[prev in list] [next in list] [prev in thread] [next in thread]
List: openpkg-cvs
Subject: [CVS] OpenPKG: openpkg-src/openssh openssh.spec ssh-keyman ssh_config ...
From: "Ralf S. Engelschall" <rse () openpkg ! org>
Date: 2002-05-31 14:48:08
[Download RAW message or body]
OpenPKG CVS Repository
http://www.openpkg.org/cvsweb/cvsweb.cgi
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: rse@openpkg.org
Module: openpkg-src Date: 31-May-2002 16:48:08
Branch: HEAD Handle: 2002053115480800
Modified files:
openpkg-src/openssh openssh.spec ssh-keyman ssh_config sshd_config
Log:
- create SSHv2 RSA in addition to SSHv1 RSA server key
- generate server keys with 2048 bits instead of 1024
- create ~/.ssh/agent file with mode 600 instead of mode 700
- cleanup ssh_config and sshd_config files
- default to "Protocol 2,1" in server and "Protocol 1,2" in client
Summary:
Revision Changes Path
1.40 +13 -5 openpkg-src/openssh/openssh.spec
1.2 +4 -4 openpkg-src/openssh/ssh-keyman
1.3 +16 -15 openpkg-src/openssh/ssh_config
1.4 +6 -5 openpkg-src/openssh/sshd_config
____________________________________________________________________________
Index: openpkg-src/openssh/openssh.spec
============================================================
$ cvs diff -u -r1.39 -r1.40 openssh.spec
--- openpkg-src/openssh/openssh.spec 29 May 2002 20:01:39 -0000 1.39
+++ openpkg-src/openssh/openssh.spec 31 May 2002 14:48:08 -0000 1.40
@@ -44,7 +44,7 @@
Group: Cryptography
License: BSD
Version: 3.2.3p1
-Release: 20020522
+Release: 20020531
# list of sources
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
@@ -203,18 +203,26 @@
rm -rf $RPM_BUILD_ROOT
%post
- # generate server RSA key
+ # generate server RSA1 (SSHv1) key
if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_key" -o \
! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_key" ] ; then
- $RPM_INSTALL_PREFIX/bin/ssh-keygen -t rsa1 -b 1024 \
+ $RPM_INSTALL_PREFIX/bin/ssh-keygen -t rsa1 -b 2048 \
-f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_key \
-N '' -C `hostname` 1>&2
fi
- # generate server DSA key
+ # generate server RSA (SSHv2) key
+ if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_rsa_key" -o \
+ ! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_rsa_key" ] ; then
+ $RPM_INSTALL_PREFIX/bin/ssh-keygen -t rsa -b 2048 \
+ -f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_rsa_key \
+ -N '' -C `hostname` 1>&2
+ fi
+
+ # generate server DSA (SSHv2) key
if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key" -o \
! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key" ] ; then
- $RPM_INSTALL_PREFIX/bin/ssh-keygen -t dsa -d \
+ $RPM_INSTALL_PREFIX/bin/ssh-keygen -t dsa -b 2048 \
-f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key \
-N '' -C `hostname` 1>&2
fi
Index: openpkg-src/openssh/ssh-keyman
============================================================
$ cvs diff -u -r1.1 -r1.2 ssh-keyman
--- openpkg-src/openssh/ssh-keyman 7 May 2002 18:01:42 -0000 1.1
+++ openpkg-src/openssh/ssh-keyman 31 May 2002 14:48:08 -0000 1.2
@@ -26,8 +26,8 @@
# program information
prog_name="ssh-keyman"
-prog_vers="1.0.0"
-prog_date="05-May-2002"
+prog_vers="1.0.1"
+prog_date="31-May-2002"
# OpenSSH programs
ssh_agent="@l_prefix@/bin/ssh-agent"
@@ -143,7 +143,7 @@
if [ ".$SSH_AUTH_SOCK" != . -a ".$SSH_AGENT_PID" != . ]; then
( echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK"
echo "SSH_AGENT_PID=$SSH_AGENT_PID"
- ) >$agentfile && chmod 700 $agentfile
+ ) >$agentfile && chmod 600 $agentfile
echo "$prog_name:WARNING: valid agent information in your environment" \
1>&2
echo "$prog_name:WARNING: but no saved agent state file -- fixed" 1>&2
fi
@@ -182,7 +182,7 @@
fi
( echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK"
echo "SSH_AGENT_PID=$SSH_AGENT_PID"
- ) >$agentfile && chmod 700 $agentfile
+ ) >$agentfile && chmod 600 $agentfile
fi
fi
Index: openpkg-src/openssh/ssh_config
============================================================
$ cvs diff -u -r1.2 -r1.3 ssh_config
--- openpkg-src/openssh/ssh_config 9 Mar 2002 08:27:16 -0000 1.2
+++ openpkg-src/openssh/ssh_config 31 May 2002 14:48:08 -0000 1.3
@@ -3,7 +3,6 @@
##
Host localhost
- Cipher blowfish
Compression no
ForwardX11 yes
KeepAlive yes
@@ -13,30 +12,32 @@
# the rule is "first matching is used")
Host *
BatchMode no
- ChallengeResponseAuthentication yes
CheckHostIP yes
+ Protocol 1,2
+ HostKeyAlgorithms ssh-rsa,ssh-dss
+ PreferredAuthentications \
hostbased,publickey,keyboard-interactive,password Cipher \
3des
- Ciphers 3des-cbc,blowfish-cbc,aes128-cbc
+ Ciphers \
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc + MACs \
hmac-sha1,hmac-md5,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 Compression \
yes CompressionLevel 4
ConnectionAttempts 2
- DSAAuthentication yes
- EscapeChar ~
- FallBackToRsh no
- ForwardAgent yes
- ForwardX11 no
- GatewayPorts no
- KeepAlive no
- LogLevel INFO
- MACs hmac-sha1,hmac-md5,hmac-ripemd160
- NumberOfPasswordPrompts 2
- PasswordAuthentication yes
- Protocol 1,2
PubkeyAuthentication yes
+ DSAAuthentication yes
RSAAuthentication yes
+ ChallengeResponseAuthentication yes
+ PasswordAuthentication yes
+ NumberOfPasswordPrompts 2
RhostsAuthentication no
RhostsRSAAuthentication no
StrictHostKeyChecking no
UsePrivilegedPort no
UseRsh no
+ FallBackToRsh no
+ EscapeChar ~
+ ForwardAgent yes
+ ForwardX11 no
+ GatewayPorts no
+ KeepAlive no
+ LogLevel INFO
Index: openpkg-src/openssh/sshd_config
============================================================
$ cvs diff -u -r1.3 -r1.4 sshd_config
--- openpkg-src/openssh/sshd_config 17 May 2002 13:07:24 -0000 1.3
+++ openpkg-src/openssh/sshd_config 31 May 2002 14:48:08 -0000 1.4
@@ -7,7 +7,7 @@
Subsystem sftp @l_prefix@/libexec/openssh/sftp-server
-Protocol 1,2
+Protocol 2,1
HostKey @l_prefix@/etc/openssh/ssh_host_key
HostDsaKey @l_prefix@/etc/openssh/ssh_host_dsa_key
ServerKeyBits 768
@@ -17,17 +17,18 @@
SyslogFacility AUTH
LogLevel INFO
-RhostsAuthentication no
-RhostsRSAAuthentication no
-PasswordAuthentication yes
+PubkeyAuthentication yes
RSAAuthentication yes
DSAAuthentication yes
+PasswordAuthentication yes
+RhostsAuthentication no
+RhostsRSAAuthentication no
StrictModes yes
IgnoreRhosts yes
+KeepAlive yes
X11Forwarding no
GatewayPorts no
-KeepAlive yes
LoginGraceTime 600
MaxStartups 10:30:60
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic