From b9c8a30006cdcb4726b28724cb2a1640ae8a774f Mon Sep 17 00:00:00 2001
From: cvs2git <feedback@pld-linux.org>
Date: Thu, 25 Mar 2004 19:53:18 +0000
Subject: [PATCH] This commit was manufactured by cvs2git to create branch
 'RA-branch'.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Cherrypick from master 2004-03-25 19:53:18 UTC Arkadiusz Miśkiewicz <arekm@maven.pl> '- add ForwardX11Trusted':
    openssh-pam-conv.patch -> 1.2
    openssh.conf -> 1.5
Cherrypick from master 2003-10-07 19:20:01 UTC pius <pius@pld-linux.org> '- added UseChroot option':
    opensshd.conf -> 1.14
Cherrypick from RA-DEVEL 2003-12-25 17:02:32 UTC ankry <ankry@pld-linux.org> '- rel. 4: rel 1-3 are in Ac':
    openssh.spec -> 1.184.2.4
    opensshd.init -> 1.22.2.1
---
 openssh-pam-conv.patch |  18 ++
 openssh.conf           |  40 +++
 openssh.spec           | 563 +++++++++++++++++++++++++++++++++++++++++
 opensshd.conf          |  94 +++++++
 opensshd.init          | 111 ++++++++
 5 files changed, 826 insertions(+)
 create mode 100644 openssh-pam-conv.patch
 create mode 100644 openssh.conf
 create mode 100644 openssh.spec
 create mode 100644 opensshd.conf
 create mode 100644 opensshd.init

diff --git a/openssh-pam-conv.patch b/openssh-pam-conv.patch
new file mode 100644
index 0000000..0cbb9bc
--- /dev/null
+++ b/openssh-pam-conv.patch
@@ -0,0 +1,18 @@
+diff -ur openssh-3.7.1p2/auth-pam.c openssh-3.7.1p2-pam/auth-pam.c
+--- openssh-3.7.1p2/auth-pam.c	2003-09-23 11:24:21.000000000 +0200
++++ openssh-3.7.1p2-pam/auth-pam.c	2003-09-23 18:44:46.000000000 +0200
+@@ -175,12 +175,14 @@
+ 		case PAM_ERROR_MSG:
+ 			buffer_put_cstring(&buffer, 
+ 			    PAM_MSG_MEMBER(msg, i, msg));
++			buffer_put_char(&buffer, '\n');
+ 			ssh_msg_send(ctxt->pam_csock, 
+ 			    PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
+ 			break;
+ 		case PAM_TEXT_INFO:
+ 			buffer_put_cstring(&buffer, 
+ 			    PAM_MSG_MEMBER(msg, i, msg));
++			buffer_put_char(&buffer, '\n');
+ 			ssh_msg_send(ctxt->pam_csock, 
+ 			    PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
+ 			break;
diff --git a/openssh.conf b/openssh.conf
new file mode 100644
index 0000000..cc1130e
--- /dev/null
+++ b/openssh.conf
@@ -0,0 +1,40 @@
+# This is the ssh client system-wide configuration file.  See
+# ssh_config(5) for more information.  This file provides defaults for
+# users, and the values can be changed in per-user configuration files
+# or on the command line.
+
+# Configuration data is parsed as follows:
+#  1. command line options
+#  2. user-specific file
+#  3. system-wide file
+# Any configuration value is only changed the first time it is set.
+# Thus, host-specific definitions should be at the beginning of the
+# configuration file, and defaults at the end.
+
+# Site-wide defaults for various options
+
+# Host *
+#   ForwardAgent no
+#   ForwardX11 no
+#   RhostsAuthentication no
+#   RhostsRSAAuthentication no
+#   RSAAuthentication yes
+#   PasswordAuthentication yes
+#   BatchMode no
+#   CheckHostIP yes
+#   StrictHostKeyChecking ask
+#   IdentityFile ~/.ssh/identity
+#   IdentityFile ~/.ssh/id_rsa
+#   IdentityFile ~/.ssh/id_dsa
+#   Port 22
+#   Protocol 2,1
+#   Cipher 3des
+#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
+#   EscapeChar ~
+
+# Be paranoid by default
+Host *
+	ForwardAgent no
+	ForwardX11 no
+	ForwardX11Trusted no
+	StrictHostKeyChecking no
diff --git a/openssh.spec b/openssh.spec
new file mode 100644
index 0000000..9be87ef
--- /dev/null
+++ b/openssh.spec
@@ -0,0 +1,563 @@
+#
+# Conditional build:
+%bcond_without	gnome		# without gnome-askpass utility
+%bcond_with	gtk		# without gtk (2.x)
+%bcond_with	ldap		# with ldap support
+%bcond_with	kerberos5	# without kerberos5 support
+%bcond_with	chroot		# without chrooted user environment support
+#
+%{?with_gtk:%undefine with_gnome}
+Summary:	OpenSSH free Secure Shell (SSH) implementation
+Summary(de):	OpenSSH - freie Implementation der Secure Shell (SSH)
+Summary(es):	Implementación libre de SSH
+Summary(fr):	Implémentation libre du shell sécurisé OpenSSH (SSH)
+Summary(it):	Implementazione gratuita OpenSSH della Secure Shell
+Summary(pl):	Publicznie dostêpna implementacja bezpiecznego shella (SSH)
+Summary(pt):	Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH)
+Summary(pt_BR):	Implementação livre do SSH
+Summary(ru):	OpenSSH - Ó×ÏÂÏÄÎÁÑ ÒÅÁÌÉÚÁÃÉÑ ÐÒÏÔÏËÏÌÁ Secure Shell (SSH)
+Summary(uk):	OpenSSH - צÌØÎÁ ÒÅÁ̦ÚÁÃ¦Ñ ÐÒÏÔÏËÏÌÕ Secure Shell (SSH)
+Name:		openssh
+Version:	3.7.1p2
+Release:	4
+Epoch:		2
+License:	BSD
+Group:		Applications/Networking
+Source0:	ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
+# Source0-md5:	61cf5b059938718308836d00f6764a94
+Source1:	%{name}d.conf
+Source2:	%{name}.conf
+Source3:	%{name}d.init
+Source4:	%{name}d.pamd
+Source5:	%{name}.sysconfig
+Source6:	passwd.pamd
+Source7:	%{name}-askpass.sh
+Source8:	%{name}-askpass.csh
+Source9:	http://www.imasy.or.jp/~gotoh/ssh/connect.c
+# NoSource9-md5:	c78de727e1208799072be78c05d64398
+Source10:	http://www.imasy.or.jp/~gotoh/ssh/connect.html
+# NoSource10-md5:	f14cb61fafd067a3f5ce4eaa9643bf05
+Patch0:		%{name}-no_libnsl.patch
+Patch2:		%{name}-linux-ipv6.patch
+Patch3:		%{name}-pam_misc.patch
+Patch4:		%{name}-sigpipe.patch
+# http://ldappubkey.gcu-squad.org/
+Patch5:		ldappubkey-ossh3.6-v2.patch
+Patch6:		%{name}-heimdal.patch
+Patch7:		%{name}-pam-conv.patch
+# http://chrootssh.sourceforge.net/download/osshChroot-3.7.1p2.diff
+Patch8:		%{name}-chroot.patch
+URL:		http://www.openssh.com/
+BuildRequires:	autoconf
+BuildRequires:	automake
+%{?with_gnome:BuildRequires:	gnome-libs-devel}
+%{?with_gtk:BuildRequires:	gtk+2-devel}
+BuildRequires:	libwrap-devel
+BuildRequires:	openssl-devel >= 0.9.6k
+%{?with_ldap:BuildRequires:	openldap-devel}
+%{?with_kerberos5:BuildRequires:	heimdal-devel}
+BuildRequires:	pam-devel
+BuildRequires:	%{__perl}
+%{?with_gtk:BuildRequires:	pkgconfig}
+BuildRequires:	zlib-devel
+PreReq:		FHS >= 2.1-24
+PreReq:		openssl >= 0.9.6k
+Obsoletes:	ssh
+BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+
+%define		_sysconfdir	/etc/ssh
+%define		_libexecdir	%{_libdir}/%{name}
+%define		_privsepdir	/usr/share/empty
+
+%description
+Ssh (Secure Shell) a program for logging into a remote machine and for
+executing commands in a remote machine. It is intended to replace
+rlogin and rsh, and provide secure encrypted communications between
+two untrusted hosts over an insecure network. X11 connections and
+arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
+it up to date in terms of security and features, as well as removing
+all patented algorithms to seperate libraries (OpenSSL).
+
+This package includes the core files necessary for both the OpenSSH
+client and server. To make this package useful, you should also
+install openssh-clients, openssh-server, or both.
+
+%description -l de
+OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
+ersetzt telnet, rlogin, rexec und rsh und stellt eine sichere,
+verschlüsselte Verbindung zwischen zwei nicht vertrauenswürdigen Hosts
+über eine unsicheres Netzwerk her. X11 Verbindungen und beliebige
+andere TCP/IP Ports können ebenso über den sicheren Channel
+weitergeleitet werden.
+
+%description -l es
+SSH es un programa para accesar y ejecutar órdenes en computadores
+remotos. Sustituye rlogin y rsh, y suministra un canal de comunicación
+seguro entre dos servidores en una red insegura. Conexiones X11 y
+puertas TCP/IP arbitrárias también pueden ser usadas por el canal
+seguro.
+
+OpenSSH es el resultado del trabajo del equipo de OpenBSD para
+continuar la última versión gratuita de SSH, actualizándolo en
+términos de seguridad y recursos,así también eliminando todos los
+algoritmos patentados y colocándolos en bibliotecas separadas
+(OpenSSL).
+
+Este paquete contiene "port" para Linux de OpenSSH. Se debe instalar
+también el paquete openssh-clients u openssh-server o ambos.
+
+%description -l fr
+OpenSSH (Secure Shell) fournit un accès à un système distant. Il
+remplace telnet, rlogin, rexec et rsh, tout en assurant des
+communications cryptées securisées entre deux hôtes non fiabilisés sur
+un réseau non sécurisé. Des connexions X11 et des ports TCP/IP
+arbitraires peuvent également être transmis sur le canal sécurisé.
+
+%description -l it
+OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
+Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni
+sicure e crittate tra due host non fidati su una rete non sicura. Le
+connessioni X11 ad una porta TCP/IP arbitraria possono essere
+inoltrate attraverso un canale sicuro.
+
+%description -l pl
+Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln±
+maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
+zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie
+pomiedzy dwoma hostami.
+
+Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
+klienta jak i serwera OpenSSH. Aby by³ u¿yteczny, trzeba zainstalowaæ
+co najmniej jeden z pakietów: openssh-clients lub openssh-server.
+
+%description -l pt
+OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
+telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e
+cifradas entre duas máquinas sem confiança mútua sobre uma rede
+insegura. Ligações X11 e portos TCP/IP arbitrários também poder ser
+reenviados pelo canal seguro.
+
+%description -l pt_BR
+SSH é um programa para acessar e executar comandos em máquinas
+remotas. Ele substitui rlogin e rsh, e provem um canal de comunicação
+seguro entre dois hosts em uma rede insegura. Conexões X11 e portas
+TCP/IP arbitrárias também podem ser usadas pelo canal seguro.
+
+OpenSSH é o resultado do trabalho da equipe do OpenBSD em continuar a
+última versão gratuita do SSH, atualizando-o em termos de segurança e
+recursos, assim como removendo todos os algoritmos patenteados e
+colocando-os em bibliotecas separadas (OpenSSL).
+
+Esse pacote contém o "port" pra Linux do OpenSSH. Você deve instalar
+também ou o pacote openssh-clients, ou o openssh-server, ou ambos.
+
+%description -l ru
+Ssh (Secure Shell) - ÜÔÏ ÐÒÏÇÒÁÍÍÁ ÄÌÑ "ÚÁÈÏÄÁ" (login) ÎÁ ÕÄÁÌÅÎÎÕÀ
+ÍÁÛÉÎÕ É ÄÌÑ ×ÙÐÏÌÎÅÎÉÑ ËÏÍÁÎÄ ÎÁ ÕÄÁÌÅÎÎÏÊ ÍÁÛÉÎÅ. ïÎÁ ÐÒÅÄÎÁÚÎÁÞÅÎÁ
+ÄÌÑ ÚÁÍÅÎÙ rlogin É rsh É ÏÂÅÓÐÅÞÉ×ÁÅÔ ÂÅÚÏÐÁÓÎÕÀ ÛÉÆÒÏ×ÁÎÎÕÀ
+ËÏÍÍÕÎÉËÁÃÉÀ ÍÅÖÄÕ Ä×ÕÍÑ ÈÏÓÔÁÍÉ × ÓÅÔÉ, Ñ×ÌÑÀÝÅÊÓÑ ÎÅÂÅÚÏÐÁÓÎÏÊ.
+óÏÅÄÉÎÅÎÉÑ X11 É ÌÀÂÙÅ ÐÏÒÔÙ TCP/IP ÍÏÇÕÔ ÔÁËÖÅ ÂÙÔØ ÐÒÏ×ÅÄÅÎÙ ÞÅÒÅÚ
+ÂÅÚÏÐÁÓÎÙÊ ËÁÎÁÌ.
+
+OpenSSH - ÜÔÏ ÐÅÒÅÄÅÌËÁ ËÏÍÁÎÄÏÊ ÒÁÚÒÁÂÏÔÞÉËÏ× OpenBSD ÐÏÓÌÅÄÎÅÊ
+Ó×ÏÂÏÄÎÏÊ ×ÅÒÓÉÉ SSH, ÄÏ×ÅÄÅÎÎÁÑ ÄÏ ÓÏ×ÒÅÍÅÎÎÏÇÏ ÓÏÓÔÏÑÎÉÑ × ÔÅÒÍÉÎÁÈ
+ÕÒÏ×ÎÑ ÂÅÚÏÐÁÓÎÏÓÔÉ É ÐÏÄÄÅÒÖÉ×ÁÅÍÙÈ ×ÏÚÍÏÖÎÏÓÔÅÊ. ÷ÓÅ ÐÁÔÅÎÔÏ×ÁÎÎÙÅ
+ÁÌÇÏÒÉÔÍÙ ×ÙÎÅÓÅÎÙ × ÏÔÄÅÌØÎÙÅ ÂÉÂÌÉÏÔÅËÉ (OpenSSL).
+
+üÔÏÔ ÐÁËÅÔ ÓÏÄÅÒÖÉÔ ÆÁÊÌÙ, ÎÅÏÂÈÏÄÉÍÙÅ ËÁË ÄÌÑ ËÌÉÅÎÔÁ, ÔÁË É ÄÌÑ
+ÓÅÒ×ÅÒÁ OpenSSH. ÷ÁÍ ÎÕÖÎÏ ÂÕÄÅÔ ÕÓÔÁÎÏ×ÉÔØ ÅÝÅ openssh-clients,
+openssh-server, ÉÌÉ ÏÂÁ ÐÁËÅÔÁ.
+
+%description -l uk
+Ssh (Secure Shell) - ÃÅ ÐÒÏÇÒÁÍÁ ÄÌÑ "ÚÁÈÏÄÕ" (login) ÄÏ ×¦ÄÄÁÌÅÎϧ
+ÍÁÛÉÎÉ ÔÁ ÄÌÑ ×ÉËÏÎÁÎÎÑ ËÏÍÁÎÄ ÎÁ צÄÄÁÌÅÎ¦Ê ÍÁÛÉΦ. ÷ÏÎÁ ÐÒÉÚÎÁÞÅÎÁ
+ÄÌÑ ÚÁͦÎÉ rlogin ÔÁ rsh ¦ ÚÁÂÅÚÐÅÞÕ¤ ÂÅÚÐÅÞÎÕ ÛÉÆÒÏ×ÁÎÕ ËÏÍÕΦËÁæÀ
+Í¦Ö Ä×ÏÍÁ ÈÏÓÔÁÍÉ × ÍÅÒÅÖ¦, ÑËÁ ÎÅ ¤ ÂÅÚÐÅÞÎÏÀ. ú'¤ÄÎÁÎÎÑ X11 ÔÁ
+ÄÏצÌØΦ ÐÏÒÔÉ TCP/IP ÍÏÖÕÔØ ÔÁËÏÖ ÂÕÔÉ ÐÒÏ×ÅÄÅΦ ÞÅÒÅÚ ÂÅÚÐÅÞÎÉÊ
+ËÁÎÁÌ.
+
+OpenSSH - ÃÅ ÐÅÒÅÒÏÂËÁ ËÏÍÁÎÄÏÀ ÒÏÚÒÏÂÎÉË¦× OpenBSD ÏÓÔÁÎÎØϧ צÌØÎϧ
+×ÅÒÓ¦§ SSH, ÄÏ×ÅÄÅÎÁ ÄÏ ÓÕÞÁÓÎÏÇÏ ÓÔÁÎÕ × ÔÅÒͦÎÁÈ Ò¦×ÎÑ ÂÅÚÐÅËÉ ÔÁ
+ЦÄÔÒÉÍÕ×ÁÎÉÈ ÍÏÖÌÉ×ÏÓÔÅÊ. ÷Ó¦ ÐÁÔÅÎÔÏ×ÁΦ ÁÌÇÏÒÉÔÍÉ ×ÉÎÅÓÅΦ ÄÏ
+ÏËÒÅÍÉÈ Â¦Â̦ÏÔÅË (OpenSSL).
+
+ãÅÊ ÐÁËÅÔ Í¦ÓÔÉÔØ ÆÁÊÌÉ, ÎÅÏÂȦÄΦ ÑË ÄÌÑ Ë̦¤ÎÔÁ, ÔÁË ¦ ÄÌÑ ÓÅÒ×ÅÒÁ
+OpenSSH. ÷ÁÍ ÐÏÔÒ¦ÂÎÏ ÂÕÄÅ ÝÅ ×ÓÔÁÎÏ×ÉÔÉ openssh-clients,
+openssh-server, ÞÉ ÏÂÉÄ×Á ÐÁËÅÔÉ.
+
+%package clients
+Summary:	OpenSSH Secure Shell protocol clients
+Summary(es):	Clientes de OpenSSH
+Summary(pl):	Klienci protoko³u Secure Shell
+Summary(pt_BR):	Clientes do OpenSSH
+Summary(ru):	OpenSSH - ËÌÉÅÎÔÙ ÐÒÏÔÏËÏÌÁ Secure Shell
+Summary(uk):	OpenSSH - Ë̦¤ÎÔÉ ÐÒÏÔÏËÏÌÕ Secure Shell
+Group:		Applications/Networking
+Provides:	ssh-clients
+Requires:	%{name} = %{epoch}:%{version}
+Obsoletes:	ssh-clients
+
+%description clients
+Ssh (Secure Shell) a program for logging into a remote machine and for
+executing commands in a remote machine. It is intended to replace
+rlogin and rsh, and provide secure encrypted communications between
+two untrusted hosts over an insecure network. X11 connections and
+arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
+it up to date in terms of security and features, as well as removing
+all patented algorithms to seperate libraries (OpenSSL).
+
+This package includes the clients necessary to make encrypted
+connections to SSH servers.
+
+%description clients -l es
+Este paquete incluye los clientes que se necesitan para hacer
+conexiones codificadas con servidores SSH.
+
+%description clients -l pl
+Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln±
+maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
+zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie
+pomiedzy dwoma hostami.
+
+Ten pakiet zawiera klientów s³u¿±cych do ³±czenia siê z serwerami SSH.
+
+%description clients -l pt_BR
+Esse pacote inclui os clientes necessários para fazer conexões
+encriptadas com servidores SSH.
+
+%description clients -l ru
+Ssh (Secure Shell) - ÜÔÏ ÐÒÏÇÒÁÍÍÁ ÄÌÑ "ÚÁÈÏÄÁ" (login) ÎÁ ÕÄÁÌÅÎÎÕÀ
+ÍÁÛÉÎÕ É ÄÌÑ ×ÙÐÏÌÎÅÎÉÑ ËÏÍÁÎÄ ÎÁ ÕÄÁÌÅÎÎÏÊ ÍÁÛÉÎÅ.
+
+üÔÏÔ ÐÁËÅÔ ÓÏÄÅÒÖÉÔ ÐÒÏÇÒÁÍÍÙ-ËÌÉÅÎÔÙ, ÎÅÏÂÈÏÄÉÍÙÅ ÄÌÑ ÕÓÔÁÎÏ×ÌÅÎÉÑ
+ÚÁÛÉÆÒÏ×ÁÎÎÙÈ ÓÏÅÄÉÎÅÎÉÊ Ó ÓÅÒ×ÅÒÁÍÉ SSH.
+
+%description clients -l uk
+Ssh (Secure Shell) - ÃÅ ÐÒÏÇÒÁÍÁ ÄÌÑ "ÚÁÈÏÄÕ" (login) ÄÏ ×¦ÄÄÁÌÅÎϧ
+ÍÁÛÉÎÉ ÔÁ ÄÌÑ ×ÉËÏÎÁÎÎÑ ËÏÍÁÎÄ ÎÁ צÄÄÁÌÅÎ¦Ê ÍÁÛÉΦ.
+
+ãÅÊ ÐÁËÅÔ Í¦ÓÔÉÔØ ÐÒÏÇÒÁÍÉ-Ë̦¤ÎÔÉ, ÎÅÏÂȦÄΦ ÄÌÑ ×ÓÔÁÎÏ×ÌÅÎÎÑ
+ÚÁÛÉÆÒÏ×ÁÎÉÈ Ú'¤ÄÎÁÎØ Ú ÓÅÒ×ÅÒÁÍÉ SSH.
+
+%package server
+Summary:	OpenSSH Secure Shell protocol server (sshd)
+Summary(de):	OpenSSH Secure Shell Protocol-Server (sshd)
+Summary(es):	Servidor OpenSSH para comunicaciones codificadas
+Summary(fr):	Serveur de protocole du shell sécurisé OpenSSH (sshd)
+Summary(it):	Server OpenSSH per il protocollo Secure Shell (sshd)
+Summary(pl):	Serwer protoko³u Secure Shell (sshd)
+Summary(pt):	Servidor do protocolo 'Secure Shell' OpenSSH (sshd)
+Summary(pt_BR):	Servidor OpenSSH para comunicações encriptadas
+Summary(ru):	OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÁ Secure Shell (sshd)
+Summary(uk):	OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÕ Secure Shell (sshd)
+Group:		Networking/Daemons
+PreReq:		%{name} = %{epoch}:%{version}
+PreReq:		rc-scripts >= 0.3.1-3
+Requires(pre):	/bin/id
+Requires(pre):	/usr/sbin/useradd
+Requires(post,preun):	/sbin/chkconfig
+Requires(post):	chkconfig >= 0.9
+Requires(post):	grep
+Requires(postun):	/usr/sbin/userdel
+Requires:	/bin/login
+Requires:	util-linux
+Requires:	pam >= 0.77.3
+Provides:	ssh-server
+
+%description server
+Ssh (Secure Shell) a program for logging into a remote machine and for
+executing commands in a remote machine. It is intended to replace
+rlogin and rsh, and provide secure encrypted communications between
+two untrusted hosts over an insecure network. X11 connections and
+arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
+it up to date in terms of security and features, as well as removing
+all patented algorithms to seperate libraries (OpenSSL).
+
+This package contains the secure shell daemon. The sshd is the server
+part of the secure shell protocol and allows ssh clients to connect to
+your host.
+
+%description server -l de
+Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
+
+%description server -l es
+Este paquete contiene el servidor SSH. sshd es la parte servidor del
+protocolo secure shell y permite que clientes ssh se conecten a su
+servidor.
+
+%description server -l fr
+Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
+
+%description server -l it
+Questo pacchetto installa sshd, il server di OpenSSH.
+
+%description server -l pl
+Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln±
+maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
+zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie
+pomiedzy dwoma hostami.
+
+Ten pakiet zawiera serwer sshd (do którego mog± ³±czyæ siê klienci
+ssh).
+
+%description server -l pt
+Este pacote intala o sshd, o servidor do OpenSSH.
+
+%description server -l pt_BR
+Esse pacote contém o servidor SSH. O sshd é a parte servidor do
+protocolo secure shell e permite que clientes ssh se conectem ao seu
+host.
+
+%description server -l ru
+Ssh (Secure Shell) - ÜÔÏ ÐÒÏÇÒÁÍÍÁ ÄÌÑ "ÚÁÈÏÄÁ" (login) ÎÁ ÕÄÁÌÅÎÎÕÀ
+ÍÁÛÉÎÕ É ÄÌÑ ×ÙÐÏÌÎÅÎÉÑ ËÏÍÁÎÄ ÎÁ ÕÄÁÌÅÎÎÏÊ ÍÁÛÉÎÅ.
+
+üÔÏÔ ÐÁËÅÔ ÓÏÄÅÒÖÉÔ sshd - "ÄÅÍÏÎ" Secure Shell. sshd - ÜÔÏ ÓÅÒ×ÅÒÎÁÑ
+ÞÁÓÔØ ÐÒÏÔÏËÏÌÁ Secure Shell, ÐÏÚ×ÏÌÑÀÝÁÑ ËÌÉÅÎÔÁÍ ssh ÓÏÅÄÉÎÑÔØÓÑ Ó
+×ÁÛÉÍ ÈÏÓÔÏÍ.
+
+%description server -l uk
+Ssh (Secure Shell) - ÃÅ ÐÒÏÇÒÁÍÁ ÄÌÑ "ÚÁÈÏÄÕ" (login) ÄÏ ×¦ÄÄÁÌÅÎϧ
+ÍÁÛÉÎÉ ÔÁ ÄÌÑ ×ÉËÏÎÁÎÎÑ ËÏÍÁÎÄ ÎÁ צÄÄÁÌÅÎ¦Ê ÍÁÛÉΦ.
+
+ãÅÊ ÐÁËÅÔ Í¦ÓÔÉÔØ sshd - "ÄÅÍÏÎ" Secure Shell. sshd - ÃÅ ÓÅÒ×ÅÒÎÁ
+ÞÁÓÔÉÎÁ ÐÒÏÔÏËÏÌÕ Secure Shell, ÑËÁ ÄÏÚ×ÏÌѤ Ë̦¤ÎÔÁÍ ssh Ú×'ÑÚÕ×ÁÔÉÓØ
+Ú ×ÁÛÉÍ ÈÏÓÔÏÍ.
+
+%package gnome-askpass
+Summary:	OpenSSH GNOME passphrase dialog
+Summary(de):	OpenSSH GNOME Passwort-Dialog
+Summary(es):	Diálogo para introducción de passphrase para GNOME
+Summary(fr):	Dialogue pass-phrase GNOME d'OpenSSH
+Summary(it):	Finestra di dialogo GNOME per la frase segreta di OpenSSH
+Summary(pl):	Odpytywacz has³a OpenSSH dla GNOME
+Summary(pt):	Diálogo de pedido de senha para GNOME do OpenSSH
+Summary(pt_BR):	Diálogo para entrada de passphrase para GNOME
+Summary(ru):	OpenSSH - ÄÉÁÌÏÇ ××ÏÄÁ ËÌÀÞÅ×ÏÊ ÆÒÁÚÙ (passphrase) ÄÌÑ GNOME
+Summary(uk):	OpenSSH - ĦÁÌÏÇ ××ÏÄÕ ËÌÀÞÏ×ϧ ÆÒÁÚÉ (passphrase) ÄÌÑ GNOME
+Group:		Applications/Networking
+Requires:	%{name} = %{epoch}:%{version}
+Obsoletes:	ssh-extras
+Obsoletes:	ssh-askpass
+Obsoletes:	openssh-askpass
+
+%description gnome-askpass
+Ssh (Secure Shell) a program for logging into a remote machine and for
+executing commands in a remote machine. It is intended to replace
+rlogin and rsh, and provide secure encrypted communications between
+two untrusted hosts over an insecure network. X11 connections and
+arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
+it up to date in terms of security and features, as well as removing
+all patented algorithms to seperate libraries (OpenSSL).
+
+This package contains the GNOME passphrase dialog.
+
+%description gnome-askpass -l es
+Este paquete contiene un programa que abre una caja de diálogo para
+entrada de passphrase en GNOME.
+
+%description gnome-askpass -l pl
+Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln±
+maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
+zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie
+pomiedzy dwoma hostami.
+
+Ten pakiet zawiera ,,odpytywacz has³a'' dla GNOME.
+
+%description gnome-askpass -l pt_BR
+Esse pacote contém um programa que abre uma caixa de diálogo para
+entrada de passphrase no GNOME.
+
+%description gnome-askpass -l ru
+Ssh (Secure Shell) - ÜÔÏ ÐÒÏÇÒÁÍÍÁ ÄÌÑ "ÚÁÈÏÄÁ" (login) ÎÁ ÕÄÁÌÅÎÎÕÀ
+ÍÁÛÉÎÕ É ÄÌÑ ×ÙÐÏÌÎÅÎÉÑ ËÏÍÁÎÄ ÎÁ ÕÄÁÌÅÎÎÏÊ ÍÁÛÉÎÅ.
+
+üÔÏÔ ÐÁËÅÔ ÓÏÄÅÒÖÉÔ ÄÉÁÌÏÇ ××ÏÄÁ ËÌÀÞÅ×ÏÊ ÆÒÁÚÙ ÄÌÑ ÉÓÐÏÌØÚÏ×ÁÎÉÑ ÐÏÄ
+GNOME.
+
+%description gnome-askpass -l uk
+Ssh (Secure Shell) - ÃÅ ÐÒÏÇÒÁÍÁ ÄÌÑ "ÚÁÈÏÄÕ" (login) ÄÏ ×¦ÄÄÁÌÅÎϧ
+ÍÁÛÉÎÉ ÔÁ ÄÌÑ ×ÉËÏÎÁÎÎÑ ËÏÍÁÎÄ ÎÁ צÄÄÁÌÅÎ¦Ê ÍÁÛÉΦ.
+
+ãÅÊ ÐÁËÅÔ Í¦ÓÔÉÔØ Ä¦ÁÌÏÇ ××ÏÄÕ ËÌÀÞÏ×ϧ ÆÒÁÚÉ ÄÌÑ ×ÉËÏÒÉÓÔÁÎÎÑ Ð¦Ä
+GNOME.
+
+%prep
+%setup -q
+%patch0 -p1
+%patch2 -p1
+%patch3 -p1
+#%patch4 -p1
+%{?with_ldap:%patch5 -p1}
+%{?with_kerberos5:%patch6 -p1}
+%patch7 -p1
+%patch8 -p1
+
+%build
+%{__aclocal}
+%{__autoconf}
+%{?with_chroot:CPPFLAGS="-DCHROOT"}
+%configure \
+	PERL=%{__perl} \
+	--with-dns \
+	--with-pam \
+	--with-mantype=man \
+	--with-md5-passwords \
+	--with-ipaddr-display \
+	--with-4in6 \
+	--disable-suid-ssh \
+	--with-tcp-wrappers \
+	%{?with_ldap:--with-libs="-lldap -llber"} \
+	%{?with_ldap:--with-cppflags="-DWITH_LDAP_PUBKEY"} \
+	%{?with_kerberos5:--with-kerberos5} \
+	--with-privsep-path=%{_privsepdir} \
+	--with-pid-dir=%{_localstatedir}/run \
+	--with-xauth=/usr/X11R6/bin/xauth
+
+echo '#define LOGIN_PROGRAM           "/bin/login"' >>config.h
+
+%{__make}
+
+cp -f %{SOURCE9} .
+cp -f %{SOURCE10} .
+%{__cc} %{rpmcflags} %{rpmldflags} connect.c -o connect
+
+cd contrib
+%if %{with gnome}
+%{__make} gnome-ssh-askpass1 \
+	CC="%{__cc} %{rpmldflags} %{rpmcflags}"
+%endif
+%if %{with gtk}
+%{__make} gnome-ssh-askpass2 \
+	CC="%{__cc} %{rpmldflags} %{rpmcflags}"
+%endif
+
+%install
+rm -rf $RPM_BUILD_ROOT
+install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,profile.d}} \
+	$RPM_BUILD_ROOT%{_libexecdir}/ssh
+
+%{__make} install \
+	DESTDIR=$RPM_BUILD_ROOT
+	
+install connect    $RPM_BUILD_ROOT%{_bindir}
+install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/sshd
+install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/passwdssh
+install %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/sshd
+install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
+install %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/ssh_config
+install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sshd_config
+
+%if %{with gnome}
+install contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
+%endif
+%if %{with gtk}
+install contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
+%endif
+%if %{with gnome} || %{with gtk}
+install %{SOURCE7} %{SOURCE8} $RPM_BUILD_ROOT/etc/profile.d
+%endif
+
+rm -f	$RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
+echo ".so ssh.1" > $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
+
+touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%pre server
+if [ -n "`id -u sshd 2>/dev/null`" ]; then
+	if [ "`id -u sshd`" != "40" ]; then
+		echo "Error: user sshd doesn't have uid=40. Correct this before installing ssh server." 1>&2
+		exit 1
+	fi
+else
+	/usr/sbin/useradd -u 40 -d %{_privsepdir} -s /bin/false -M -r -c "OpenSSH PrivSep User" -g nobody sshd 1>&2
+fi
+
+%post server
+/sbin/chkconfig --add sshd
+if [ -f /var/lock/subsys/sshd ]; then
+	/etc/rc.d/init.d/sshd restart 1>&2
+else
+	echo "Run \"/etc/rc.d/init.d/sshd start\" to start openssh daemon."
+fi
+if ! grep -qs ssh /etc/security/passwd.conf ; then
+	umask 022
+	echo "ssh" >> /etc/security/passwd.conf
+fi
+
+%preun server
+if [ "$1" = "0" ]; then
+	if [ -f /var/lock/subsys/sshd ]; then
+		/etc/rc.d/init.d/sshd stop 1>&2
+	fi
+	/sbin/chkconfig --del sshd
+fi
+
+%postun server
+if [ "$1" = "0" ]; then
+	/usr/sbin/userdel sshd
+fi
+
+%files
+%defattr(644,root,root,755)
+%doc *.RNG TODO README OVERVIEW CREDITS Change*
+%attr(755,root,root) %{_bindir}/ssh-key*
+%{_mandir}/man1/ssh-key*.1*
+%dir %{_sysconfdir}
+
+%files clients
+%defattr(644,root,root,755)
+%doc connect.html
+%attr(755,root,root) %{_bindir}/connect
+%attr(755,root,root) %{_bindir}/ssh
+%attr(755,root,root) %{_bindir}/slogin
+%attr(755,root,root) %{_bindir}/sftp
+%attr(755,root,root) %{_bindir}/ssh-agent
+%attr(755,root,root) %{_bindir}/ssh-add
+%attr(755,root,root) %{_bindir}/scp
+%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ssh_config
+%{_mandir}/man1/scp.1*
+%{_mandir}/man1/ssh.1*
+%{_mandir}/man1/slogin.1*
+%{_mandir}/man1/sftp.1*
+%{_mandir}/man1/ssh-agent.1*
+%{_mandir}/man1/ssh-add.1*
+%{_mandir}/man5/ssh_config.5*
+
+# for host-based auth (suid required for accessing private host key)
+#%attr(4755,root,root) %{_libexecdir}/ssh-keysign
+#%{_mandir}/man8/ssh-keysign.8*
+
+%files server
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_sbindir}/sshd
+%attr(755,root,root) %{_libexecdir}/sftp-server
+%dir %{_libexecdir}
+%{_mandir}/man8/sshd.8*
+%{_mandir}/man8/sftp-server.8*
+%{_mandir}/man5/sshd_config.5*
+%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sshd_config
+%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/pam.d/sshd
+%attr(640,root,root) %{_sysconfdir}/moduli
+%attr(754,root,root) /etc/rc.d/init.d/sshd
+%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/sysconfig/sshd
+%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/security/blacklist.sshd
+
+%if %{with gnome} || %{with gtk}
+%files gnome-askpass
+%defattr(644,root,root,755)
+%dir %{_libexecdir}/ssh
+%attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
+%attr(755,root,root) /etc/profile.d/*
+%endif
diff --git a/opensshd.conf b/opensshd.conf
new file mode 100644
index 0000000..44050f9
--- /dev/null
+++ b/opensshd.conf
@@ -0,0 +1,94 @@
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options change a
+# default value.
+
+Port 22
+Protocol 1,2
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# HostKey for protocol version 1
+#HostKey /etc/ssh/ssh_host_key
+# HostKeys for protocol version 2
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+
+# Lifetime and size of ephemeral version 1 server key
+KeyRegenerationInterval 3600
+ServerKeyBits 768
+
+# Logging
+#obsoletes QuietMode and FascistLogging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication:
+
+LoginGraceTime 600
+PermitRootLogin no
+StrictModes yes
+
+RSAAuthentication yes
+#PubkeyAuthentication yes
+#AuthorizedKeysFile	.ssh/authorized_keys
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication yes
+PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+#AFSTokenPassing no
+
+# Kerberos TGT Passing only works with the AFS kaserver
+#KerberosTgtPassing no
+
+# Set this to 'yes' to enable PAM authentication (via challenge-response)
+# and session processing. Depending on your PAM configuration, this may
+# bypass the setting of 'PasswordAuthentication'
+UsePAM yes
+
+# Set this to 'yes' to enable support for chrooted user environment.
+# You must create such environment before you can use this feature.
+#UseChroot yes
+
+X11Forwarding no
+X11DisplayOffset 10
+X11UseLocalhost yes
+PrintMotd yes
+#PrintLastLog yes
+KeepAlive yes
+UseLogin no
+
+# enabling this can cause some problems with for example pam_limit
+UsePrivilegeSeparation no
+
+#Compression yes
+
+#MaxStartups 10
+# no default banner path
+#Banner /some/path
+#VerifyReverseMapping no
+
+# override default of no subsystems
+#Subsystem	sftp	/usr/lib/openssh/sftp-server
diff --git a/opensshd.init b/opensshd.init
new file mode 100644
index 0000000..e009515
--- /dev/null
+++ b/opensshd.init
@@ -0,0 +1,111 @@
+#!/bin/sh
+#
+# sshd		sshd (secure shell daemon)
+#
+# chkconfig:	345 55 45
+#
+# description:	sshd (secure shell daemon) is a server part of the ssh suite. \
+#		Ssh can be used for remote login, remote file copying, TCP port \
+#		forwarding etc. Ssh offers strong encryption and authentication.
+
+
+# Source function library
+. /etc/rc.d/init.d/functions
+
+# Get network config
+. /etc/sysconfig/network
+
+# Get service config
+[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
+
+# Check that networking is up.
+if is_yes "${NETWORKING}"; then
+	if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
+		msg_network_down OpenSSH
+		exit 1
+	fi
+else
+	exit 0
+fi
+			
+RETVAL=0
+# See how we were called.
+case "$1" in
+  start)
+	# generate new keys with empty passwords if they do not exist
+	if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
+		/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' 1>&2
+		chmod 600 /etc/ssh/ssh_host_key
+	fi
+	if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
+		/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' 1>&2
+		chmod 600 /etc/ssh/ssh_host_rsa_key
+	fi
+	if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
+		/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' 1>&2
+		chmod 600 /etc/ssh/ssh_host_dsa_key
+	fi
+
+	if [ ! -f /etc/ssh/ssh_host_key ]; then
+		msg_not_running OpenSSH
+		nls "No SSH host key found! You must run \"%s init\" first." "$0"
+		exit 1
+	fi
+
+	# Check if the service is already running?
+	if [ ! -f /var/lock/subsys/sshd ]; then
+		msg_starting OpenSSH
+		ULIMIT_C="-S -c 0"
+		daemon /usr/sbin/sshd 
+		RETVAL=$?
+		[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd		
+	else
+		msg_already_running OpenSSH
+	fi
+	;;
+  stop)
+	if [ -f /var/lock/subsys/sshd ]; then
+		msg_stopping OpenSSH
+		killproc sshd
+		rm -f /var/run/sshd.pid /var/lock/subsys/sshd >/dev/null 2>&1
+	else
+		msg_not_running OpenSSH
+	fi	
+	;;
+  restart)
+	$0 stop
+	$0 start
+	exit $?
+	;;
+  status)
+	status sshd
+	exit $?
+	;;
+  init)
+	nls "Now the SSH host key will be generated. Please note, that if you"
+	nls "will use password for the key, you will need to type it on each"
+	nls "reboot."
+	/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key
+	chmod 600 /etc/ssh/ssh_host_key
+	/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
+	chmod 600 /etc/ssh/ssh_host_rsa_key
+	/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
+	chmod 600 /etc/ssh/ssh_host_dsa_key
+	exit $?
+	;;
+  reload|force-reload)
+	if [ -f /var/lock/subsys/sshd ]; then
+		msg_reloading OpenSSH
+		killproc sshd -HUP
+		RETVAL=$?
+	else
+		msg_not_running OpenSSH >&2
+		exit 7
+	fi
+	;;
+  *)
+	msg_usage "$0 {start|stop|init|restart|reload|force-reload|status}"
+	exit 3
+esac
+
+exit $RETVAL
-- 
2.44.0