4b0456e6 |
Summary: Free version of the SSH connectivity tools
Name: openssh |
31bdabdc |
Version: 7.5p1 |
7f9d2e12 |
Release: 7%{?dist} |
4b0456e6 |
License: BSD |
2dc1c06b |
URL: https://www.openssh.com/ |
4b0456e6 |
Group: System Environment/Security
Vendor: VMware, Inc.
Distribution: Photon |
2dc1c06b |
Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz |
31bdabdc |
%define sha1 openssh=5e8f185d00afb4f4f89801e9b0f8b9cee9d87ebd |
4b0456e6 |
Source1: http://www.linuxfromscratch.org/blfs/downloads/systemd/blfs-systemd-units-20140907.tar.bz2
%define sha1 blfs-systemd-units=713afb3bbe681314650146e5ec412ef77aa1fe33 |
ffae6476 |
Source2: sshd.service
Source3: sshd-keygen.service |
fe6a99bc |
Patch0: blfs_systemd_fixes.patch |
31bdabdc |
Patch1: openssh-7.5p1-fips.patch
Patch2: openssh-7.5p1-configure-fips.patch |
f4d17450 |
BuildRequires: openssl-devel |
4b0456e6 |
BuildRequires: Linux-PAM-devel |
9b8c6e17 |
BuildRequires: krb5-devel |
47875de7 |
BuildRequires: e2fsprogs-devel |
ebcd0400 |
BuildRequires: systemd |
4b0456e6 |
Requires: openssh-clients = %{version}-%{release}
Requires: openssh-server = %{version}-%{release} |
f4d17450 |
%description
The OpenSSH package contains ssh clients and the sshd daemon. This is |
31bdabdc |
useful for encrypting authentication and subsequent traffic over a
network. The ssh and scp commands are secure implementions of telnet |
f4d17450 |
and rcp respectively. |
1fc405a6 |
%package clients
Summary: openssh client applications. |
93a23dbb |
Requires: openssl |
1fc405a6 |
%description clients
This provides the ssh client utilities.
%package server
Summary: openssh server applications |
93a23dbb |
Requires: Linux-PAM |
7f9d2e12 |
Requires: (shadow or toybox) |
93a23dbb |
Requires: ncurses-terminfo
Requires: openssh-clients = %{version}-%{release} |
9d42f28e |
Requires(post): /bin/chown |
1fc405a6 |
%description server
This provides the ssh server daemons, utilities, configuration and service files.
|
f4d17450 |
%prep
%setup -q |
70c915af |
tar xf %{SOURCE1} --no-same-owner |
fe6a99bc |
%patch0 -p0
%patch1 -p1 |
0a4fc2b1 |
%patch2 -p1 |
f4d17450 |
%build
./configure \ |
93a23dbb |
CFLAGS="%{optflags}" \
CXXFLAGS="%{optflags}" \
--prefix=%{_prefix} \
--bindir=%{_bindir} \
--libdir=%{_libdir} \
--sysconfdir=/etc/ssh \
--datadir=/usr/share/sshd \
--with-md5-passwords \
--with-privsep-path=/var/lib/sshd \ |
2dc1c06b |
--with-pam \ |
93a23dbb |
--with-maintype=man \ |
fe6a99bc |
--enable-strip=no \ |
93a23dbb |
--with-kerberos5=/usr |
5a8b5eb5 |
make |
f4d17450 |
%install
[ %{buildroot} != "/"] && rm -rf %{buildroot}/*
make DESTDIR=%{buildroot} install
install -vdm755 %{buildroot}/var/lib/sshd |
93c7c0b2 |
echo "AllowTcpForwarding no" >> %{buildroot}/etc/ssh/sshd_config
echo "ClientAliveCountMax 2" >> %{buildroot}/etc/ssh/sshd_config
echo "Compression no" >> %{buildroot}/etc/ssh/sshd_config
echo "MaxAuthTries 2" >> %{buildroot}/etc/ssh/sshd_config |
149fc323 |
#echo "MaxSessions 2" >> %{buildroot}/etc/ssh/sshd_config |
93c7c0b2 |
echo "TCPKeepAlive no" >> %{buildroot}/etc/ssh/sshd_config
echo "AllowAgentForwarding no" >> %{buildroot}/etc/ssh/sshd_config |
f4d17450 |
echo "PermitRootLogin no" >> %{buildroot}/etc/ssh/sshd_config
echo "UsePAM yes" >> %{buildroot}/etc/ssh/sshd_config |
93a23dbb |
# Install daemon script |
f4d17450 |
pushd blfs-systemd-units-20140907
make DESTDIR=%{buildroot} install-sshd
popd |
ebcd0400 |
|
ffae6476 |
install -m644 %{SOURCE2} %{buildroot}/lib/systemd/system/sshd.service
install -m644 %{SOURCE3} %{buildroot}/lib/systemd/system/sshd-keygen.service |
1fc405a6 |
install -m755 contrib/ssh-copy-id %{buildroot}/%{_bindir}/
install -m644 contrib/ssh-copy-id.1 %{buildroot}/%{_mandir}/man1/
|
f4d17450 |
%{_fixperms} %{buildroot}/* |
9067c3d4 |
|
f4d17450 |
%check |
31bdabdc |
if ! getent passwd sshd >/dev/null; then
useradd sshd
fi |
9067c3d4 |
if [ ! -d /var/lib/sshd ]; then
mkdir /var/lib/sshd
chmod 0755 /var/lib/sshd
fi |
f4fda162 |
cp %{buildroot}/usr/bin/scp /usr/bin
chmod g+w . -R
useradd test -G root -m
sudo -u test -s /bin/bash -c "PATH=$PATH make tests" |
ebcd0400 |
|
1fc405a6 |
%pre server |
d6633136 |
getent group sshd >/dev/null || groupadd -g 50 sshd
getent passwd sshd >/dev/null || useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false -u 50 sshd |
819141e7 |
|
1fc405a6 |
%preun server |
819141e7 |
%systemd_preun sshd.service sshd-keygen.service
|
1fc405a6 |
%post server |
f4d17450 |
/sbin/ldconfig |
819141e7 |
if [ $1 -eq 1 ] ; then
chown -v root:sys /var/lib/sshd
fi
%systemd_post sshd.service sshd-keygen.service |
9e181dc8 |
|
1fc405a6 |
%postun server |
f4d17450 |
/sbin/ldconfig |
d6633136 |
%systemd_postun_with_restart sshd.service sshd-keygen.service |
819141e7 |
if [ $1 -eq 0 ] ; then
if getent passwd sshd >/dev/null; then
userdel sshd
fi
if getent group sshd >/dev/null; then
groupdel sshd
fi
fi |
d6633136 |
|
f4d17450 |
%clean
rm -rf %{buildroot}/*
%files |
1fc405a6 |
%files server |
f4d17450 |
%defattr(-,root,root) |
2e967102 |
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config |
1fc405a6 |
%attr(700,root,sys)/var/lib/sshd
/lib/systemd/system/sshd-keygen.service |
f4d17450 |
/lib/systemd/system/sshd.service
/lib/systemd/system/sshd.socket
/lib/systemd/system/sshd@.service |
1fc405a6 |
%{_sbindir}/sshd
%{_libexecdir}/sftp-server
%{_mandir}/man5/sshd_config.5.gz
%{_mandir}/man8/sshd.8.gz
%{_mandir}/man5/moduli.5.gz
%{_mandir}/man8/sftp-server.8.gz
%files clients
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
%{_bindir}/ssh
%{_bindir}/scp
%{_bindir}/sftp
%{_bindir}/ssh-keygen
%{_bindir}/ssh-keyscan
%{_bindir}/ssh-add
%{_bindir}/ssh-agent
%{_bindir}/ssh-copy-id
%{_libexecdir}/ssh-keysign
%{_libexecdir}/ssh-pkcs11-helper
%{_mandir}/man1/scp.1.gz
%{_mandir}/man1/ssh-agent.1.gz
%{_mandir}/man1/ssh-keygen.1.gz
%{_mandir}/man1/ssh-keyscan.1.gz
%{_mandir}/man5/ssh_config.5.gz
%{_mandir}/man1/ssh-add.1.gz
%{_mandir}/man1/ssh.1.gz
%{_mandir}/man1/ssh-copy-id.1.gz
%{_mandir}/man1/sftp.1.gz
%{_mandir}/man8/ssh-keysign.8.gz
%{_mandir}/man8/ssh-pkcs11-helper.8.gz
|
f4d17450 |
%changelog |
7f9d2e12 |
* Mon Sep 18 2017 Alexey Makhalov <amakhalov@vmware.com> 7.5p1-7
- Requires shadow or toybox |
149fc323 |
* Thu Sep 14 2017 Alexey Makhalov <amakhalov@vmware.com> 7.5p1-6
- sshd config: revert MaxSessions to original value |
93c7c0b2 |
* Thu Aug 31 2017 Alexey Makhalov <amakhalov@vmware.com> 7.5p1-5
- sshd config hardening based on lynis recommendations |
f4fda162 |
* Thu Aug 10 2017 Chang Lee <changlee@vmware.com> 7.5p1-4
- Fixed %check |
ffae6476 |
* Mon Jul 24 2017 Dheeraj Shetty <dheerajs@vmware.com> 7.5p1-3
- Seperate the service file from the spec file |
9d42f28e |
* Wed May 3 2017 Bo Gan <ganb@vmware.com> 7.5p1-2
- Fixed openssh-server dependency on coreutils |
31bdabdc |
* Tue Mar 28 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 7.5p1-1
- Update version |
0a4fc2b1 |
* Thu Feb 09 2017 Anish Swaminathan <anishs@vmware.com> 7.4p1-3
- Add patch to configure openssh FIPS mode |
fe6a99bc |
* Thu Feb 02 2017 Anish Swaminathan <anishs@vmware.com> 7.4p1-2
- Add patch to support FIPS mode |
0a4fc2b1 |
* Fri Jan 06 2017 Xiaolin Li <xiaolinl@vmware.com> 7.4p1-1 |
2dc1c06b |
- Updated to version 7.4p1. |
4b0456e6 |
* Wed Dec 14 2016 Xiaolin Li <xiaolinl@vmware.com> 7.1p2-10
- BuildRequires Linux-PAM-devel |
93a23dbb |
* Mon Dec 12 2016 Anish Swaminathan <anishs@vmware.com> 7.1p2-9
- Add patch to fix CVE-2016-8858 |
9f61469c |
* Thu Nov 24 2016 Alexey Makhalov <amakhalov@vmware.com> 7.1p2-8
- openssh-devel requires ncurses-terminfo to provide extra terms
for the clients |
9b8c6e17 |
* Thu Nov 24 2016 Alexey Makhalov <amakhalov@vmware.com> 7.1p2-7
- Required krb5-devel.
* Thu Nov 03 2016 Sharath George <sharathg@vmware.com> 7.1p2-6
- Split openssh into client and server rpms.
* Wed Oct 05 2016 ChangLee <changlee@vmware.com> 7.1p2-5
- Modified %check
* Thu Sep 15 2016 Anish Swaminathan <anishs@vmware.com> 7.1p2-4
- Add patch to fix CVE-2016-6515
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 7.1p2-3
- GA - Bump release of all rpms
* Wed May 04 2016 Anish Swaminathan <anishs@vmware.com> 7.1p2-2
- Edit scriptlets.
* Thu Mar 17 2016 Xiaolin Li <xiaolinl@vmware.com> 7.1p2-1
- Updated to version 7.1p2
* Fri Feb 05 2016 Anish Swaminathan <anishs@vmware.com> 6.6p1-6
- Add pre install scripts in the rpm
* Tue Jan 12 2016 Anish Swaminathan <anishs@vmware.com> 6.6p1-5
- Change config file attributes.
* Thu Dec 10 2015 Xiaolin Li <xiaolinl@vmware.com> 6.6p1-4
- Add systemd to Requires and BuildRequires.
- Use systemctl to enable/disable service.
* Fri Jul 17 2015 Divya Thaluru <dthaluru@vmware.com> 6.6p1-3
- Enabling ssh-keygen service by default and fixed service file to execute only once.
* Tue May 19 2015 Sharath George <sharathg@vmware.com> 6.6p1-2
- Bulding ssh server with kerberos 5.
* Wed Nov 5 2014 Divya Thaluru <dthaluru@vmware.com> 6.6p1-1
- Initial build. First version |