PKG_NAME:=openssh
PKG_VERSION:=6.3p1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
ftp://ftp.de.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/
PKG_MD5SUM:=225e75c9856f76011966013163784038
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
+
PKG_BUILD_DEPENDS:=libopenssl
include $(INCLUDE_DIR)/package.mk
MAINTAINER:=Peter Wagner <tripolar@gmx.at>
URL:=http://www.openssh.com/
SUBMENU:=SSH
+ VARIANT:=without-pam
endef
define Package/openssh-moduli
$(call Package/openssh/Default)
- DEPENDS+= +openssh-server
+ DEPENDS+= +openssh-keygen
TITLE+= moduli file
endef
OpenSSH server moduli file.
endef
-
define Package/openssh-client
$(call Package/openssh/Default)
TITLE+= client
/etc/ssh/sshd_config
endef
+define Package/openssh-server-pam
+ $(call Package/openssh/Default)
+ DEPENDS+= +libpthread +openssh-keygen +libpam
+ TITLE+= server (with PAM support)
+ VARIANT:=with-pam
+endef
+
+define Package/openssh-server-pam/description
+OpenSSH server (with PAM support).
+endef
+
+define Package/openssh-server-pam/conffiles
+/etc/pam.d/sshd
+/etc/security/access-sshd-local.conf
+/etc/ssh/sshd_config
+endef
+
define Package/openssh-sftp-client
$(call Package/openssh/Default)
TITLE+= SFTP client
--disable-wtmpx \
--without-bsd-auth \
--without-kerberos5 \
- --without-pam \
--without-x
+ifeq ($(BUILD_VARIANT),with-pam)
+CONFIGURE_ARGS += \
+ --with-pam
+else
+CONFIGURE_ARGS += \
+ --without-pam
+endif
+
ifeq ($(CONFIG_OPENSSL_ENGINE),y)
CONFIGURE_ARGS+= \
--with-ssl-engine
CONFIGURE_VARS += LD="$(TARGET_CC)"
+ifeq ($(BUILD_VARIANT),with-pam)
+TARGET_LDFLAGS += -lpthread
+endif
+
define Build/Compile
$(MAKE) -C $(PKG_BUILD_DIR) \
DESTDIR="$(PKG_INSTALL_DIR)" \
define Package/openssh-moduli/install
$(INSTALL_DIR) $(1)/etc/ssh
- $(CP) $(PKG_INSTALL_DIR)/etc/ssh/moduli $(1)/etc/ssh/
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/ssh/moduli $(1)/etc/ssh/
endef
define Package/openssh-client/install
define Package/openssh-server/install
$(INSTALL_DIR) $(1)/etc/ssh
chmod 0700 $(1)/etc/ssh
- $(CP) $(PKG_INSTALL_DIR)/etc/ssh/sshd_config $(1)/etc/ssh/
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/ssh/sshd_config $(1)/etc/ssh/
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/sshd.init $(1)/etc/init.d/sshd
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/sshd $(1)/usr/sbin/
+endef
+
+define Package/openssh-server-pam/install
+ $(INSTALL_DIR) $(1)/etc/ssh
+ chmod 0700 $(1)/etc/ssh
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/ssh/sshd_config $(1)/etc/ssh/
+ $(INSTALL_DIR) $(1)/etc/pam.d
+ $(INSTALL_DATA) ./files/sshd.pam $(1)/etc/pam.d/sshd
+ $(INSTALL_DIR) $(1)/etc/security
+ $(INSTALL_DATA) ./files/sshd.pam-access $(1)/etc/security/access-sshd-local.conf
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/sshd.init $(1)/etc/init.d/sshd
$(INSTALL_DIR) $(1)/usr/sbin
$(eval $(call BuildPackage,openssh-client-utils))
$(eval $(call BuildPackage,openssh-keygen))
$(eval $(call BuildPackage,openssh-server))
+$(eval $(call BuildPackage,openssh-server-pam))
$(eval $(call BuildPackage,openssh-sftp-client))
$(eval $(call BuildPackage,openssh-sftp-server))
--- /dev/null
+# PAM configuration for the Secure Shell service
+
+# Read environment variables from /etc/environment and
+# /etc/security/pam_env.conf.
+auth required pam_env.so
+
+# Skip Google Authenticator if logging in from the local network.
+# auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-sshd-local.conf
+# Google Authenticator 2-step verification.
+# auth requisite pam_google_authenticator.so
+
+# Standard Un*x authentication.
+auth include common-auth
+
+# Disallow non-root logins when /etc/nologin exists.
+account required pam_nologin.so
+
+# Uncomment and edit /etc/security/access.conf if you need to set complex
+# access limits that are hard to express in sshd_config.
+# account required pam_access.so
+
+# Standard Un*x authorization.
+account include common-account
+
+# Standard Un*x session setup and teardown.
+session include common-session
+
+# Print the message of the day upon successful login.
+session optional pam_motd.so
+
+# Print the status of the user's mailbox upon successful login.
+session optional pam_mail.so standard noenv
+
+# Set up user limits from /etc/security/limits.conf.
+session required pam_limits.so
+
+# Set up SELinux capabilities (need modified pam)
+# session required pam_selinux.so multiple
+
+# Standard Un*x password updating.
+password include common-password