summaryrefslogtreecommitdiff
path: root/security/ssh2
diff options
context:
space:
mode:
authorTorsten Blum <torstenb@FreeBSD.org>1995-10-07 01:19:27 +0000
committerTorsten Blum <torstenb@FreeBSD.org>1995-10-07 01:19:27 +0000
commite92e7e24d1f199cca989606bab31b9b2c5d93a20 (patch)
tree25094edcad39b9a824ca04ac2345c5d7885d573f /security/ssh2
parentCorrect device names for [serialports] and [parallelports]. (diff)
Ssh is a secure rlogin/rsh/rcp replacement with strong authentication
(.rhosts together with RSA based host authentication, and pure RSA authentication) and improved privacy (all communications are automatically and transparently encrypted).
Notes
Notes: svn path=/head/; revision=2294
Diffstat (limited to 'security/ssh2')
-rw-r--r--security/ssh2/Makefile90
-rw-r--r--security/ssh2/distinfo2
-rw-r--r--security/ssh2/files/patch-aa19
-rw-r--r--security/ssh2/files/patch-ab19
-rw-r--r--security/ssh2/pkg-comment1
-rw-r--r--security/ssh2/pkg-descr96
-rw-r--r--security/ssh2/pkg-plist19
7 files changed, 246 insertions, 0 deletions
diff --git a/security/ssh2/Makefile b/security/ssh2/Makefile
new file mode 100644
index 000000000000..9331a05c50a0
--- /dev/null
+++ b/security/ssh2/Makefile
@@ -0,0 +1,90 @@
+# New ports collection makefile for: ssh
+# Version required: 1.2.10
+# Date created: 30 Jul 1995
+# Whom: torstenb@FreeBSD.ORG
+#
+# $Id$
+#
+
+DISTNAME= ssh-1.2.10
+CATEGORIES= security
+MASTER_SITES= ftp://ftp.funet.fi/pub/unix/security/ \
+ ftp://ftp.cs.hut.fi/pub/ssh/snapshots/
+
+.if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES
+DISTFILES= ${DISTNAME}.tar.gz rsaref2.tar.gz
+MASTER_SITES= \
+ ftp://ftp.cs.hut.fi/pub/ssh/snapshots/ \
+ ftp://ftp.funet.fi/pub/unix/security/ \
+ ftp://nic.funet.fi/pub/crypt/mirrors/ftp.dsi.unimi.it/applied-crypto/ \
+ ftp://rzsun2.informatik.uni-hamburg.de/pub/virus/crypt/ripem/ \
+ ftp://ftp.dsi.unimi.it/pub/security/crypt/math/ \
+ ftp://ftp.univie.ac.at/security/crypt/cryptography/asymmetric/rsa/ \
+ ftp://isdec.vc.cvut.cz/pub/security/unimi/crypt/applied-crypto/
+.endif
+
+NO_PACKAGE= YES
+IS_INTERACTIVE= YES
+
+GNU_CONFIGURE= YES
+
+CONFIGURE_ARGS= --prefix=${PREFIX} --with-etcdir=${PREFIX}/etc
+
+.if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES
+CONFIGURE_ARGS+= --with-rsaref
+.endif
+
+# Include SOCKS firewall support
+# Warning: untested !
+.if defined(USE_SOCKS) && ${USE_SOCKS} == YES
+CONFIGURE_ARGS+= --with-socks
+.endif
+
+# Include tcp-wrapper support and identd support
+# Warning: untested !
+.if defined(USE_TCPWRAP_AND_IDENTD) && ${USE_TCPWRAP_AND_IDENTD} == YES
+CONFIGURE_ARGS+= --with-libwrap
+.endif
+
+# Include support for the SecureID card
+# Warning: untested !
+.if defined(USE_SECUREID) && ${USE_SECUREID} == YES
+CONFIGURE_ARGS+= --with-secureid
+.endif
+
+# Don't use IDEA. IDEA can be freely used for non-commercial use. However,
+# commercial use may require a licence in a number of countried
+# Warning: untested !
+.if defined(DONT_USE_IDEA) && ${DONT_USE_IDEA} == YES
+CONFIGURE_ARGS+= --without-idea
+.endif
+
+pre-patch:
+ @mv -f ${WRKSRC}/make-ssh-known-hosts.pl \
+ ${WRKSRC}/make-ssh-known-hosts.pl.in
+
+fetch-depends:
+.if !defined(USA_RESIDENT) || ${USA_RESIDENT} != YES && ${USA_RESIDENT} != NO
+ @echo
+ @echo You must set variable USA_RESIDENT to YES if you are a USA
+ @echo resident.
+ @echo If you are a USA resident you have to get the RSAREF2
+ @echo library \(RSA Inc. holds a patent on RSA and public key
+ @echo cypto in general - using RSA implementations other thann
+ @echo RSAREF will violate the US patent law\)
+ @echo and extract it to ${WRKSRC}.
+ @false
+.endif
+
+post-extract:
+.if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES
+ @mv ${WRKDIR}/rsaref2 ${WRKSRC}/rsaref2
+.endif
+
+post-install:
+ gzip -9nf ${PREFIX}/man/man1/scp.1 ${PREFIX}/man/man1/ssh-add.1 \
+ ${PREFIX}/man/man1/ssh-agent.1 ${PREFIX}/man/man1/ssh-keygen.1 \
+ ${PREFIX}/man/man1/ssh.1 ${PREFIX}/man/man8/sshd.8 \
+ ${PREFIX}/man/man1/make-ssh-known-hosts.1
+
+.include <bsd.port.mk>
diff --git a/security/ssh2/distinfo b/security/ssh2/distinfo
new file mode 100644
index 000000000000..ee5de3ad76f5
--- /dev/null
+++ b/security/ssh2/distinfo
@@ -0,0 +1,2 @@
+MD5 (ssh-1.2.10.tar.gz) = 85b1938f462d13ccebe9d341c63bddbe
+MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d
diff --git a/security/ssh2/files/patch-aa b/security/ssh2/files/patch-aa
new file mode 100644
index 000000000000..870fdd02bbbb
--- /dev/null
+++ b/security/ssh2/files/patch-aa
@@ -0,0 +1,19 @@
+*** make-ssh-known-hosts.pl.in.orig Fri Oct 6 21:12:34 1995
+--- make-ssh-known-hosts.pl.in Fri Oct 6 21:14:28 1995
+***************
+*** 74,80 ****
+ $sshdisablepasswordoption="-o 'PasswordAuthentication no'";
+ $defserver = '';
+ $bell='\a';
+! $public_key = '/etc/ssh_host_key.pub';
+ if (!defined($ENV{'HOME'})) {
+ ($junk, $junk, $junk, $junk, $junk, $junk, $junk, $dir, $junk) =
+ getpwuid($<);
+--- 74,80 ----
+ $sshdisablepasswordoption="-o 'PasswordAuthentication no'";
+ $defserver = '';
+ $bell='\a';
+! $public_key = '@ETCDIR@/ssh_host_key.pub';
+ if (!defined($ENV{'HOME'})) {
+ ($junk, $junk, $junk, $junk, $junk, $junk, $junk, $dir, $junk) =
+ getpwuid($<);
diff --git a/security/ssh2/files/patch-ab b/security/ssh2/files/patch-ab
new file mode 100644
index 000000000000..ac0c5136f0bb
--- /dev/null
+++ b/security/ssh2/files/patch-ab
@@ -0,0 +1,19 @@
+*** configure.orig Fri Oct 6 21:16:53 1995
+--- configure Fri Oct 6 21:17:16 1995
+***************
+*** 3621,3627 ****
+ EOF
+ cat >> $CONFIG_STATUS <<EOF
+
+! CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.1"}
+ EOF
+ cat >> $CONFIG_STATUS <<\EOF
+ for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
+--- 3621,3627 ----
+ EOF
+ cat >> $CONFIG_STATUS <<EOF
+
+! CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 make-ssh-known-hosts.pl"}
+ EOF
+ cat >> $CONFIG_STATUS <<\EOF
+ for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
diff --git a/security/ssh2/pkg-comment b/security/ssh2/pkg-comment
new file mode 100644
index 000000000000..fc8bc364039a
--- /dev/null
+++ b/security/ssh2/pkg-comment
@@ -0,0 +1 @@
+ssh - secure shell client (remote login program)
diff --git a/security/ssh2/pkg-descr b/security/ssh2/pkg-descr
new file mode 100644
index 000000000000..fb9e196439ff
--- /dev/null
+++ b/security/ssh2/pkg-descr
@@ -0,0 +1,96 @@
+Secure Shell is a program to log into another computer over a network,
+to execute commands in a remote machine, and to move files from one
+machine to another. It provides strong authentication and secure
+communications over insecure channels. It is inteded as a replacement
+for rlogin, rsh, and rcp.
+
+FEATURES
+
+ o Complete replacement for rlogin, rsh, and rcp.
+
+ o Strong authentication. Closes several security holes (e.g., IP,
+ routing, and DNS spoofing). New authentication methods: .rhosts
+ together with RSA based host authentication, and pure RSA
+ authentication.
+
+ o Improved privacy. All communications are automatically and
+ transparently encrypted. RSA is used for key exchange, and a
+ conventional cipher (normally IDEA, DES, or triple-DES) for
+ encrypting the session. Encryption is started before
+ authentication, and no passwords or other information is
+ transmitted in the clear. Encryption is also used to protect
+ against spoofed packets.
+
+ o Secure X11 sessions. The program automatically sets DISPLAY on
+ the server machine, and forwards any X11 connections over the
+ secure channel. Fake Xauthority information is automatically
+ generated and forwarded to the remote machine; the local client
+ automatically examines incoming X11 connections and replaces the
+ fake authorization data with the real data (never telling the
+ remote machine the real information).
+
+ o Arbitrary TCP/IP ports can be redirected through the encrypted channel
+ in both directions (e.g., for e-cash transactions).
+
+ o No retraining needed for normal users; everything happens
+ automatically, and old .rhosts files will work with strong
+ authentication if administration installs host key files.
+
+ o Never trusts the network. Minimal trust on the remote side of
+ the connection. Minimal trust on domain name servers. Pure RSA
+ authentication never trusts anything but the private key.
+
+ o Client RSA-authenticates the server machine in the beginning of
+ every connection to prevent trojan horses (by routing or DNS
+ spoofing) and man-in-the-middle attacks, and the server
+ RSA-authenticates the client machine before accepting .rhosts or
+ /etc/hosts.equiv authentication (to prevent DNS, routing, or
+ IP-spoofing).
+
+ o Host authentication key distribution can be centrally by the
+ administration, automatically when the first connection is made
+ to a machine (the key obtained on the first connection will be
+ recorded and used for authentication in the future), or manually
+ by each user for his/her own use. The central and per-user host
+ key repositories are both used and complement each other. Host
+ keys can be generated centrally or automatically when the software
+ is installed. Host authentication keys are typically 1024 bits.
+
+ o Any user can create any number of user authentication RSA keys for
+ his/her own use. Each user has a file which lists the RSA public
+ keys for which proof of possession of the corresponding private
+ key is accepted as authentication. User authentication keys are
+ typically 1024 bits.
+
+ o The server program has its own server RSA key which is
+ automatically regenerated every hour. This key is never saved in
+ any file. Exchanged session keys are encrypted using both the
+ server key and the server host key. The purpose of the separate
+ server key is to make it impossible to decipher a captured session by
+ breaking into the server machine at a later time; one hour from
+ the connection even the server machine cannot decipher the session
+ key. The key regeneration interval is configurable. The server
+ key is normally 768 bits.
+
+ o An authentication agent, running in the user's laptop or local
+ workstation, can be used to hold the user's RSA authentication
+ keys. Ssh automatically forwards the connection to the
+ authentication agent over any connections, and there is no need to
+ store the RSA authentication keys on any machine in the network
+ (except the user's own local machine). The authentication
+ protocols never reveal the keys; they can only be used to verify
+ that the user's agent has a certain key. Eventually the agent
+ could rely on a smart card to perform all authentication
+ computations.
+
+ o The software can be installed and used (with restricted
+ functionality) even without root privileges.
+
+ o The client is customizable in system-wide and per-user
+ configuration files. Most aspects of the client's operation can
+ be configured. Different options can be specified on a per-host basis.
+
+ o Automatically executes conventional rsh (after displaying a
+ warning) if the server machine is not running sshd.
+
+
diff --git a/security/ssh2/pkg-plist b/security/ssh2/pkg-plist
new file mode 100644
index 000000000000..239bc7cce898
--- /dev/null
+++ b/security/ssh2/pkg-plist
@@ -0,0 +1,19 @@
+bin/scp
+bin/slogin
+bin/ssh
+bin/ssh-add
+bin/ssh-agent
+bin/ssh-askpass
+bin/ssh-keygen
+etc/ssh_config
+etc/ssh_host_key
+etc/ssh_host_key.pub
+etc/sshd_config
+man/man1/make-ssh-known-hosts.1.gz
+man/man1/scp.1.gz
+man/man1/ssh-add.1.gz
+man/man1/ssh-agent.1.gz
+man/man1/ssh-keygen.1.gz
+man/man1/ssh.1.gz
+man/man8/sshd.8.gz
+sbin/sshd