2 # - add trigger to enable this:
3 # * sshd(8): This release turns on pre-auth sandboxing sshd by default for
4 # new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
7 %bcond_without audit # sshd audit support
8 %bcond_with gnome # gnome-askpass (GNOME 1.x) utility
9 %bcond_without gtk # gnome-askpass (GTK+ 2.x) utility
10 %bcond_without ldap # LDAP support
11 %bcond_with ldns # DNSSEC support via libldns
12 %bcond_without libedit # libedit (editline/history support in sftp client)
13 %bcond_without kerberos5 # Kerberos5 support
14 %bcond_without selinux # SELinux support
15 %bcond_without libseccomp # use libseccomp for seccomp privsep (requires 3.5 kernel)
16 %bcond_with hpn # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often)
17 %bcond_without tests # test suite
18 %bcond_with tests_conch # run conch interoperability tests
20 # gtk2-based gnome-askpass means no gnome1-based
21 %{?with_gtk:%undefine with_gnome}
23 %if "%{pld_release}" == "ac"
24 %define pam_ver 0.79.0
26 %define pam_ver 1:1.1.8-5
28 Summary: OpenSSH free Secure Shell (SSH) implementation
29 Summary(de.UTF-8): OpenSSH - freie Implementation der Secure Shell (SSH)
30 Summary(es.UTF-8): Implementación libre de SSH
31 Summary(fr.UTF-8): Implémentation libre du shell sécurisé OpenSSH (SSH)
32 Summary(it.UTF-8): Implementazione gratuita OpenSSH della Secure Shell
33 Summary(pl.UTF-8): Publicznie dostępna implementacja bezpiecznego shella (SSH)
34 Summary(pt.UTF-8): Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH)
35 Summary(pt_BR.UTF-8): Implementação livre do SSH
36 Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
37 Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
43 Group: Applications/Networking
44 Source0: http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
45 # Source0-md5: 8f897870404c088e4aa7d1c1c58b526b
46 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
47 # Source1-md5: 66943d481cc422512b537bcc2c7400d1
48 Source2: %{name}d.init
49 Source3: %{name}d.pamd
50 Source4: %{name}.sysconfig
52 Source6: ssh-agent.conf
53 Source7: %{name}-lpk.schema
57 Source12: sshd@.service
58 Patch0: %{name}-no-pty-tests.patch
59 Patch1: %{name}-tests-reuseport.patch
60 Patch2: %{name}-pam_misc.patch
61 Patch3: %{name}-sigpipe.patch
62 # http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
63 Patch4: %{name}-ldap.patch
64 Patch5: %{name}-ldap-fixes.patch
65 Patch6: ldap.conf.patch
66 Patch7: %{name}-config.patch
67 Patch8: ldap-helper-sigpipe.patch
68 # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
69 # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
70 Patch9: %{name}-5.2p1-hpn13v6.diff
72 Patch11: %{name}-chroot.patch
73 Patch12: openssh-bug-2905.patch
74 Patch13: %{name}-skip-interop-tests.patch
75 Patch14: %{name}-bind.patch
76 Patch15: %{name}-disable_ldap.patch
77 URL: http://www.openssh.com/portable.html
78 BuildRequires: %{__perl}
79 %{?with_audit:BuildRequires: audit-libs-devel}
80 BuildRequires: autoconf >= 2.50
81 BuildRequires: automake
82 %{?with_gnome:BuildRequires: gnome-libs-devel}
83 %{?with_gtk:BuildRequires: gtk+2-devel}
84 %{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7}
85 %{?with_ldns:BuildRequires: ldns-devel}
86 %{?with_libedit:BuildRequires: libedit-devel}
87 BuildRequires: libfido2-devel >= 1.5.0
88 BuildRequires: libseccomp-devel
89 %{?with_selinux:BuildRequires: libselinux-devel}
90 %{?with_ldap:BuildRequires: openldap-devel}
91 BuildRequires: openssl-devel >= 1.1.0g
92 BuildRequires: pam-devel
93 %{?with_gtk:BuildRequires: pkgconfig}
94 %if %{with tests} && %{with tests_conch}
95 BuildRequires: python-TwistedConch
97 BuildRequires: rpm >= 4.4.9-56
98 BuildRequires: rpmbuild(macros) >= 1.627
99 BuildRequires: sed >= 4.0
100 BuildRequires: zlib-devel >= 1.2.3
101 %if %{with tests} && 0%(id -u sshd >/dev/null 2>&1; echo $?)
102 BuildRequires: %{name}-server
104 %if %{with tests} && %{with libseccomp}
105 # libseccomp based sandbox requires NO_NEW_PRIVS prctl flag
106 BuildRequires: uname(release) >= 3.5
108 Requires: zlib >= 1.2.3
109 %if "%{pld_release}" == "ac"
110 Requires: filesystem >= 2.0-1
111 Requires: pam >= 0.79.0
113 Requires: filesystem >= 3.0-11
114 Requires: pam >= %{pam_ver}
115 Suggests: xorg-app-xauth
118 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
120 %define _sysconfdir /etc/ssh
121 %define _libexecdir %{_libdir}/%{name}
122 %define _privsepdir /usr/share/empty
123 %define schemadir /usr/share/openldap/schema
126 Ssh (Secure Shell) a program for logging into a remote machine and for
127 executing commands in a remote machine. It is intended to replace
128 rlogin and rsh, and provide secure encrypted communications between
129 two untrusted hosts over an insecure network. X11 connections and
130 arbitrary TCP/IP ports can also be forwarded over the secure channel.
132 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
133 it up to date in terms of security and features, as well as removing
134 all patented algorithms to seperate libraries (OpenSSL).
136 This package includes the core files necessary for both the OpenSSH
137 client and server. To make this package useful, you should also
138 install openssh-clients, openssh-server, or both.
141 This release includes High Performance SSH/SCP patches from
142 http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed to
143 increase throughput on fast connections with high RTT (20-150 msec).
144 See the website for '-w' values for your connection and /proc/sys TCP
145 values. BTW. in a LAN you have got generally RTT < 1 msec.
148 %description -l de.UTF-8
149 OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
150 ersetzt telnet, rlogin, rexec und rsh und stellt eine sichere,
151 verschlüsselte Verbindung zwischen zwei nicht vertrauenswürdigen Hosts
152 über eine unsicheres Netzwerk her. X11 Verbindungen und beliebige
153 andere TCP/IP Ports können ebenso über den sicheren Channel
154 weitergeleitet werden.
156 %description -l es.UTF-8
157 SSH es un programa para accesar y ejecutar órdenes en computadores
158 remotos. Sustituye rlogin y rsh, y suministra un canal de comunicación
159 seguro entre dos servidores en una red insegura. Conexiones X11 y
160 puertas TCP/IP arbitrárias también pueden ser usadas por el canal
163 OpenSSH es el resultado del trabajo del equipo de OpenBSD para
164 continuar la última versión gratuita de SSH, actualizándolo en
165 términos de seguridad y recursos,así también eliminando todos los
166 algoritmos patentados y colocándolos en bibliotecas separadas
169 Este paquete contiene "port" para Linux de OpenSSH. Se debe instalar
170 también el paquete openssh-clients u openssh-server o ambos.
172 %description -l fr.UTF-8
173 OpenSSH (Secure Shell) fournit un accès à un système distant. Il
174 remplace telnet, rlogin, rexec et rsh, tout en assurant des
175 communications cryptées securisées entre deux hôtes non fiabilisés sur
176 un réseau non sécurisé. Des connexions X11 et des ports TCP/IP
177 arbitraires peuvent également être transmis sur le canal sécurisé.
179 %description -l it.UTF-8
180 OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
181 Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni
182 sicure e crittate tra due host non fidati su una rete non sicura. Le
183 connessioni X11 ad una porta TCP/IP arbitraria possono essere
184 inoltrate attraverso un canale sicuro.
186 %description -l pl.UTF-8
187 Ssh (Secure Shell) to program służący do logowania się na zdalną
188 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
189 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
190 pomiędzy dwoma hostami.
192 Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
193 klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować
194 co najmniej jeden z pakietów: openssh-clients lub openssh-server.
197 Ta wersja zawiera łaty z projektu High Performance SSH/SCP
198 http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu
199 zwiększenie przepustowości transmisji dla szybkich połączeń z dużym
200 RTT (20-150 msec). Na stronie projektu znaleźć można odpowednie dla
201 danego połączenia wartości parametru '-w' oraz opcje /proc/sys dla
202 TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
205 %description -l pt.UTF-8
206 OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
207 telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e
208 cifradas entre duas máquinas sem confiança mútua sobre uma rede
209 insegura. Ligações X11 e portos TCP/IP arbitrários também poder ser
210 reenviados pelo canal seguro.
212 %description -l pt_BR.UTF-8
213 SSH é um programa para acessar e executar comandos em máquinas
214 remotas. Ele substitui rlogin e rsh, e provem um canal de comunicação
215 seguro entre dois hosts em uma rede insegura. Conexões X11 e portas
216 TCP/IP arbitrárias também podem ser usadas pelo canal seguro.
218 OpenSSH é o resultado do trabalho da equipe do OpenBSD em continuar a
219 última versão gratuita do SSH, atualizando-o em termos de segurança e
220 recursos, assim como removendo todos os algoritmos patenteados e
221 colocando-os em bibliotecas separadas (OpenSSL).
223 Esse pacote contém o "port" pra Linux do OpenSSH. Você deve instalar
224 também ou o pacote openssh-clients, ou o openssh-server, ou ambos.
226 %description -l ru.UTF-8
227 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
228 машину и для выполнения команд на удаленной машине. Она предназначена
229 для замены rlogin и rsh и обеспечивает безопасную шифрованную
230 коммуникацию между двумя хостами в сети, являющейся небезопасной.
231 Соединения X11 и любые порты TCP/IP могут также быть проведены через
234 OpenSSH - это переделка командой разработчиков OpenBSD последней
235 свободной версии SSH, доведенная до современного состояния в терминах
236 уровня безопасности и поддерживаемых возможностей. Все патентованные
237 алгоритмы вынесены в отдельные библиотеки (OpenSSL).
239 Этот пакет содержит файлы, необходимые как для клиента, так и для
240 сервера OpenSSH. Вам нужно будет установить еще openssh-clients,
241 openssh-server, или оба пакета.
243 %description -l uk.UTF-8
244 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
245 машини та для виконання команд на віддаленій машині. Вона призначена
246 для заміни rlogin та rsh і забезпечує безпечну шифровану комунікацію
247 між двома хостами в мережі, яка не є безпечною. З'єднання X11 та
248 довільні порти TCP/IP можуть також бути проведені через безпечний
251 OpenSSH - це переробка командою розробників OpenBSD останньої вільної
252 версії SSH, доведена до сучасного стану в термінах рівня безпеки та
253 підтримуваних можливостей. Всі патентовані алгоритми винесені до
254 окремих бібліотек (OpenSSL).
256 Цей пакет містить файли, необхідні як для клієнта, так і для сервера
257 OpenSSH. Вам потрібно буде ще встановити openssh-clients,
258 openssh-server, чи обидва пакети.
261 Summary: OpenSSH Secure Shell protocol clients
262 Summary(es.UTF-8): Clientes de OpenSSH
263 Summary(pl.UTF-8): Klienci protokołu Secure Shell
264 Summary(pt_BR.UTF-8): Clientes do OpenSSH
265 Summary(ru.UTF-8): OpenSSH - клиенты протокола Secure Shell
266 Summary(uk.UTF-8): OpenSSH - клієнти протоколу Secure Shell
267 Group: Applications/Networking
269 Suggests: %{name}-clients-helper-fido = %{epoch}:%{version}-%{release}
270 Provides: ssh-clients
271 Obsoletes: ssh-clients
272 %requires_eq_to openssl openssl-devel
275 Ssh (Secure Shell) a program for logging into a remote machine and for
276 executing commands in a remote machine. It is intended to replace
277 rlogin and rsh, and provide secure encrypted communications between
278 two untrusted hosts over an insecure network. X11 connections and
279 arbitrary TCP/IP ports can also be forwarded over the secure channel.
281 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
282 it up to date in terms of security and features, as well as removing
283 all patented algorithms to seperate libraries (OpenSSL).
285 This package includes the clients necessary to make encrypted
286 connections to SSH servers.
288 %description clients -l es.UTF-8
289 Este paquete incluye los clientes que se necesitan para hacer
290 conexiones codificadas con servidores SSH.
292 %description clients -l pl.UTF-8
293 Ssh (Secure Shell) to program służący do logowania się na zdalną
294 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
295 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
296 pomiędzy dwoma hostami.
298 Ten pakiet zawiera klientów służących do łączenia się z serwerami SSH.
300 %description clients -l pt_BR.UTF-8
301 Esse pacote inclui os clientes necessários para fazer conexões
302 encriptadas com servidores SSH.
304 %description clients -l ru.UTF-8
305 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
306 машину и для выполнения команд на удаленной машине.
308 Этот пакет содержит программы-клиенты, необходимые для установления
309 зашифрованных соединений с серверами SSH.
311 %description clients -l uk.UTF-8
312 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
313 машини та для виконання команд на віддаленій машині.
315 Цей пакет містить програми-клієнти, необхідні для встановлення
316 зашифрованих з'єднань з серверами SSH.
318 %package clients-agent-profile_d
319 Summary: OpenSSH Secure Shell agent init script
320 Summary(pl.UTF-8): Skrypt startowy agenta OpenSSH
321 Group: Applications/Networking
322 Requires: %{name}-clients = %{epoch}:%{version}-%{release}
324 %description clients-agent-profile_d
325 profile.d scripts for starting SSH agent.
327 %description clients-agent-profile_d -l pl.UTF-8
328 Skrypty profile.d do uruchamiania agenta SSH.
330 %package clients-agent-xinitrc
331 Summary: OpenSSH Secure Shell agent init script
332 Summary(pl.UTF-8): Skrypt inicjujący agenta ssh przez xinitrc
333 Group: Applications/Networking
334 Requires: %{name}-clients-agent-profile_d = %{epoch}:%{version}-%{release}
337 %description clients-agent-xinitrc
338 xinitrc scripts for starting SSH agent.
340 %description clients-agent-xinitrc -l pl.UTF-8
341 Skrypty xinitrc do uruchamiania agenta SSH.
343 %package clients-helper-fido
344 Summary: OpenSSH helper for FIDO authenticator
345 Summary(pl.UTF-8): OpenSSH helper obsługujący klucz autoryzujący FIDO
346 Group: Applications/Networking
347 Requires: %{name}-clients = %{epoch}:%{version}-%{release}
348 Requires: libfido2 >= 1.5.0
350 %description clients-helper-fido
351 OpenSSH helper for FIDO authenticator.
353 %description clients-helper-fido -l pl.UTF-8
354 OpenSSH helper obsługujący klucz autoryzujący FIDO.
357 Summary: OpenSSH Secure Shell protocol server (sshd)
358 Summary(de.UTF-8): OpenSSH Secure Shell Protocol-Server (sshd)
359 Summary(es.UTF-8): Servidor OpenSSH para comunicaciones codificadas
360 Summary(fr.UTF-8): Serveur de protocole du shell sécurisé OpenSSH (sshd)
361 Summary(it.UTF-8): Server OpenSSH per il protocollo Secure Shell (sshd)
362 Summary(pl.UTF-8): Serwer protokołu Secure Shell (sshd)
363 Summary(pt.UTF-8): Servidor do protocolo 'Secure Shell' OpenSSH (sshd)
364 Summary(pt_BR.UTF-8): Servidor OpenSSH para comunicações encriptadas
365 Summary(ru.UTF-8): OpenSSH - сервер протокола Secure Shell (sshd)
366 Summary(uk.UTF-8): OpenSSH - сервер протоколу Secure Shell (sshd)
367 Group: Networking/Daemons
368 Requires(post): /sbin/chkconfig
370 Requires(post,preun): /sbin/chkconfig
371 Requires(postun): /usr/sbin/userdel
372 Requires(pre): /bin/id
373 Requires(pre): /usr/sbin/useradd
374 Requires(post,preun,postun): systemd-units >= 38
375 Requires: %{name} = %{epoch}:%{version}-%{release}
376 Requires: pam >= %{pam_ver}
377 Requires: rc-scripts >= 0.4.3.0
378 Requires: systemd-units >= 38
379 %{?with_libseccomp:Requires: uname(release) >= 3.5}
381 %{?with_ldap:Suggests: %{name}-server-ldap}
383 Suggests: xorg-app-xauth
386 %requires_eq_to openssl openssl-devel
389 Ssh (Secure Shell) a program for logging into a remote machine and for
390 executing commands in a remote machine. It is intended to replace
391 rlogin and rsh, and provide secure encrypted communications between
392 two untrusted hosts over an insecure network. X11 connections and
393 arbitrary TCP/IP ports can also be forwarded over the secure channel.
395 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
396 it up to date in terms of security and features, as well as removing
397 all patented algorithms to seperate libraries (OpenSSL).
399 This package contains the secure shell daemon. The sshd is the server
400 part of the secure shell protocol and allows ssh clients to connect to
403 %description server -l de.UTF-8
404 Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
406 %description server -l es.UTF-8
407 Este paquete contiene el servidor SSH. sshd es la parte servidor del
408 protocolo secure shell y permite que clientes ssh se conecten a su
411 %description server -l fr.UTF-8
412 Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
414 %description server -l it.UTF-8
415 Questo pacchetto installa sshd, il server di OpenSSH.
417 %description server -l pl.UTF-8
418 Ssh (Secure Shell) to program służący do logowania się na zdalną
419 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
420 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
421 pomiędzy dwoma hostami.
423 Ten pakiet zawiera serwer sshd (do którego mogą łączyć się klienci
426 %description server -l pt.UTF-8
427 Este pacote intala o sshd, o servidor do OpenSSH.
429 %description server -l pt_BR.UTF-8
430 Esse pacote contém o servidor SSH. O sshd é a parte servidor do
431 protocolo secure shell e permite que clientes ssh se conectem ao seu
434 %description server -l ru.UTF-8
435 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
436 машину и для выполнения команд на удаленной машине.
438 Этот пакет содержит sshd - "демон" Secure Shell. sshd - это серверная
439 часть протокола Secure Shell, позволяющая клиентам ssh соединяться с
442 %description server -l uk.UTF-8
443 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
444 машини та для виконання команд на віддаленій машині.
446 Цей пакет містить sshd - "демон" Secure Shell. sshd - це серверна
447 частина протоколу Secure Shell, яка дозволяє клієнтам ssh зв'язуватись
451 Summary: A LDAP support for open source SSH server daemon
452 Summary(pl.UTF-8): Wsparcie LDAP dla serwera OpenSSH
454 Requires: %{name} = %{epoch}:%{version}-%{release}
455 Requires: openldap-nss-config
457 %description server-ldap
458 OpenSSH LDAP backend is a way how to distribute the authorized tokens
459 among the servers in the network.
461 %description server-ldap -l pl.UTF-8
462 Backend LDAP dla OpenSSH to metoda rozprowadzania autoryzowanych
463 tokenów między serwerami w sieci.
465 %package gnome-askpass
466 Summary: OpenSSH GNOME passphrase dialog
467 Summary(de.UTF-8): OpenSSH GNOME Passwort-Dialog
468 Summary(es.UTF-8): Diálogo para introducción de passphrase para GNOME
469 Summary(fr.UTF-8): Dialogue pass-phrase GNOME d'OpenSSH
470 Summary(it.UTF-8): Finestra di dialogo GNOME per la frase segreta di OpenSSH
471 Summary(pl.UTF-8): Odpytywacz hasła OpenSSH dla GNOME
472 Summary(pt.UTF-8): Diálogo de pedido de senha para GNOME do OpenSSH
473 Summary(pt_BR.UTF-8): Diálogo para entrada de passphrase para GNOME
474 Summary(ru.UTF-8): OpenSSH - диалог ввода ключевой фразы (passphrase) для GNOME
475 Summary(uk.UTF-8): OpenSSH - діалог вводу ключової фрази (passphrase) для GNOME
476 Group: Applications/Networking
477 Requires: %{name} = %{epoch}:%{version}-%{release}
478 Obsoletes: openssh-askpass
479 Obsoletes: ssh-askpass
480 Obsoletes: ssh-extras
482 %description gnome-askpass
483 Ssh (Secure Shell) a program for logging into a remote machine and for
484 executing commands in a remote machine. It is intended to replace
485 rlogin and rsh, and provide secure encrypted communications between
486 two untrusted hosts over an insecure network. X11 connections and
487 arbitrary TCP/IP ports can also be forwarded over the secure channel.
489 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
490 it up to date in terms of security and features, as well as removing
491 all patented algorithms to seperate libraries (OpenSSL).
493 This package contains the GNOME passphrase dialog.
495 %description gnome-askpass -l es.UTF-8
496 Este paquete contiene un programa que abre una caja de diálogo para
497 entrada de passphrase en GNOME.
499 %description gnome-askpass -l pl.UTF-8
500 Ssh (Secure Shell) to program służący do logowania się na zdalną
501 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
502 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
503 pomiędzy dwoma hostami.
505 Ten pakiet zawiera ,,odpytywacz hasła'' dla GNOME.
507 %description gnome-askpass -l pt_BR.UTF-8
508 Esse pacote contém um programa que abre uma caixa de diálogo para
509 entrada de passphrase no GNOME.
511 %description gnome-askpass -l ru.UTF-8
512 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
513 машину и для выполнения команд на удаленной машине.
515 Этот пакет содержит диалог ввода ключевой фразы для использования под
518 %description gnome-askpass -l uk.UTF-8
519 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
520 машини та для виконання команд на віддаленій машині.
522 Цей пакет містить діалог вводу ключової фрази для використання під
525 %package -n openldap-schema-openssh-lpk
526 Summary: OpenSSH LDAP Public Key schema
527 Summary(pl.UTF-8): Schemat klucza publicznego LDAP dla OpenSSH
528 Group: Networking/Daemons
529 Requires(post,postun): sed >= 4.0
530 Requires: openldap-servers
531 %if "%{_rpmversion}" >= "5"
535 %description -n openldap-schema-openssh-lpk
536 This package contains OpenSSH LDAP Public Key schema for openldap.
538 %description -n openldap-schema-openssh-lpk -l pl.UTF-8
539 Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla
554 %{?with_hpn:%patch9 -p1}
561 %{!?with_ldap:%patch15 -p1}
563 %if "%{pld_release}" == "ac"
564 # fix for missing x11.pc
565 %{__sed} -i -e 's/\(`$(PKG_CONFIG) --libs gtk+-2.0\) x11`/\1` -lX11/' contrib/Makefile
568 # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
569 sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh -lopenbsd-compat#g' Makefile*
571 grep -rl /usr/libexec/openssh/ssh-ldap-helper . | xargs \
572 %{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,'
574 # prevent being ovewritten by aclocal calls
575 %{__mv} aclocal.m4 acinclude.m4
578 cp /usr/share/automake/config.sub .
582 CPPFLAGS="%{rpmcppflags} -DCHROOT -std=gnu99"
589 %{?with_audit:--with-audit=linux} \
590 --with-ipaddr-display \
591 %{?with_kerberos5:--with-kerberos5=/usr} \
592 --with-ldap%{!?with_ldap:=no} \
593 %{?with_ldns:--with-ldns} \
594 %{?with_libedit:--with-libedit} \
596 --with-md5-passwords \
598 --with-pid-dir=%{_localstatedir}/run \
599 --with-privsep-path=%{_privsepdir} \
600 --with-privsep-user=sshd \
601 --with-security-key-builtin \
602 %{?with_selinux:--with-selinux} \
603 %if "%{pld_release}" == "ac"
604 --with-xauth=/usr/X11R6/bin/xauth
606 --with-sandbox=seccomp_filter \
607 --with-xauth=%{_bindir}/xauth
610 echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h
615 %{__make} -j1 tests \
616 TEST_SSH_PORT=$((4242 + ${RANDOM:-$$} % 1000)) \
617 TEST_SSH_TRACE="yes" \
618 %if %{without tests_conch}
619 SKIP_LTESTS="conch-ciphers"
625 %{__make} gnome-ssh-askpass1 \
626 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
629 %{__make} gnome-ssh-askpass2 \
630 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
634 rm -rf $RPM_BUILD_ROOT
635 install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \
636 $RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir},%{systemdunitdir}}
637 install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}
640 DESTDIR=$RPM_BUILD_ROOT
642 bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
644 install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
645 cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sshd
646 cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
647 cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
648 ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
649 cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
650 cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
652 cp -p %{SOURCE9} %{SOURCE11} %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}
653 install -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
655 %{__sed} -i -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' \
656 $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd \
657 $RPM_BUILD_ROOT%{systemdunitdir}/sshd.service \
658 $RPM_BUILD_ROOT%{systemdunitdir}/sshd@.service \
659 $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
662 install -p contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
665 install -p contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
667 %if %{with gnome} || %{with gtk}
668 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
669 #GNOME_SSH_ASKPASS_GRAB_SERVER="true"
671 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
672 #GNOME_SSH_ASKPASS_GRAB_POINTER="true"
674 ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
677 install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
678 cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
680 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
682 cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
683 #SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
686 %if "%{pld_release}" == "ac"
687 # not present in ac, no point searching it
688 %{__sed} -i -e '/pam_keyinit.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
689 # openssl on ac does not have OPENSSL_HAS_ECC
690 %{__sed} -i -e '/ecdsa/d' $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
694 # remove recording user's login uid to the process attribute
695 %{__sed} -i -e '/pam_loginuid.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
698 %{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
699 %{?with_ldap:%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf}
702 rm -rf $RPM_BUILD_ROOT
713 %postun gnome-askpass
717 %useradd -P %{name}-server -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd
720 /sbin/chkconfig --add sshd
721 %service sshd reload "OpenSSH Daemon"
723 %systemd_post sshd.service
726 if [ "$1" = "0" ]; then
728 /sbin/chkconfig --del sshd
730 %systemd_preun sshd.service
733 if [ "$1" = "0" ]; then
738 %triggerpostun server -- %{name}-server < 2:7.0p1-2
739 %banner %{name}-server -e << EOF
740 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!
741 ! Starting from openssh 7.0 DSA keys are disabled !
742 ! on server and client side. You will NOT be able !
743 ! to use DSA keys for authentication. Please read !
744 ! about PubkeyAcceptedKeyTypes in man ssh_config. !
745 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
748 %triggerpostun server -- %{name}-server < 6.2p1-1
749 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
750 sed -i -e 's#AuthorizedKeysCommandRunAs#AuthorizedKeysCommandUser##g' %{_sysconfdir}/sshd_config
752 %triggerpostun server -- %{name}-server < 2:5.9p1-8
753 # lpk.patch to ldap.patch
754 if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
755 echo >&2 "Migrating LPK patch to LDAP patch"
756 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
758 # disable old configs
759 # just UseLPK/LkpLdapConf supported for now
760 s/^\s*UseLPK/## Obsolete &/
761 s/^\s*Lpk/## Obsolete &/
762 # Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys
763 /UseLPK/iAuthorizedKeysCommand %{_libexecdir}/ssh-ldap-wrapper
764 ' %{_sysconfdir}/sshd_config
765 if [ ! -x /bin/systemd_booted ] || ! /bin/systemd_booted; then
766 /bin/systemctl try-restart sshd.service || :
768 %service -q sshd reload
771 %systemd_trigger sshd.service
772 if [ -x /bin/systemd_booted ] && /bin/systemd_booted; then
773 %banner %{name}-server -e << EOF
774 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!
775 ! Native systemd support for sshd has been installed. !
776 ! Restarting sshd.service with systemctl WILL kill all !
777 ! active ssh sessions (daemon as such will be started). !
778 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
782 %post -n openldap-schema-openssh-lpk
783 %openldap_schema_register %{schemadir}/openssh-lpk.schema
784 %service -q ldap restart
786 %postun -n openldap-schema-openssh-lpk
787 if [ "$1" = "0" ]; then
788 %openldap_schema_unregister %{schemadir}/openssh-lpk.schema
789 %service -q ldap restart
793 %defattr(644,root,root,755)
794 %doc TODO README OVERVIEW CREDITS Change*
795 %attr(755,root,root) %{_bindir}/ssh-key*
796 #%attr(755,root,root) %{_bindir}/ssh-vulnkey*
797 %{_mandir}/man1/ssh-key*.1*
798 #%{_mandir}/man1/ssh-vulnkey*.1*
803 %defattr(644,root,root,755)
804 %attr(755,root,root) %{_bindir}/ssh
805 %attr(755,root,root) %{_bindir}/sftp
806 %attr(755,root,root) %{_bindir}/ssh-agent
807 %attr(755,root,root) %{_bindir}/ssh-add
808 %attr(755,root,root) %{_bindir}/ssh-copy-id
809 %attr(755,root,root) %{_bindir}/scp
810 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
811 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
812 %{_mandir}/man1/scp.1*
813 %{_mandir}/man1/ssh.1*
814 %{_mandir}/man1/sftp.1*
815 %{_mandir}/man1/ssh-agent.1*
816 %{_mandir}/man1/ssh-add.1*
817 %{_mandir}/man1/ssh-copy-id.1*
818 %{_mandir}/man5/ssh_config.5*
819 %lang(it) %{_mandir}/it/man1/ssh.1*
820 %lang(it) %{_mandir}/it/man5/ssh_config.5*
821 %lang(pl) %{_mandir}/pl/man1/scp.1*
822 %lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1*
824 # for host-based auth (suid required for accessing private host key)
825 #%attr(4755,root,root) %{_libexecdir}/ssh-keysign
826 #%{_mandir}/man8/ssh-keysign.8*
828 %files clients-agent-profile_d
829 %defattr(644,root,root,755)
830 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh-agent.conf
831 %attr(755,root,root) /etc/profile.d/ssh-agent.sh
833 %files clients-agent-xinitrc
834 %defattr(644,root,root,755)
835 %attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh
837 %files clients-helper-fido
838 %defattr(644,root,root,755)
839 %attr(755,root,root) %{_libexecdir}/ssh-sk-helper
840 %{_mandir}/man8/ssh-sk-helper.8*
843 %defattr(644,root,root,755)
844 %attr(755,root,root) %{_sbindir}/sshd
845 %attr(755,root,root) %{_libexecdir}/sftp-server
846 %attr(755,root,root) %{_libexecdir}/ssh-keysign
847 %attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
848 %attr(755,root,root) %{_libexecdir}/sshd-keygen
849 %{_mandir}/man8/sshd.8*
850 %{_mandir}/man8/sftp-server.8*
851 %{_mandir}/man8/ssh-keysign.8*
852 %{_mandir}/man8/ssh-pkcs11-helper.8*
853 %{_mandir}/man5/sshd_config.5*
854 %{_mandir}/man5/moduli.5*
855 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
856 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
857 %{_sysconfdir}/moduli
858 %attr(754,root,root) /etc/rc.d/init.d/sshd
859 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd
860 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd
861 %{systemdunitdir}/sshd.service
862 %{systemdunitdir}/sshd.socket
863 %{systemdunitdir}/sshd@.service
867 %defattr(644,root,root,755)
868 %doc HOWTO.ldap-keys ldap.conf
869 %attr(755,root,root) %{_libexecdir}/ssh-ldap-helper
870 %attr(755,root,root) %{_libexecdir}/ssh-ldap-wrapper
871 %{_mandir}/man5/ssh-ldap.conf.5*
872 %{_mandir}/man8/ssh-ldap-helper.8*
875 %if %{with gnome} || %{with gtk}
877 %defattr(644,root,root,755)
878 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/GNOME_SSH_ASKPASS*
879 %dir %{_libexecdir}/ssh
880 %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
881 %attr(755,root,root) %{_libexecdir}/ssh-askpass
885 %files -n openldap-schema-openssh-lpk
886 %defattr(644,root,root,755)
887 %{schemadir}/openssh-lpk.schema