc/sshd_config +man/man1/make-ssh-known-hosts.1.gz +man/man1/scp.1.gz +man/man1/ssh-add.1.gz +man/man1/ssh-agent.1.gz +man/man1/ssh-keygen.1.gz +man/man1/ssh.1.gz +man/man8/sshd.8.gz +sbin/sshd |