diff options
Diffstat (limited to 'pcr/openssh-knock')
-rw-r--r-- | pcr/openssh-knock/PKGBUILD | 103 | ||||
-rw-r--r-- | pcr/openssh-knock/install | 10 | ||||
-rw-r--r-- | pcr/openssh-knock/sshd.pam | 6 | ||||
-rw-r--r-- | pcr/openssh-knock/sshd.service | 17 | ||||
-rw-r--r-- | pcr/openssh-knock/sshd.socket | 10 | ||||
-rw-r--r-- | pcr/openssh-knock/sshd@.service | 8 | ||||
-rw-r--r-- | pcr/openssh-knock/sshdgenkeys.service | 17 |
7 files changed, 171 insertions, 0 deletions
diff --git a/pcr/openssh-knock/PKGBUILD b/pcr/openssh-knock/PKGBUILD new file mode 100644 index 000000000..bae0ee03d --- /dev/null +++ b/pcr/openssh-knock/PKGBUILD @@ -0,0 +1,103 @@ +# $Id: PKGBUILD 223946 2014-10-07 02:36:53Z bisson $ +# Maintainer (Arch): Gaetan Bisson <bisson@archlinux.org> +# Contributor (Arch): Aaron Griffin <aaron@archlinux.org> +# Contributor (Arch): judd <jvinet@zeroflux.org> +# Maintainer: André Silva <emulatorman@parabola.nu> +# Contributor: Márcio Silva <coadde@parabola.nu> + +_pkgname=openssh +pkgname=openssh-knock +pkgver=6.7p1 +pkgrel=1 +pkgdesc='Free version of the SSH connectivity tools, with support for stealth TCP sockets' +url='http://www.openssh.org/portable.html' +license=('custom:BSD') +arch=('i686' 'x86_64') +conflicts=(${_pkgname}) +provides=(${_pkgname}) +makedepends=('linux-headers') +depends=('krb5' 'openssl' 'libedit' 'ldns') +optdepends=('xorg-xauth: X11 forwarding' + 'x11-ssh-askpass: input passphrase in X') +source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${_pkgname}-${pkgver}.tar.gz"{,.asc} + "http://gnunet.org/sites/default/files/${_pkgname}-linux-knock-patch_0.diff" + 'sshdgenkeys.service' + 'sshd@.service' + 'sshd.service' + 'sshd.socket' + 'sshd.pam') +sha1sums=('14e5fbed710ade334d65925e080d1aaeb9c85bf6' 'SKIP' + 'f9ea1f6411548e5c29383664b5a57866bc2579f4' + 'cc1ceec606c98c7407e7ac21ade23aed81e31405' + '6a0ff3305692cf83aca96e10f3bb51e1c26fccda' + 'ec49c6beba923e201505f5669cea48cad29014db' + 'e12fa910b26a5634e5a6ac39ce1399a132cf6796' + 'd93dca5ebda4610ff7647187f8928a3de28703f3') + +backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd') + +install=install + +prepare() { + cd "${srcdir}/${_pkgname}-${pkgver}" + + patch -Np1 -i "${srcdir}"/${_pkgname}-linux-knock-patch_0.diff +} + +build() { + cd "${srcdir}/${_pkgname}-${pkgver}" + + export CFLAGS="$CFLAGS -DTCP_STEALTH=25" + + ./configure \ + --prefix=/usr \ + --sbindir=/usr/bin \ + --libexecdir=/usr/lib/ssh \ + --sysconfdir=/etc/ssh \ + --with-ldns \ + --with-libedit \ + --with-ssl-engine \ + --with-pam \ + --with-privsep-user=nobody \ + --with-kerberos5=/usr \ + --with-xauth=/usr/bin/xauth \ + --with-mantype=man \ + --with-md5-passwords \ + --with-pid-dir=/run \ + + make +} + +check() { + cd "${srcdir}/${_pkgname}-${pkgver}" + + make tests || true + # hard to suitably test connectivity: + # - fails with /bin/false as login shell + # - fails with firewall activated, etc. +} + +package() { + cd "${srcdir}/${_pkgname}-${pkgver}" + + make DESTDIR="${pkgdir}" install + + ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz + install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${_pkgname}/LICENCE" + + install -Dm644 ../sshdgenkeys.service "${pkgdir}"/usr/lib/systemd/system/sshdgenkeys.service + install -Dm644 ../sshd@.service "${pkgdir}"/usr/lib/systemd/system/sshd@.service + install -Dm644 ../sshd.service "${pkgdir}"/usr/lib/systemd/system/sshd.service + install -Dm644 ../sshd.socket "${pkgdir}"/usr/lib/systemd/system/sshd.socket + install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd + + install -Dm755 contrib/findssl.sh "${pkgdir}"/usr/bin/findssl.sh + install -Dm755 contrib/ssh-copy-id "${pkgdir}"/usr/bin/ssh-copy-id + install -Dm644 contrib/ssh-copy-id.1 "${pkgdir}"/usr/share/man/man1/ssh-copy-id.1 + + sed \ + -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \ + -e '/^#PrintMotd yes$/c PrintMotd no # pam does that' \ + -e '/^#UsePAM no$/c UsePAM yes' \ + -i "${pkgdir}"/etc/ssh/sshd_config +} diff --git a/pcr/openssh-knock/install b/pcr/openssh-knock/install new file mode 100644 index 000000000..6f0cd3703 --- /dev/null +++ b/pcr/openssh-knock/install @@ -0,0 +1,10 @@ +post_upgrade() { + if [[ $(vercmp $2 6.2p2) = -1 ]]; then + cat <<EOF + +==> The sshd daemon has been moved to /usr/bin alongside all binaries. +==> Please update this path in your scripts if applicable. + +EOF + fi +} diff --git a/pcr/openssh-knock/sshd.pam b/pcr/openssh-knock/sshd.pam new file mode 100644 index 000000000..7ecef084d --- /dev/null +++ b/pcr/openssh-knock/sshd.pam @@ -0,0 +1,6 @@ +#%PAM-1.0 +#auth required pam_securetty.so #disable remote root +auth include system-remote-login +account include system-remote-login +password include system-remote-login +session include system-remote-login diff --git a/pcr/openssh-knock/sshd.service b/pcr/openssh-knock/sshd.service new file mode 100644 index 000000000..55ed95322 --- /dev/null +++ b/pcr/openssh-knock/sshd.service @@ -0,0 +1,17 @@ +[Unit] +Description=OpenSSH Daemon +Wants=sshdgenkeys.service +After=sshdgenkeys.service +After=network.target + +[Service] +ExecStart=/usr/bin/sshd -D +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +Restart=always + +[Install] +WantedBy=multi-user.target + +# This service file runs an SSH daemon that forks for each incoming connection. +# If you prefer to spawn on-demand daemons, use sshd.socket and sshd@.service. diff --git a/pcr/openssh-knock/sshd.socket b/pcr/openssh-knock/sshd.socket new file mode 100644 index 000000000..e09e32869 --- /dev/null +++ b/pcr/openssh-knock/sshd.socket @@ -0,0 +1,10 @@ +[Unit] +Conflicts=sshd.service +Wants=sshdgenkeys.service + +[Socket] +ListenStream=22 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/pcr/openssh-knock/sshd@.service b/pcr/openssh-knock/sshd@.service new file mode 100644 index 000000000..7ce3d37ba --- /dev/null +++ b/pcr/openssh-knock/sshd@.service @@ -0,0 +1,8 @@ +[Unit] +Description=OpenSSH Per-Connection Daemon +After=sshdgenkeys.service + +[Service] +ExecStart=-/usr/bin/sshd -i +StandardInput=socket +StandardError=syslog diff --git a/pcr/openssh-knock/sshdgenkeys.service b/pcr/openssh-knock/sshdgenkeys.service new file mode 100644 index 000000000..1d01b7acf --- /dev/null +++ b/pcr/openssh-knock/sshdgenkeys.service @@ -0,0 +1,17 @@ +[Unit] +Description=SSH Key Generation +ConditionPathExists=|!/etc/ssh/ssh_host_key +ConditionPathExists=|!/etc/ssh/ssh_host_key.pub +ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key +ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub +ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key +ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key.pub +ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key +ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key.pub +ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key +ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key.pub + +[Service] +ExecStart=/usr/bin/ssh-keygen -A +Type=oneshot +RemainAfterExit=yes |