openpkg
/
openpkg-packages
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

- create SSHv2 RSA in addition to SSHv1 RSA server key - generate server keys with 2048 bits instead of 1024 - create ~/.ssh/agent file with mode 600 instead of mode 700 - cleanup ssh_config and sshd_config files - default to "Protocol 2,1" in server and "Protocol 1,2" in client

master
Dr. Ralf S. Engelschall 24 years ago
parent
ef679a0a1e
commit
9752b1edbe
4 changed files with 39 additions and 29 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 18
      openssh/openssh.spec
  2. 8
      openssh/ssh-keyman
  3. 31
      openssh/ssh_config
  4. 11
      openssh/sshd_config

18
openssh/openssh.spec
Unescape View File

@ -44,7 +44,7 @@ Distribution: OpenPKG [REL]
Group: Cryptography Group: Cryptography
License: BSD License: BSD
Version: 3.2.3p1 Version: 3.2.3p1
Release: 20020522 Release: 20020531
# list of sources # list of sources
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
@ -203,18 +203,26 @@ AutoReqProv: no
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
%post %post
# generate server RSA key # generate server RSA1 (SSHv1) key
if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_key" -o \ if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_key" -o \
! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_key" ] ; then ! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_key" ] ; then
$RPM_INSTALL_PREFIX/bin/ssh-keygen -t rsa1 -b 1024 \ $RPM_INSTALL_PREFIX/bin/ssh-keygen -t rsa1 -b 2048 \
-f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_key \ -f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_key \
-N '' -C `hostname` 1>&2 -N '' -C `hostname` 1>&2
fi fi
# generate server DSA key # generate server RSA (SSHv2) key
if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_rsa_key" -o \
! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_rsa_key" ] ; then
$RPM_INSTALL_PREFIX/bin/ssh-keygen -t rsa -b 2048 \
-f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_rsa_key \
-N '' -C `hostname` 1>&2
fi
# generate server DSA (SSHv2) key
if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key" -o \ if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key" -o \
! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key" ] ; then ! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key" ] ; then
$RPM_INSTALL_PREFIX/bin/ssh-keygen -t dsa -d \ $RPM_INSTALL_PREFIX/bin/ssh-keygen -t dsa -b 2048 \
-f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key \ -f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key \
-N '' -C `hostname` 1>&2 -N '' -C `hostname` 1>&2
fi fi

8
openssh/ssh-keyman
Unescape View File

@ -26,8 +26,8 @@
# program information # program information
prog_name="ssh-keyman" prog_name="ssh-keyman"
prog_vers="1.0.0" prog_vers="1.0.1"
prog_date="05-May-2002" prog_date="31-May-2002"
# OpenSSH programs # OpenSSH programs
ssh_agent="@l_prefix@/bin/ssh-agent" ssh_agent="@l_prefix@/bin/ssh-agent"
@ -143,7 +143,7 @@ if [ ! -f $agentfile ]; then
if [ ".$SSH_AUTH_SOCK" != . -a ".$SSH_AGENT_PID" != . ]; then if [ ".$SSH_AUTH_SOCK" != . -a ".$SSH_AGENT_PID" != . ]; then
( echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" ( echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK"
echo "SSH_AGENT_PID=$SSH_AGENT_PID" echo "SSH_AGENT_PID=$SSH_AGENT_PID"
) >$agentfile && chmod 700 $agentfile ) >$agentfile && chmod 600 $agentfile
echo "$prog_name:WARNING: valid agent information in your environment" 1>&2 echo "$prog_name:WARNING: valid agent information in your environment" 1>&2
echo "$prog_name:WARNING: but no saved agent state file -- fixed" 1>&2 echo "$prog_name:WARNING: but no saved agent state file -- fixed" 1>&2
fi fi
@ -182,7 +182,7 @@ if [ ".$opt_s" = .yes ]; then
fi fi
( echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" ( echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK"
echo "SSH_AGENT_PID=$SSH_AGENT_PID" echo "SSH_AGENT_PID=$SSH_AGENT_PID"
) >$agentfile && chmod 700 $agentfile ) >$agentfile && chmod 600 $agentfile
fi fi
fi fi

31
openssh/ssh_config
Unescape View File

@ -3,7 +3,6 @@
## ##
Host localhost Host localhost
Cipher blowfish
Compression no Compression no
ForwardX11 yes ForwardX11 yes
KeepAlive yes KeepAlive yes
@ -13,30 +12,32 @@ Host localhost
# the rule is "first matching is used") # the rule is "first matching is used")
Host * Host *
BatchMode no BatchMode no
ChallengeResponseAuthentication yes
CheckHostIP yes CheckHostIP yes
Protocol 1,2
HostKeyAlgorithms ssh-rsa,ssh-dss
PreferredAuthentications hostbased,publickey,keyboard-interactive,password
Cipher 3des Cipher 3des
Ciphers 3des-cbc,blowfish-cbc,aes128-cbc Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
MACs hmac-sha1,hmac-md5,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
Compression yes Compression yes
CompressionLevel 4 CompressionLevel 4
ConnectionAttempts 2 ConnectionAttempts 2
DSAAuthentication yes
EscapeChar ~
FallBackToRsh no
ForwardAgent yes
ForwardX11 no
GatewayPorts no
KeepAlive no
LogLevel INFO
MACs hmac-sha1,hmac-md5,hmac-ripemd160
NumberOfPasswordPrompts 2
PasswordAuthentication yes
Protocol 1,2
PubkeyAuthentication yes PubkeyAuthentication yes
DSAAuthentication yes
RSAAuthentication yes RSAAuthentication yes
ChallengeResponseAuthentication yes
PasswordAuthentication yes
NumberOfPasswordPrompts 2
RhostsAuthentication no RhostsAuthentication no
RhostsRSAAuthentication no RhostsRSAAuthentication no
StrictHostKeyChecking no StrictHostKeyChecking no
UsePrivilegedPort no UsePrivilegedPort no
UseRsh no UseRsh no
FallBackToRsh no
EscapeChar ~
ForwardAgent yes
ForwardX11 no
GatewayPorts no
KeepAlive no
LogLevel INFO

11
openssh/sshd_config
Unescape View File

@ -7,7 +7,7 @@ ListenAddress 0.0.0.0
Subsystem sftp @l_prefix@/libexec/openssh/sftp-server Subsystem sftp @l_prefix@/libexec/openssh/sftp-server
Protocol 1,2 Protocol 2,1
HostKey @l_prefix@/etc/openssh/ssh_host_key HostKey @l_prefix@/etc/openssh/ssh_host_key
HostDsaKey @l_prefix@/etc/openssh/ssh_host_dsa_key HostDsaKey @l_prefix@/etc/openssh/ssh_host_dsa_key
ServerKeyBits 768 ServerKeyBits 768
@ -17,17 +17,18 @@ PidFile @l_prefix@/var/openssh/sshd.pid
SyslogFacility AUTH SyslogFacility AUTH
LogLevel INFO LogLevel INFO
RhostsAuthentication no PubkeyAuthentication yes
RhostsRSAAuthentication no
PasswordAuthentication yes
RSAAuthentication yes RSAAuthentication yes
DSAAuthentication yes DSAAuthentication yes
PasswordAuthentication yes
RhostsAuthentication no
RhostsRSAAuthentication no
StrictModes yes StrictModes yes
IgnoreRhosts yes IgnoreRhosts yes
KeepAlive yes
X11Forwarding no X11Forwarding no
GatewayPorts no GatewayPorts no
KeepAlive yes
LoginGraceTime 600 LoginGraceTime 600
MaxStartups 10:30:60 MaxStartups 10:30:60

Write Preview
Loading…
Cancel
Save