---- openssh-3.7.1p2/servconf.c 2003-09-23 11:24:21.000000000 +0200
-+++ openssh-3.7.1p2.pius/servconf.c 2003-10-07 20:49:08.000000000 +0200
-@@ -41,7 +41,9 @@
+--- openssh-4.4p1/servconf.c.orig 2006-08-18 16:23:15.000000000 +0200
++++ openssh-4.4p1/servconf.c 2006-10-05 10:11:17.065971000 +0200
+@@ -56,7 +56,9 @@
/* Portable-specific options */
options->use_pam = -1;
/* Standard Options */
options->num_ports = 0;
options->ports_from_cmdline = 0;
-@@ -112,6 +114,9 @@
+@@ -131,6 +133,9 @@
if (options->use_pam == -1)
options->use_pam = 0;
/* Standard Options */
if (options->protocol == SSH_PROTO_UNKNOWN)
options->protocol = SSH_PROTO_1|SSH_PROTO_2;
-@@ -245,6 +250,7 @@
+@@ -270,6 +275,7 @@
sBadOption, /* == unknown option */
/* Portable-specific options */
sUsePAM,
/* Standard Options */
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
sPermitRootLogin, sLogFacility, sLogLevel,
-@@ -278,6 +284,11 @@
+@@ -312,6 +318,11 @@
#else
- { "usepam", sUnsupported },
+ { "usepam", sUnsupported, SSHCFG_GLOBAL },
#endif
+#ifdef CHROOT
-+ { "usechroot", sUseChroot },
++ { "usechroot", sUseChroot, SSHCFG_GLOBAL },
+#else
-+ { "usechroot", sUnsupported },
++ { "usechroot", sUnsupported, SSHCFG_GLOBAL },
+#endif /* CHROOT */
- { "pamauthenticationviakbdint", sDeprecated },
+ { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
/* Standard Options */
- { "port", sPort },
-@@ -437,6 +448,10 @@
+ { "port", sPort, SSHCFG_GLOBAL },
+@@ -662,6 +673,10 @@
intptr = &options->use_pam;
goto parse_flag;
int use_dns;
int client_alive_interval; /*
* poke the client this often to
---- openssh-3.7.1p2/session.c 2003-09-23 10:59:08.000000000 +0200
-+++ openssh-3.7.1p2.pius/session.c 2003-10-07 20:49:08.000000000 +0200
-@@ -1231,6 +1231,10 @@
- void
+--- ./session.c.org 2008-05-05 16:22:11.935003283 +0200
++++ ./session.c 2008-05-05 16:32:50.025507650 +0200
+@@ -1345,6 +1345,10 @@ void
do_setusercontext(struct passwd *pw)
{
+ char *chroot_path, *tmp;
+#ifdef CHROOT
+ char *user_dir;
+ char *new_root;
+#endif /* CHROOT */
- #ifndef HAVE_CYGWIN
- if (getuid() == 0 || geteuid() == 0)
- #endif /* HAVE_CYGWIN */
-@@ -1268,6 +1272,28 @@
- exit(1);
- }
- endgrent();
-+
+
+ #ifdef WITH_SELINUX
+ /* Cache selinux status for later use */
+@@ -1425,8 +1429,28 @@ do_setusercontext(struct passwd *pw)
+ /* Make sure we don't attempt to chroot again */
+ free(options.chroot_directory);
+ options.chroot_directory = NULL;
+#ifdef CHROOT
-+ if (options.use_chroot) {
++ } else if (options.use_chroot) {
+ user_dir = xstrdup(pw->pw_dir);
+ new_root = user_dir + 1;
+
+ new_root += 2;
+
+ if(chroot(user_dir) != 0)
-+ fatal("Couldn't chroot to user directory % s", user_dir);
-+ pw->pw_dir = new_root;
-+ break;
-+ }
-+ new_root += 2;
++ fatal("Couldn't chroot to user directory %s", user_dir);
++ pw->pw_dir = new_root;
++ break;
++ }
++ new_root += 2;
+ }
-+ }
+#endif /* CHROOT */
+ }
+
+
- # ifdef USE_PAM
- /*
- * PAM credentials may take the form of supplementary groups.
+ #ifdef HAVE_LOGIN_CAP
+ if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
+ perror("unable to set user context (setuser)");
--- openssh-3.7.1p2/sshd_config 2003-09-02 14:51:18.000000000 +0200
+++ openssh-3.7.1p2.pius/sshd_config 2003-10-07 20:49:08.000000000 +0200
-@@ -71,6 +71,10 @@
- # bypass the setting of 'PasswordAuthentication'
- #UsePAM yes
+@@ -91,6 +91,10 @@
+ # and ChallengeResponseAuthentication to 'no'.
+ UsePAM yes
+# Set this to 'yes' to enable support for chrooted user environment.
-+# You must create such environment before you can use this feature.
++# You must create such environment before you can use this feature.
+#UseChroot yes
+
- #AllowTcpForwarding yes
- #GatewayPorts no
- #X11Forwarding no
---- openssh-3.7.1p2/sshd_config.0 2003-09-23 11:55:19.000000000 +0200
-+++ openssh-3.7.1p2.pius/sshd_config.0 2003-10-07 20:49:08.000000000 +0200
-@@ -349,6 +349,16 @@
- CAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The de-
- fault is AUTH.
+ #AllowAgentForwarding yes
+ # Security advisory:
+ # http://securitytracker.com/alerts/2004/Sep/1011143.html
+--- openssh-4.4p1/sshd_config.0.orig 2006-09-26 13:03:48.000000000 +0200
++++ openssh-4.4p1/sshd_config.0 2006-10-05 10:11:41.615971000 +0200
+@@ -451,6 +451,16 @@
+ To disable TCP keepalive messages, the value should be set to
+ ``no''.
+ UseChroot
+ Specifies whether to use chroot-jail environment with ssh/sftp,
+ For this to work properly you have to create special chroot-jail
+ environment in a /path/to/chroot directory.
+
- UseDNS Specifies whether sshd should lookup the remote host name and
+ UseDNS Specifies whether sshd(8) should look up the remote host name and
check that the resolved host name for the remote IP address maps
back to the very same IP address. The default is ``yes''.
---- openssh-3.7.1p2/sshd_config.5 2003-09-02 14:57:05.000000000 +0200
-+++ openssh-3.7.1p2.pius/sshd_config.5 2003-10-07 20:49:08.000000000 +0200
-@@ -580,6 +580,16 @@
+--- openssh-3.8p1/sshd_config.5.orig 2004-02-18 04:31:24.000000000 +0100
++++ openssh-3.8p1/sshd_config.5 2004-02-25 21:17:23.000000000 +0100
+@@ -552,6 +552,16 @@
The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH.
+to whatever directory was before the . and continues with the normal ssh
+functionality. For this to work properly you have to create special chroot-jail
+environment in a /path/to/chroot directory.
- .It Cm UseDNS
- Specifies whether
- .Nm sshd
+ .It Cm TCPKeepAlive
+ Specifies whether the system should send TCP keepalive messages to the
+ other side.
projects / packages / openssh.git / blobdiff