FreeBSD Port: openssh-3.6.1

Oliver Eikemeier eikemeier at fillmore-labs.com
Fri Sep 19 05:11:19 PDT 2003 

Dirk Meyer wrote:

> you can preview OpenSSH 3.7.1 the port at:
> http://people.freebsd.org/~dinoex/ports/openssh-portable-371/
> 
> but there are a lot of changes. E.g. No Kerberos 4 any more.

Hi Dirk,

thanks for the great work. How about a rcNG script for sshd?

* Makefile:

USE_RC_SUBR=	yes

...

post-configure:
	${SED} -e 's:__PREFIX__:${PREFIX}:g' \
		-e 's:__ETCSSH__:${ETCSSH}:g' \
		-e 's:__RC_SUBR__:${RC_SUBR}:g' \
		${FILESDIR}/sshd.sh > ${WRKSRC}/sshd.sh

...

post-install:
.if !defined(OPENSSH_OVERWRITE_BASE)
	${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh
.endif

and tell users to do
  echo 'enable_sshd_portable="YES"' >> /etc/rc.conf
if they want to enable sshd.

* replace files/sshd.sh by:

--- sshd.sh begins here ---
#!/bin/sh
#
# $FreeBSD$
#

# PROVIDE: sshd
# REQUIRE: LOGIN
# KEYWORD: FreeBSD

. __RC_SUBR__

name="sshd_portable"
rcvar=`set_rcvar`

command="__PREFIX__/sbin/sshd"
pidfile="/var/run/sshd.pid"
required_files="__ETCSSH__/sshd_config"

start_precmd="sshd_precmd"
keygen_cmd="sshd_keygen"
extra_commands="keygen reload"

sshd_keygen()
{
	(
	umask 022

	# Can't do anything if ssh is not installed
	[ -x __PREFIX__/bin/ssh-keygen ] || {
		warn "__PREFIX__/bin/ssh-keygen does not exist."
		return 1
	}

	if [ -f __ETCSSH__/ssh_host_key ]; then
		echo "You already have an RSA host key" \
		    "in __ETCSSH__/ssh_host_key"
		echo "Skipping protocol version 1 RSA Key Generation"
	else
		__PREFIX__/bin/ssh-keygen -t rsa1 -b 1024 \
		    -f __ETCSSH__/ssh_host_key -N ''
	fi

	if [ -f __ETCSSH__/ssh_host_dsa_key ]; then
		echo "You already have a DSA host key" \
		    "in __ETCSSH__/ssh_host_dsa_key"
		echo "Skipping protocol version 2 DSA Key Generation"
	else
		__PREFIX__/bin/ssh-keygen -t dsa -f __ETCSSH__/ssh_host_dsa_key -N ''
	fi

	if [ -f __ETCSSH__/ssh_host_rsa_key ]; then
		echo "You already have a RSA host key" \
		    "in __ETCSSH__/ssh_host_rsa_key"
		echo "Skipping protocol version 2 RSA Key Generation"
	else
		__PREFIX__/bin/ssh-keygen -t rsa -f __ETCSSH__/ssh_host_rsa_key -N ''
	fi
	)
}

sshd_precmd()
{
	if [ ! -f __ETCSSH__/ssh_host_key -o \
	    ! -f __ETCSSH__/ssh_host_dsa_key -o \
	    ! -f __ETCSSH__/ssh_host_rsa_key ]; then
		run_rc_command keygen
	fi
}

sshd_portable_enable=${sshd_portable_enable:-"NO"}

load_rc_config $name
run_rc_command "$1"
--- sshd.sh ends here ---

(stolen from /etc/rc.d/sshd)

* and maybe remove

%%NOTBASE%%@exec if [ ! -f %D/etc/ssh/ssh_host_key ]; then echo ">> Generating a secret RSA1 host key."; %D/bin/ssh-keygen -t rsa1 -N "" -f %D/etc/ssh/ssh_host_key; fi
%%NOTBASE%%@exec if [ ! -f %D/etc/ssh/ssh_host_rsa_key ]; then echo ">> Generating a secret RSA host key."; %D/bin/ssh-keygen -t rsa -N "" -f %D/etc/ssh/ssh_host_rsa_key; fi
%%NOTBASE%%@exec if [ ! -f %D/etc/ssh/ssh_host_dsa_key ]; then echo ">> Generating a secret DSA host key."; %D/bin/ssh-keygen -t dsa -N "" -f %D/etc/ssh/ssh_host_dsa_key; fi

from pkg-plist.

%%NOTBASE%%@exec %D/etc/rc.d/sshd.sh keygen

probably won't work, because you are missing the enable_sshd_portable="YES".

I changed sshd to sshd_portable in order to not collide with sshd from the base system.

Sorry that I didn't had the time to test.

Regards
    Oliver

More information about the freebsd-ports mailing list