summaryrefslogtreecommitdiff
path: root/pcr/openssh-knock
diff options
context:
space:
mode:
Diffstat (limited to 'pcr/openssh-knock')
-rw-r--r--pcr/openssh-knock/PKGBUILD103
-rw-r--r--pcr/openssh-knock/install10
-rw-r--r--pcr/openssh-knock/sshd.pam6
-rw-r--r--pcr/openssh-knock/sshd.service17
-rw-r--r--pcr/openssh-knock/sshd.socket10
-rw-r--r--pcr/openssh-knock/sshd@.service8
-rw-r--r--pcr/openssh-knock/sshdgenkeys.service17
7 files changed, 171 insertions, 0 deletions
diff --git a/pcr/openssh-knock/PKGBUILD b/pcr/openssh-knock/PKGBUILD
new file mode 100644
index 000000000..bae0ee03d
--- /dev/null
+++ b/pcr/openssh-knock/PKGBUILD
@@ -0,0 +1,103 @@
+# $Id: PKGBUILD 223946 2014-10-07 02:36:53Z bisson $
+# Maintainer (Arch): Gaetan Bisson <bisson@archlinux.org>
+# Contributor (Arch): Aaron Griffin <aaron@archlinux.org>
+# Contributor (Arch): judd <jvinet@zeroflux.org>
+# Maintainer: André Silva <emulatorman@parabola.nu>
+# Contributor: Márcio Silva <coadde@parabola.nu>
+
+_pkgname=openssh
+pkgname=openssh-knock
+pkgver=6.7p1
+pkgrel=1
+pkgdesc='Free version of the SSH connectivity tools, with support for stealth TCP sockets'
+url='http://www.openssh.org/portable.html'
+license=('custom:BSD')
+arch=('i686' 'x86_64')
+conflicts=(${_pkgname})
+provides=(${_pkgname})
+makedepends=('linux-headers')
+depends=('krb5' 'openssl' 'libedit' 'ldns')
+optdepends=('xorg-xauth: X11 forwarding'
+ 'x11-ssh-askpass: input passphrase in X')
+source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${_pkgname}-${pkgver}.tar.gz"{,.asc}
+ "http://gnunet.org/sites/default/files/${_pkgname}-linux-knock-patch_0.diff"
+ 'sshdgenkeys.service'
+ 'sshd@.service'
+ 'sshd.service'
+ 'sshd.socket'
+ 'sshd.pam')
+sha1sums=('14e5fbed710ade334d65925e080d1aaeb9c85bf6' 'SKIP'
+ 'f9ea1f6411548e5c29383664b5a57866bc2579f4'
+ 'cc1ceec606c98c7407e7ac21ade23aed81e31405'
+ '6a0ff3305692cf83aca96e10f3bb51e1c26fccda'
+ 'ec49c6beba923e201505f5669cea48cad29014db'
+ 'e12fa910b26a5634e5a6ac39ce1399a132cf6796'
+ 'd93dca5ebda4610ff7647187f8928a3de28703f3')
+
+backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd')
+
+install=install
+
+prepare() {
+ cd "${srcdir}/${_pkgname}-${pkgver}"
+
+ patch -Np1 -i "${srcdir}"/${_pkgname}-linux-knock-patch_0.diff
+}
+
+build() {
+ cd "${srcdir}/${_pkgname}-${pkgver}"
+
+ export CFLAGS="$CFLAGS -DTCP_STEALTH=25"
+
+ ./configure \
+ --prefix=/usr \
+ --sbindir=/usr/bin \
+ --libexecdir=/usr/lib/ssh \
+ --sysconfdir=/etc/ssh \
+ --with-ldns \
+ --with-libedit \
+ --with-ssl-engine \
+ --with-pam \
+ --with-privsep-user=nobody \
+ --with-kerberos5=/usr \
+ --with-xauth=/usr/bin/xauth \
+ --with-mantype=man \
+ --with-md5-passwords \
+ --with-pid-dir=/run \
+
+ make
+}
+
+check() {
+ cd "${srcdir}/${_pkgname}-${pkgver}"
+
+ make tests || true
+ # hard to suitably test connectivity:
+ # - fails with /bin/false as login shell
+ # - fails with firewall activated, etc.
+}
+
+package() {
+ cd "${srcdir}/${_pkgname}-${pkgver}"
+
+ make DESTDIR="${pkgdir}" install
+
+ ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz
+ install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${_pkgname}/LICENCE"
+
+ install -Dm644 ../sshdgenkeys.service "${pkgdir}"/usr/lib/systemd/system/sshdgenkeys.service
+ install -Dm644 ../sshd@.service "${pkgdir}"/usr/lib/systemd/system/sshd@.service
+ install -Dm644 ../sshd.service "${pkgdir}"/usr/lib/systemd/system/sshd.service
+ install -Dm644 ../sshd.socket "${pkgdir}"/usr/lib/systemd/system/sshd.socket
+ install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd
+
+ install -Dm755 contrib/findssl.sh "${pkgdir}"/usr/bin/findssl.sh
+ install -Dm755 contrib/ssh-copy-id "${pkgdir}"/usr/bin/ssh-copy-id
+ install -Dm644 contrib/ssh-copy-id.1 "${pkgdir}"/usr/share/man/man1/ssh-copy-id.1
+
+ sed \
+ -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
+ -e '/^#PrintMotd yes$/c PrintMotd no # pam does that' \
+ -e '/^#UsePAM no$/c UsePAM yes' \
+ -i "${pkgdir}"/etc/ssh/sshd_config
+}
diff --git a/pcr/openssh-knock/install b/pcr/openssh-knock/install
new file mode 100644
index 000000000..6f0cd3703
--- /dev/null
+++ b/pcr/openssh-knock/install
@@ -0,0 +1,10 @@
+post_upgrade() {
+ if [[ $(vercmp $2 6.2p2) = -1 ]]; then
+ cat <<EOF
+
+==> The sshd daemon has been moved to /usr/bin alongside all binaries.
+==> Please update this path in your scripts if applicable.
+
+EOF
+ fi
+}
diff --git a/pcr/openssh-knock/sshd.pam b/pcr/openssh-knock/sshd.pam
new file mode 100644
index 000000000..7ecef084d
--- /dev/null
+++ b/pcr/openssh-knock/sshd.pam
@@ -0,0 +1,6 @@
+#%PAM-1.0
+#auth required pam_securetty.so #disable remote root
+auth include system-remote-login
+account include system-remote-login
+password include system-remote-login
+session include system-remote-login
diff --git a/pcr/openssh-knock/sshd.service b/pcr/openssh-knock/sshd.service
new file mode 100644
index 000000000..55ed95322
--- /dev/null
+++ b/pcr/openssh-knock/sshd.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=OpenSSH Daemon
+Wants=sshdgenkeys.service
+After=sshdgenkeys.service
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/sshd -D
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+
+# This service file runs an SSH daemon that forks for each incoming connection.
+# If you prefer to spawn on-demand daemons, use sshd.socket and sshd@.service.
diff --git a/pcr/openssh-knock/sshd.socket b/pcr/openssh-knock/sshd.socket
new file mode 100644
index 000000000..e09e32869
--- /dev/null
+++ b/pcr/openssh-knock/sshd.socket
@@ -0,0 +1,10 @@
+[Unit]
+Conflicts=sshd.service
+Wants=sshdgenkeys.service
+
+[Socket]
+ListenStream=22
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
diff --git a/pcr/openssh-knock/sshd@.service b/pcr/openssh-knock/sshd@.service
new file mode 100644
index 000000000..7ce3d37ba
--- /dev/null
+++ b/pcr/openssh-knock/sshd@.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=OpenSSH Per-Connection Daemon
+After=sshdgenkeys.service
+
+[Service]
+ExecStart=-/usr/bin/sshd -i
+StandardInput=socket
+StandardError=syslog
diff --git a/pcr/openssh-knock/sshdgenkeys.service b/pcr/openssh-knock/sshdgenkeys.service
new file mode 100644
index 000000000..1d01b7acf
--- /dev/null
+++ b/pcr/openssh-knock/sshdgenkeys.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=SSH Key Generation
+ConditionPathExists=|!/etc/ssh/ssh_host_key
+ConditionPathExists=|!/etc/ssh/ssh_host_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key
+ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key.pub
+
+[Service]
+ExecStart=/usr/bin/ssh-keygen -A
+Type=oneshot
+RemainAfterExit=yes