From 86f1d621b0330fb27f6152366685dc91bfcac66f Mon Sep 17 00:00:00 2001 From: Jun Kuriyama Date: Mon, 23 Nov 1998 05:15:17 +0000 Subject: Secure shell client and server (remote login program). PR: ports/8204 Submitted by: Issei Suzuki --- security/ssh2/Makefile | 198 ++++++++++++++++--------------------------- security/ssh2/distinfo | 5 +- security/ssh2/files/patch-aa | 29 +++---- security/ssh2/files/patch-ab | 77 ++++------------- security/ssh2/pkg-descr | 110 +++++------------------- security/ssh2/pkg-plist | 71 +++++++++++----- 6 files changed, 172 insertions(+), 318 deletions(-) (limited to 'security/ssh2') diff --git a/security/ssh2/Makefile b/security/ssh2/Makefile index 606fbdd463e9..b6f5caf2e643 100644 --- a/security/ssh2/Makefile +++ b/security/ssh2/Makefile @@ -1,157 +1,105 @@ -# New ports collection makefile for: ssh -# Version required: 1.2.25 -# Date created: 30 Jul 1995 -# Whom: torstenb@FreeBSD.ORG +# New ports collection makefile for: ssh2 +# Version required: 2.0.9 +# Date created: 5 Oct 1998 +# Whom: Issei Suzuki # -# $Id: Makefile,v 1.71 1998/10/30 06:15:18 obrien Exp $ -# -# Maximal ssh package requires YES values for -# USE_PERL, USE_TCPWRAP +# $Id$ # +# Maximal ssh2 package requires YES values for +# USE_SSH1, USE_TCPWRAP -DISTNAME= ssh-1.2.26 +DISTNAME= ssh-2.0.9 CATEGORIES= security net -MASTER_SITES= ftp://ftp.funet.fi/pub/unix/security/login/ssh/ - -MAINTAINER= torstenb@FreeBSD.ORG - -BROKEN= update +MASTER_SITES= ftp://tp.cs.hut.fi/pub/ssh/ \ + ftp://sunsite.unc.edu/pub/packages/security/ssh/ \ + ftp://ftp.kyoto.wide.ad.jp/pub/security/ssh/ -# You can set USA_RESIDENT appropriately in /etc/make.conf if this bugs you.. +PATCH_SITES= ${MASTER_SITES} +PATCHFILES= ${DISTNAME}-configure-patch -.if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES -MASTER_SITES= \ - ftp://ftp.funet.fi/pub/unix/security/login/ssh/ \ - ftp://nic.funet.fi/pub/crypt/mirrors/ftp.dsi.unimi.it/applied-crypto/ \ - ftp://rzsun2.informatik.uni-hamburg.de/pub/virus/crypt/ripem/ \ - ftp://idea.sec.dsi.unimi.it/pub/security/crypt/math/ \ - ftp://ftp.univie.ac.at/security/crypt/cryptography/asymmetric/rsa/ \ - ftp://isdec.vc.cvut.cz/pub/security/unimi/crypt/applied-crypto/ - -CONFIGURE_ARGS+= --with-rsaref -LIB_DEPENDS+= rsaref.2:${PORTSDIR}/security/rsaref -BUILD_DEPENDS+= /nonexistent:${PORTSDIR}/security/rsaref:extract -.endif - -# -# Use Phil Karn's asm patches to speed up DES on intel. -# Download by hand from http://www.cryptography.org/cgi-bin/crypto.cgi/ssh/ -# and put in distfiles directory. -# -# Disabled for now, since there's not such a patchkit for 1.2.25 version. -#.if defined(FAST_DES_PATCHKIT) && ${FAST_DES_PATCHKIT} == YES -#PATCHFILES=ssh-1.2.22-patchkit -#PATCH_DIST_STRIP=-p1 -#.endif +MAINTAINER= issei@jp.FreeBSD.org RESTRICTED= "Crypto; export-controlled" -IS_INTERACTIVE= YES GNU_CONFIGURE= YES +MAKE_ENV= SSH_SERVER_DIR="${PREFIX}/etc/ssh2" \ + SSH_CLIENT_GLOBAL_CONFIG_FILE="${PREFIX}/etc/ssh2/ssh2_config" -CONFIGURE_ARGS+= --with-etcdir=${PREFIX}/etc - +CONFIGURE_ARGS= --prefix=${PREFIX} --with-etcdir=${PREFIX}/etc #Uncomment if all your users are in their own group and their homedir #is writeable by that group. Beware the security implications! #CONFIGURE_ARGS+= --enable-group-writeability - -#Uncomment if you want to allow ssh to emulate an unencrypted rsh connection -#over a secure medium. This is normally dangerous since it can lead to the -#disclosure keys and passwords. -#CONFIGURE_ARGS+= --with-none - -.if defined(KRB5_HOME) && exists(${KRB5_HOME}) -CONFIGURE_ARGS+=--with-kerberos5=${KRB5_HOME} --enable-kerberos-tgt-passing +# +# Include support for ssh1 client backward compatibility +.if defined(USE_SSH1) && ${USE_SSH1} == YES +BUILD_DEPENDS+= ssh1:${PORTSDIR}/security/ssh +RUN_DEPENDS+= ssh1:${PORTSDIR}/security/ssh .endif - -# Include support for the SecureID card # Warning: untested ! +# Include support for the SecureID card .if defined(USE_SECUREID) && ${USE_SECUREID} == YES CONFIGURE_ARGS+= --with-secureid .endif - -# Don't use IDEA. IDEA can be freely used for non-commercial use. However, -# commercial use may require a licence in a number of countries -# Warning: untested ! -.if defined(DONT_USE_IDEA) && ${DONT_USE_IDEA} == YES -CONFIGURE_ARGS+= --without-idea +.if defined(USE_TIS) && ${USE_TIS} == YES +# Include support for the TIS authentication server +CONFIGURE_ARGS+= --with-tis .endif - -.if !exists(${X11BASE}/bin/xauth) -CONFIGURE_ARGS+= --without-x +# Include tcp_wrappers support +.if defined(USE_TCPWRAP) && ${USE_TCPWRAP} == YES +CONFIGURE_ARGS+= --with-libwrap +LIB_DEPENDS+= wrap.7:${PORTSDIR}/security/tcp_wrapper .endif -MAN1= scp1.1 ssh-add1.1 ssh-agent1.1 ssh-keygen1.1 ssh1.1 \ - make-ssh-known-hosts1.1 -MAN8= sshd1.8 - - -pre-patch: - @${MV} -f ${WRKSRC}/make-ssh-known-hosts.pl \ - ${WRKSRC}/make-ssh-known-hosts.pl.in - -fetch-depends: -.if !defined(USA_RESIDENT) || ${USA_RESIDENT} != YES && ${USA_RESIDENT} != NO - @echo - @echo You must set the variable USA_RESIDENT to YES if you are a - @echo United States resident, otherwise NO. - @echo If you are a US resident then this port must also fetch - @echo the RSAREF2 library from sources abroad \(RSA Inc. holds a - @echo patent on RSA and public key crypto in general in the United - @echo States so using RSA implementations other than RSAREF there - @echo may violate US patent law\). - @false +MAN1= ssh2.1 ssh-keygen2.1 ssh-add2.1 ssh-agent2.1 \ + scp2.1 sftp2.1 +MAN8= sshd2.8 + +USE_SSH1?= YES +USE_TCPWRAP?= NO +USE_TIS?= NO +USE_SECUREID?= NO +PORTDOCS= CHANGES LICENSING README +.if !defined(USE_SSH1) || (defined(USE_SSH1) && ${USE_SSH1} != YES) +PLIST= ${PKGDIR}/PLIST.ssh2_only +.endif +.if defined(NOMANCOMPRESS) +MAN_SUFX= "" +.else +MAN_SUFX= .gz .endif post-install: - @if [ ! -f ${PREFIX}/etc/ssh_host_key ]; then \ - echo "Generating a secret host key..."; \ - ${PREFIX}/bin/ssh-keygen -f ${PREFIX}/etc/ssh_host_key -N ""; \ - fi +.if defined(USE_SSH1) && ${USE_SSH1} == YES +.for i in ssh ssh-keygen ssh-add ssh-agent scp + ${MV} -f ${PREFIX}/man/man1/${i}.1${MAN_SUFX} ${PREFIX}/man/man1/${i}.old.1${MAN_SUFX} +.endfor + ${MV} -f ${PREFIX}/man/man8/sshd.8${MAN_SUFX} ${PREFIX}/man/man8/sshd.old.8${MAN_SUFX} +.endif +# .if !defined(NOMANCOMPRESS) - for file in make-ssh-known-hosts scp ssh-add ssh-agent \ - ssh-keygen ssh; do \ - rm -f ${PREFIX}/man/man1/$${file}.1; \ - ln -sf $${file}1.1.gz ${PREFIX}/man/man1/$${file}.1.gz; \ - done - rm -f ${PREFIX}/man/man1/slogin.1 - rm -f ${PREFIX}/man/man1/slogin1.1 - rm -f ${PREFIX}/man/man8/sshd.8 - ln -sf ssh.1.gz ${PREFIX}/man/man1/slogin.1.gz - ln -sf ssh1.1.gz ${PREFIX}/man/man1/slogin1.1.gz - ln -sf sshd1.8.gz ${PREFIX}/man/man8/sshd.8.gz -.else - ${ECHO} Warning---some manpages not installed. See port Makefile +.for i in ssh ssh-keygen ssh-add ssh-agent scp sftp + ${RM} -f ${PREFIX}/man/man1/${i}.1 + ${LN} -sf ${i}2.1.gz ${PREFIX}/man/man1/${i}.1.gz +.endfor + ${RM} -f ${PREFIX}/man/man8/sshd.8 + ${LN} -sf sshd2.8.gz ${PREFIX}/man/man8/sshd.8.gz +.endif +# +.if !defined(NOPORTDOCS) + -${MKDIR} ${PREFIX}/share/doc/ssh2 +.for i in ${PORTDOCS} + ${INSTALL_DATA} ${WRKSRC}/$i ${PREFIX}/share/doc/ssh2 +.endfor .endif +# @if [ ! -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \ - echo "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \ - echo "#!/bin/sh" > ${PREFIX}/etc/rc.d/sshd.sh; \ - echo "[ -x ${PREFIX}/sbin/sshd ] && ${PREFIX}/sbin/sshd && echo -n ' sshd'" >> ${PREFIX}/etc/rc.d/sshd.sh; \ + ${ECHO} "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \ + ${ECHO} "#!/bin/sh" > ${PREFIX}/etc/rc.d/sshd.sh; \ + ${ECHO} "[ -x ${PREFIX}/sbin/sshd ] && ${PREFIX}/sbin/sshd && ${ECHO} -n ' sshd'" >> ${PREFIX}/etc/rc.d/sshd.sh; \ chmod 751 ${PREFIX}/etc/rc.d/sshd.sh; \ fi + @if [ -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \ + chmod -x ${PREFIX}/etc/rc.d/sshd.sh; \ + fi .include - -# Following stuff must be after to expand exists() properly - -.if defined(USE_PERL) && ${USE_PERL} == YES || \ - exists(${PERL5}) && (!defined(USE_PERL) || ${USE_PERL} != NO) -BUILD_DEPENDS+= perl${PERL_VERSION}:${PORTSDIR}/lang/perl5 -CONFIGURE_ENV+= PERL=${PERL5} -.else -CONFIGURE_ENV+= PERL=/replace_it_with_PERL_path -.endif - -# Include tcp-wrapper support (call remote identd) -.if defined(USE_TCPWRAP) && ${USE_TCPWRAP} == YES || \ - exists(${PREFIX}/lib/libwrap.a) && \ - (!defined(USE_TCPWRAP) || ${USE_TCPWRAP} != NO) -CONFIGURE_ENV+= LDFLAGS=-L${PREFIX}/lib CFLAGS="${CFLAGS} -I${PREFIX}/include" -CONFIGURE_ARGS+= --with-libwrap -LIB_DEPENDS+= wrap.7:${PORTSDIR}/security/tcp_wrapper -.endif - -# Include SOCKS firewall support -.if defined(USE_SOCKS) && ${USE_SOCKS} == YES -CONFIGURE_ARGS+= --with-socks="-L${PREFIX}/lib -lsocks5" --with-socks5 -.endif diff --git a/security/ssh2/distinfo b/security/ssh2/distinfo index d3b49042f45b..6cf128dcbb2e 100644 --- a/security/ssh2/distinfo +++ b/security/ssh2/distinfo @@ -1,3 +1,2 @@ -MD5 (ssh-1.2.26.tar.gz) = 2ee46d454015dd01c5e8f074eabf0245 -MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d -MD5 (ssh-1.2.22-patchkit) = 5228897d59be91ad3ae88e992d61cd50 +MD5 (ssh-2.0.9.tar.gz) = 745a65d3a7516979b003fe15d78d93d4 +MD5 (ssh-2.0.9-configure-patch) = b8a422c201500ff816483825c1152788 diff --git a/security/ssh2/files/patch-aa b/security/ssh2/files/patch-aa index 83e9968ac319..31fcb2311bb8 100644 --- a/security/ssh2/files/patch-aa +++ b/security/ssh2/files/patch-aa @@ -1,19 +1,10 @@ -*** make-ssh-known-hosts.pl.in.orig Wed Apr 23 08:40:05 1997 ---- make-ssh-known-hosts.pl.in Fri Apr 25 12:38:21 1997 -*************** -*** 87,93 **** - $debug = 5; - $defserver = ''; - $bell='\a'; -! $public_key = '/etc/ssh_host_key.pub'; - $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$"; - $timeout = 60; - $ping_timeout = 3; ---- 87,93 ---- - $debug = 5; - $defserver = ''; - $bell='\a'; -! $public_key = '@ETCDIR@/ssh_host_key.pub'; - $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$"; - $timeout = 60; - $ping_timeout = 3; +--- apps/ssh/Makefile.in.old Mon Oct 5 22:18:17 1998 ++++ apps/ssh/Makefile.in Mon Oct 5 22:25:16 1998 +@@ -167,6 +167,7 @@ + # defines + + SSH_DEFS = -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" ++SSH_DEFS+= -DSSH_SERVER_DIR=\"$(SSH_SERVER_DIR)\" -DSSH_CLIENT_GLOBAL_CONFIG_FILE=\"$(SSH_CLIENT_GLOBAL_CONFIG_FILE)\" + + COMPILE = $(CC) $(KERBEROS_INCS) $(INCLUDES) $(SSH_DEFS) $(DEFS) $(CPPFLAGS) $(CFLAGS) $(X_CFLAGS) + mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs diff --git a/security/ssh2/files/patch-ab b/security/ssh2/files/patch-ab index 0456b49d4478..f5d0d355ab77 100644 --- a/security/ssh2/files/patch-ab +++ b/security/ssh2/files/patch-ab @@ -1,62 +1,15 @@ -*** configure.orig Wed Apr 23 08:40:06 1997 ---- configure Fri Apr 25 12:38:54 1997 -*************** -*** 1757,1768 **** - - export CFLAGS CC - -- # Socket pairs appear to be broken on several systems. I don't know exactly -- # where, so I'll use pipes everywhere for now. -- cat >> confdefs.h <<\EOF -- #define USE_PIPES 1 -- EOF -- - - echo $ac_n "checking that the compiler works""... $ac_c" 1>&6 - echo "configure:1769: checking that the compiler works" >&5 ---- 1757,1762 ---- -*************** -*** 2759,2765 **** - - fi - -! for ac_hdr in unistd.h rusage.h sys/time.h lastlog.h utmp.h shadow.h - do - ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 ---- 2753,2759 ---- - - fi - -! for ac_hdr in unistd.h rusage.h sys/time.h lastlog.h login_cap.h utmp.h shadow.h - do - ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -*************** -*** 7031,7037 **** - - cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF - for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then ---- 7025,7031 ---- - - cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF - for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then -*************** -*** 7235,7240 **** ---- 7229,7236 ---- - done - - for ac_config_dir in gmp-2.0.2-ssh-2; do -+ -+ continue # XXX don't configure gmp - - # Do not complain, so a configure script can configure whichever - # parts of a large source tree are present. +When you compile *.s with 'cc -pipe' on ELFed FreeBSD, it never ends. +This patch is ugly hack to avoid the problem. + +--- lib/sshmath/Makefile.in.old Thu Oct 8 03:48:38 1998 ++++ lib/sshmath/Makefile.in Thu Oct 8 03:49:32 1998 +@@ -383,8 +383,7 @@ + + .S.o: + $(CPP) $(CPPFLAGS) $(INCLUDES) $(DEFS) $< | grep -v '^#' >tmp-$*.s +- $(CC) $(CFLAGS) $(SFLAGS) -c tmp-$*.s +- mv tmp-$*.o $@ ++ $(AS) $(SFLAGS) -o $@ tmp-$*.s + rm -f tmp-$*.s + + includes: diff --git a/security/ssh2/pkg-descr b/security/ssh2/pkg-descr index 307b86088bcf..de564216cd2e 100644 --- a/security/ssh2/pkg-descr +++ b/security/ssh2/pkg-descr @@ -1,99 +1,33 @@ -Secure Shell is a program to log into another computer over a network, -to execute commands in a remote machine, and to move files from one -machine to another. It provides strong authentication and secure -communications over insecure channels. It is inteded as a replacement -for rlogin, rsh, and rcp. +SSH Protocols and Secure Shell -FEATURES + Secure Shell is the secure login program that revolutionized remote +management of networks hosts over the Internet. It is a powerful, +very easy-to-use program that uses strong cryptography for protecting +all transmitted confidential data, including passwords, binary files, +and administrative commands. - o Complete replacement for rlogin, rsh, and rcp. + SSH Communications Security is the developer of the Secure Shell and +the SSH protocol, technologies that are the de-facto standard for +encrypted terminal connections on the Internet. The benefits of SSH +include - o Strong authentication. Closes several security holes (e.g., IP, - routing, and DNS spoofing). New authentication methods: .rhosts - together with RSA based host authentication, and pure RSA - authentication. +o Automatic authentication of users, no passwords sent in cleartext to + prevent the stealing of passwords. - o Improved privacy. All communications are automatically and - transparently encrypted. RSA is used for key exchange, and a - conventional cipher (normally IDEA, DES, or triple-DES) for - encrypting the session. Encryption is started before - authentication, and no passwords or other information is - transmitted in the clear. Encryption is also used to protect - against spoofed packets. +o Multiple strong authentication methods that prevent such security + threats as spoofing identity. - o Secure X11 sessions. The program automatically sets DISPLAY on - the server machine, and forwards any X11 connections over the - secure channel. Fake Xauthority information is automatically - generated and forwarded to the remote machine; the local client - automatically examines incoming X11 connections and replaces the - fake authorization data with the real data (never telling the - remote machine the real information). +o Authentication of both ends of connection, the server and the client + are authenticated to prevent identity spoofing, trojan horses, etc. - o Arbitrary TCP/IP ports can be redirected through the encrypted channel - in both directions (e.g., for e-cash transactions). +o Automatic authentication using agents to enable strong + authentication to multiple systems with a single-sign-on. - o No retraining needed for normal users; everything happens - automatically, and old .rhosts files will work with strong - authentication if administration installs host key files. +o Encryption and compression of data for security and speed. - o Never trusts the network. Minimal trust on the remote side of - the connection. Minimal trust on domain name servers. Pure RSA - authentication never trusts anything but the private key. +o Secure file transfer. - o Client RSA-authenticates the server machine in the beginning of - every connection to prevent trojan horses (by routing or DNS - spoofing) and man-in-the-middle attacks, and the server - RSA-authenticates the client machine before accepting .rhosts or - /etc/hosts.equiv authentication (to prevent DNS, routing, or - IP-spoofing). +o Tunneling and encryption of arbitrary connections. - o Host authentication key distribution can be centrally by the - administration, automatically when the first connection is made - to a machine (the key obtained on the first connection will be - recorded and used for authentication in the future), or manually - by each user for his/her own use. The central and per-user host - key repositories are both used and complement each other. Host - keys can be generated centrally or automatically when the software - is installed. Host authentication keys are typically 1024 bits. - - o Any user can create any number of user authentication RSA keys for - his/her own use. Each user has a file which lists the RSA public - keys for which proof of possession of the corresponding private - key is accepted as authentication. User authentication keys are - typically 1024 bits. - - o The server program has its own server RSA key which is - automatically regenerated every hour. This key is never saved in - any file. Exchanged session keys are encrypted using both the - server key and the server host key. The purpose of the separate - server key is to make it impossible to decipher a captured session by - breaking into the server machine at a later time; one hour from - the connection even the server machine cannot decipher the session - key. The key regeneration interval is configurable. The server - key is normally 768 bits. - - o An authentication agent, running in the user's laptop or local - workstation, can be used to hold the user's RSA authentication - keys. Ssh automatically forwards the connection to the - authentication agent over any connections, and there is no need to - store the RSA authentication keys on any machine in the network - (except the user's own local machine). The authentication - protocols never reveal the keys; they can only be used to verify - that the user's agent has a certain key. Eventually the agent - could rely on a smart card to perform all authentication - computations. - - o The software can be installed and used (with restricted - functionality) even without root privileges. - - o The client is customizable in system-wide and per-user - configuration files. Most aspects of the client's operation can - be configured. Different options can be specified on a per-host basis. - - o Automatically executes conventional rsh (after displaying a - warning) if the server machine is not running sshd. - - o Optional compression of all data with gzip (including forwarded X11 - and TCP/IP port data), which may result in significant speedups on - slow connections. +See http://www.ssh.fi/ for more details. diff --git a/security/ssh2/pkg-plist b/security/ssh2/pkg-plist index c99dd209976f..8d6c7cff7eba 100644 --- a/security/ssh2/pkg-plist +++ b/security/ssh2/pkg-plist @@ -1,29 +1,58 @@ -etc/rc.d/sshd.sh -bin/scp1 -bin/scp -bin/ssh1 +bin/ssh2 +@exec mv %D/bin/ssh %D/bin/ssh.old bin/ssh -bin/slogin -bin/ssh-add1 -bin/ssh-add -bin/ssh-agent1 +@unexec mv -f %B/%f.old %B/%f +bin/scp2 +@exec mv %D/bin/scp %D/bin/scp.old +bin/scp +@unexec mv -f %B/%f.old %B/%f +bin/sftp2 +bin/sftp +bin/sftp-server2 +bin/sftp-server +bin/ssh-agent2 +@exec mv %D/bin/ssh-agent %D/bin/ssh-agent.old bin/ssh-agent -bin/ssh-askpass1 -bin/ssh-askpass -bin/ssh-keygen1 +@unexec mv -f %B/%f.old %B/%f +bin/ssh-keygen2 +@exec mv %D/bin/ssh-keygen %D/bin/ssh-keygen.old bin/ssh-keygen -bin/make-ssh-known-hosts1 -bin/make-ssh-known-hosts -etc/ssh_config -etc/sshd_config -man/man1/make-ssh-known-hosts.1.gz -man/man1/scp.1.gz +@unexec mv -f %B/%f.old %B/%f +bin/ssh-add2 +@exec mv %D/bin/ssh-add %D/bin/ssh-add.old +bin/ssh-add +@unexec mv -f %B/%f.old %B/%f +bin/ssh-askpass2 +@exec mv %D/bin/ssh-askpass %D/bin/ssh-askpass.old +bin/ssh-askpass +@unexec mv -f %B/%f.old %B/%f +etc/ssh2/ssh2_config +etc/ssh2/sshd2_config +man/man1/sftp.1.gz +@exec mv %D/man/man1/ssh.1.gz %D/man/man1/ssh.old.1.gz +man/man1/ssh.1.gz +@unexec mv -f %B/ssh.old.1.gz %B/%f +@exec mv %D/man/man1/ssh-add.1.gz %D/man/man1/ssh-add.old.1.gz man/man1/ssh-add.1.gz +@unexec mv -f %B/ssh-add.old.1.gz %B/%f +@exec mv %D/man/man1/ssh-agent.1.gz %D/man/man1/ssh-agent.old.1.gz man/man1/ssh-agent.1.gz +@unexec mv -f %B/ssh-agent.old.1.gz %B/%f +@exec mv %D/man/man1/ssh-keygen.1.gz %D/man/man1/ssh-keygen.old.1.gz man/man1/ssh-keygen.1.gz -man/man1/ssh.1.gz -man/man1/slogin.1.gz +@unexec mv -f %B/ssh-keygen.old.1.gz %B/%f +@exec mv %D/man/man1/scp.1.gz %D/man/man1/scp.old.1.gz +man/man1/scp.1.gz +@unexec mv -f %B/scp.old.1.gz %B/%f +@exec mv %D/man/man8/sshd.8.gz %D/man/man8/sshd.old.8.gz man/man8/sshd.8.gz -sbin/sshd1 +@unexec mv -f %B/sshd.old.8.gz %B/%f +sbin/sshd2 +@exec mv %D/sbin/sshd %D/sbin/sshd.old sbin/sshd -@exec if [ ! -f %D/etc/ssh_host_key ]; then echo "Generating a secret host key.." ; %D/bin/ssh-keygen -N "" -f %D/etc/ssh_host_key; fi +@unexec mv -f %B/%f.old %B/%f +share/doc/ssh2/CHANGES +share/doc/ssh2/LICENSING +share/doc/ssh2/README +@dirrm share/doc/ssh2 +@exec if [ ! -f %D/etc/ssh2/hostkey ]; then umask 022; echo "Generating 1024 bit host key."; %D/bin/ssh-keygen2 -P -b 1024 -t dsa -c "1024-bit dsa hostkey" -o %D/etc/ssh2/hostkey; fi -- cgit v1.2.3