haikuprojects/haikuports
1
0
Fork 0
mirror of https://github.com/yann64/haikuports.git synced 2026-04-18 09:40:05 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
d1494deec257e85a72c54c623d0d43fc58eacf10
haikuports/net-misc/openssh/patches/openssh-9.3p1.patchset
Jerome Duval 15380ca2d9 openssh: bump version 
* remove dsa und rsa1 checks when generating.
* remove patch for explicit_zero, --with-md5-passwords is removed
2023-05-25 18:08:27 +02:00

1096 lines
43 KiB
Plaintext
Raw Blame History

From d72aa2c359b14bf29f4b84e6a41ea55a2224b5fa Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 17:57:38 +0200
Subject: applying patch sshd_config.patch
diff --git a/sshd_config b/sshd_config
index 36894ac..c783c84 100644
--- a/sshd_config
+++ b/sshd_config
@@ -38,7 +38,7 @@
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
-AuthorizedKeysFile .ssh/authorized_keys
+AuthorizedKeysFile config/settings/ssh/authorized_keys
#AuthorizedPrincipalsFile none
--
2.37.3
From f3271e55e745a03f6dd87799f8a2ddc1153ddd76 Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 17:57:38 +0200
Subject: applying patch pathnames.patch
diff --git a/pathnames.h b/pathnames.h
index f7ca5a7..828e43e 100644
--- a/pathnames.h
+++ b/pathnames.h
@@ -57,7 +57,7 @@
* The directory in user's home directory in which the files reside. The
* directory should be world-readable (though not all files are).
*/
-#define _PATH_SSH_USER_DIR ".ssh"
+#define _PATH_SSH_USER_DIR "config/settings/ssh"
/*
* Per-user file containing host keys of known hosts. This file need not be
--
2.37.3
From 0c0df46eaec3fd088704cc191b81c693245e8174 Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 17:57:38 +0200
Subject: applying patch ssh-copy-id.patch
diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id
old mode 100644
new mode 100755
index cd122de..e5a320c
--- a/contrib/ssh-copy-id
+++ b/contrib/ssh-copy-id
@@ -61,7 +61,7 @@ then
fi
# shellcheck disable=SC2010
-DEFAULT_PUB_ID_FILE=$(ls -t "${HOME}"/.ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)
+DEFAULT_PUB_ID_FILE=$(ls -t `finddir B_USER_SETTINGS_DIRECTORY`/ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)
SSH="ssh -a -x"
umask 0177
@@ -296,7 +296,7 @@ installkeys_via_sftp() {
# create a scratch dir for any temporary files needed
-if SCRATCH_DIR=$(mktemp -d ~/.ssh/ssh-copy-id.XXXXXXXXXX) &&
+if SCRATCH_DIR=$(mktemp -d `finddir B_USER_SETTINGS_DIRECTORY`/ssh/ssh-copy-id.XXXXXXXXXX) &&
[ "$SCRATCH_DIR" ] && [ -d "$SCRATCH_DIR" ]
then
chmod 0700 "$SCRATCH_DIR"
--
2.37.3
From 2a28504d2bb6f43d31200b2b3546e2334237816b Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 17:57:38 +0200
Subject: applying patch sha2-gcc2-build-fix.patch
diff --git a/openbsd-compat/sha2.c b/openbsd-compat/sha2.c
index 4f2ad8f..8946d87 100644
--- a/openbsd-compat/sha2.c
+++ b/openbsd-compat/sha2.c
@@ -616,11 +616,13 @@ SHA256Final(u_int8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *context)
SHA256Pad(context);
#if BYTE_ORDER == LITTLE_ENDIAN
+{
int i;
/* Convert TO host byte order */
for (i = 0; i < 8; i++)
BE_32_TO_8(digest + i * 4, context->state.st32[i]);
+}
#else
memcpy(digest, context->state.st32, SHA256_DIGEST_LENGTH);
#endif
@@ -897,11 +899,13 @@ SHA512Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *context)
SHA512Pad(context);
#if BYTE_ORDER == LITTLE_ENDIAN
+{
int i;
/* Convert TO host byte order */
for (i = 0; i < 8; i++)
BE_64_TO_8(digest + i * 8, context->state.st64[i]);
+}
#else
memcpy(digest, context->state.st64, SHA512_DIGEST_LENGTH);
#endif
@@ -954,11 +958,13 @@ SHA384Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *context)
SHA384Pad(context);
#if BYTE_ORDER == LITTLE_ENDIAN
+{
int i;
/* Convert TO host byte order */
for (i = 0; i < 6; i++)
BE_64_TO_8(digest + i * 8, context->state.st64[i]);
+}
#else
memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH);
#endif
--
2.37.3
From 2364d47154217df24ec1474099a87cf58a57621b Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 17:57:38 +0200
Subject: applying patch pkcs11-gcc2-build-fix.patch
diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
index cfd833d..9def20d 100644
--- a/ssh-pkcs11-client.c
+++ b/ssh-pkcs11-client.c
@@ -248,6 +248,7 @@ pkcs11_start_helper_methods(void)
return (0);
#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW)
+{
int (*orig_sign)(int, const unsigned char *, int, unsigned char *,
unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL;
if (helper_ecdsa != NULL)
@@ -257,6 +258,7 @@ pkcs11_start_helper_methods(void)
return (-1);
EC_KEY_METHOD_get_sign(helper_ecdsa, &orig_sign, NULL, NULL);
EC_KEY_METHOD_set_sign(helper_ecdsa, orig_sign, NULL, ecdsa_do_sign);
+}
#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */
if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL)
--
2.37.3
From ee7e0513d2facdae338b96786b68e500ee298e53 Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 18:08:27 +0200
Subject: Fix configuration path in manpages
diff --git a/contrib/ssh-copy-id.1 b/contrib/ssh-copy-id.1
index c141a29..fd27f1d 100644
--- a/contrib/ssh-copy-id.1
+++ b/contrib/ssh-copy-id.1
@@ -54,7 +54,7 @@ this may result in you being repeatedly prompted for pass-phrases).
It then assembles a list of those that failed to log in, and using ssh,
enables logins with those keys on the remote server. By default it adds
the keys by appending them to the remote user's
-.Pa ~/.ssh/authorized_keys
+.Pa ~/config/settings/settings/ssh/authorized_keys
(creating the file, and directory, if necessary). It is also capable
of detecting if the remote system is a NetScreen, and using its
.Ql set ssh pka-dsa key ...
@@ -124,9 +124,9 @@ will be used.
The
.Ic default_ID_file
is the most recent file that matches:
-.Pa ~/.ssh/id*.pub ,
+.Pa ~/config/settings/settings/ssh/id*.pub ,
(excluding those that match
-.Pa ~/.ssh/*-cert.pub )
+.Pa ~/config/settings/settings/ssh/*-cert.pub )
so if you create a key that is not the one you want
.Nm
to use, just use
diff --git a/ssh-add.0 b/ssh-add.0
index ac7d079..8c0ea35 100644
--- a/ssh-add.0
+++ b/ssh-add.0
@@ -13,8 +13,8 @@ SYNOPSIS
DESCRIPTION
ssh-add adds private key identities to the authentication agent,
ssh-agent(1). When run without arguments, it adds the files
- ~/.ssh/id_rsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519,
- ~/.ssh/id_ed25519_sk, and ~/.ssh/id_dsa. After loading a private key,
+ ~/config/settings/settings/ssh/id_rsa, ~/config/settings/settings/ssh/id_ecdsa, ~/config/settings/settings/ssh/id_ecdsa_sk, ~/config/settings/settings/ssh/id_ed25519,
+ ~/config/settings/settings/ssh/id_ed25519_sk, and ~/config/settings/settings/ssh/id_dsa. After loading a private key,
ssh-add will try to load corresponding certificate information from the
filename obtained by appending -cert.pub to the name of the private key
file. Alternative file names can be given on the command line.
@@ -60,8 +60,8 @@ DESCRIPTION
destination-constrained keys via the -h flag. This option may be
specified multiple times to allow multiple files to be searched.
If no files are specified, ssh-add will use the default
- ssh_config(5) known hosts files: ~/.ssh/known_hosts,
- ~/.ssh/known_hosts2, /etc/ssh/ssh_known_hosts, and
+ ssh_config(5) known hosts files: ~/config/settings/settings/ssh/known_hosts,
+ ~/config/settings/settings/ssh/known_hosts2, /etc/ssh/ssh_known_hosts, and
/etc/ssh/ssh_known_hosts2.
-h destination_constraint
@@ -173,12 +173,12 @@ ENVIRONMENT
the built-in USB HID support.
FILES
- ~/.ssh/id_dsa
- ~/.ssh/id_ecdsa
- ~/.ssh/id_ecdsa_sk
- ~/.ssh/id_ed25519
- ~/.ssh/id_ed25519_sk
- ~/.ssh/id_rsa
+ ~/config/settings/settings/ssh/id_dsa
+ ~/config/settings/settings/ssh/id_ecdsa
+ ~/config/settings/settings/ssh/id_ecdsa_sk
+ ~/config/settings/settings/ssh/id_ed25519
+ ~/config/settings/settings/ssh/id_ed25519_sk
+ ~/config/settings/settings/ssh/id_rsa
Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
authenticator-hosted Ed25519 or RSA authentication identity of
the user.
diff --git a/ssh-add.1 b/ssh-add.1
index 4601f59..2a4bf73 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -62,13 +62,13 @@
adds private key identities to the authentication agent,
.Xr ssh-agent 1 .
When run without arguments, it adds the files
-.Pa ~/.ssh/id_rsa ,
-.Pa ~/.ssh/id_ecdsa ,
-.Pa ~/.ssh/id_ecdsa_sk ,
-.Pa ~/.ssh/id_ed25519 ,
-.Pa ~/.ssh/id_ed25519_sk ,
+.Pa ~/config/settings/settings/ssh/id_rsa ,
+.Pa ~/config/settings/settings/ssh/id_ecdsa ,
+.Pa ~/config/settings/settings/ssh/id_ecdsa_sk ,
+.Pa ~/config/settings/settings/ssh/id_ed25519 ,
+.Pa ~/config/settings/settings/ssh/id_ed25519_sk ,
and
-.Pa ~/.ssh/id_dsa .
+.Pa ~/config/settings/settings/ssh/id_dsa .
After loading a private key,
.Nm
will try to load corresponding certificate information from the
@@ -143,8 +143,8 @@ If no files are specified,
will use the default
.Xr ssh_config 5
known hosts files:
-.Pa ~/.ssh/known_hosts ,
-.Pa ~/.ssh/known_hosts2 ,
+.Pa ~/config/settings/settings/ssh/known_hosts ,
+.Pa ~/config/settings/settings/ssh/known_hosts2 ,
.Pa /etc/ssh/ssh_known_hosts ,
and
.Pa /etc/ssh/ssh_known_hosts2 .
@@ -306,12 +306,12 @@ the built-in USB HID support.
.El
.Sh FILES
.Bl -tag -width Ds -compact
-.It Pa ~/.ssh/id_dsa
-.It Pa ~/.ssh/id_ecdsa
-.It Pa ~/.ssh/id_ecdsa_sk
-.It Pa ~/.ssh/id_ed25519
-.It Pa ~/.ssh/id_ed25519_sk
-.It Pa ~/.ssh/id_rsa
+.It Pa ~/config/settings/settings/ssh/id_dsa
+.It Pa ~/config/settings/settings/ssh/id_ecdsa
+.It Pa ~/config/settings/settings/ssh/id_ecdsa_sk
+.It Pa ~/config/settings/settings/ssh/id_ed25519
+.It Pa ~/config/settings/settings/ssh/id_ed25519_sk
+.It Pa ~/config/settings/settings/ssh/id_rsa
Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
authenticator-hosted Ed25519 or RSA authentication identity of the user.
.El
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index 86cb91b..7d70666 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -56,9 +56,9 @@ DESCRIPTION
KEY REVOCATION LISTS section for details.
Normally each user wishing to use SSH with public key authentication runs
- this once to create the authentication key in ~/.ssh/id_dsa,
- ~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519,
- ~/.ssh/id_ed25519_sk or ~/.ssh/id_rsa. Additionally, the system
+ this once to create the authentication key in ~/config/settings/settings/ssh/id_dsa,
+ ~/config/settings/settings/ssh/id_ecdsa, ~/config/settings/settings/ssh/id_ecdsa_sk, ~/config/settings/settings/ssh/id_ed25519,
+ ~/config/settings/settings/ssh/id_ed25519_sk or ~/config/settings/settings/ssh/id_rsa. Additionally, the system
administrator may use this to generate host keys, as seen in /etc/rc.
Normally this program generates the key and asks for a file in which to
@@ -622,7 +622,7 @@ CERTIFICATES
no-pty Disable PTY allocation (permitted by default).
no-user-rc
- Disable execution of ~/.ssh/rc by sshd(8) (permitted by default).
+ Disable execution of ~/config/settings/settings/ssh/rc by sshd(8) (permitted by default).
no-x11-forwarding
Disable X11 forwarding (permitted by default).
@@ -637,7 +637,7 @@ CERTIFICATES
Allows PTY allocation.
permit-user-rc
- Allows execution of ~/.ssh/rc by sshd(8).
+ Allows execution of ~/config/settings/settings/ssh/rc by sshd(8).
permit-X11-forwarding
Allows X11 forwarding.
@@ -862,12 +862,12 @@ ENVIRONMENT
the built-in USB HID support.
FILES
- ~/.ssh/id_dsa
- ~/.ssh/id_ecdsa
- ~/.ssh/id_ecdsa_sk
- ~/.ssh/id_ed25519
- ~/.ssh/id_ed25519_sk
- ~/.ssh/id_rsa
+ ~/config/settings/settings/ssh/id_dsa
+ ~/config/settings/settings/ssh/id_ecdsa
+ ~/config/settings/settings/ssh/id_ecdsa_sk
+ ~/config/settings/settings/ssh/id_ed25519
+ ~/config/settings/settings/ssh/id_ed25519_sk
+ ~/config/settings/settings/ssh/id_rsa
Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
authenticator-hosted Ed25519 or RSA authentication identity of
the user. This file should not be readable by anyone but the
@@ -878,16 +878,16 @@ FILES
the private key. ssh(1) will read this file when a login attempt
is made.
- ~/.ssh/id_dsa.pub
- ~/.ssh/id_ecdsa.pub
- ~/.ssh/id_ecdsa_sk.pub
- ~/.ssh/id_ed25519.pub
- ~/.ssh/id_ed25519_sk.pub
- ~/.ssh/id_rsa.pub
+ ~/config/settings/settings/ssh/id_dsa.pub
+ ~/config/settings/settings/ssh/id_ecdsa.pub
+ ~/config/settings/settings/ssh/id_ecdsa_sk.pub
+ ~/config/settings/settings/ssh/id_ed25519.pub
+ ~/config/settings/settings/ssh/id_ed25519_sk.pub
+ ~/config/settings/settings/ssh/id_rsa.pub
Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
authenticator-hosted Ed25519 or RSA public key for
authentication. The contents of this file should be added to
- ~/.ssh/authorized_keys on all machines where the user wishes to
+ ~/config/settings/settings/ssh/authorized_keys on all machines where the user wishes to
log in using public key authentication. There is no need to keep
the contents of this file secret.
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 1be0822..9b37d22 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -205,13 +205,13 @@ section for details.
Normally each user wishing to use SSH
with public key authentication runs this once to create the authentication
key in
-.Pa ~/.ssh/id_dsa ,
-.Pa ~/.ssh/id_ecdsa ,
-.Pa ~/.ssh/id_ecdsa_sk ,
-.Pa ~/.ssh/id_ed25519 ,
-.Pa ~/.ssh/id_ed25519_sk
+.Pa ~/config/settings/settings/ssh/id_dsa ,
+.Pa ~/config/settings/settings/ssh/id_ecdsa ,
+.Pa ~/config/settings/settings/ssh/id_ecdsa_sk ,
+.Pa ~/config/settings/settings/ssh/id_ed25519 ,
+.Pa ~/config/settings/settings/ssh/id_ed25519_sk
or
-.Pa ~/.ssh/id_rsa .
+.Pa ~/config/settings/settings/ssh/id_rsa .
Additionally, the system administrator may use this to generate host keys,
as seen in
.Pa /etc/rc .
@@ -1000,7 +1000,7 @@ Disable PTY allocation (permitted by default).
.Pp
.It Ic no-user-rc
Disable execution of
-.Pa ~/.ssh/rc
+.Pa ~/config/settings/settings/ssh/rc
by
.Xr sshd 8
(permitted by default).
@@ -1021,7 +1021,7 @@ Allows PTY allocation.
.Pp
.It Ic permit-user-rc
Allows execution of
-.Pa ~/.ssh/rc
+.Pa ~/config/settings/settings/ssh/rc
by
.Xr sshd 8 .
.Pp
@@ -1290,12 +1290,12 @@ the built-in USB HID support.
.El
.Sh FILES
.Bl -tag -width Ds -compact
-.It Pa ~/.ssh/id_dsa
-.It Pa ~/.ssh/id_ecdsa
-.It Pa ~/.ssh/id_ecdsa_sk
-.It Pa ~/.ssh/id_ed25519
-.It Pa ~/.ssh/id_ed25519_sk
-.It Pa ~/.ssh/id_rsa
+.It Pa ~/config/settings/settings/ssh/id_dsa
+.It Pa ~/config/settings/settings/ssh/id_ecdsa
+.It Pa ~/config/settings/settings/ssh/id_ecdsa_sk
+.It Pa ~/config/settings/settings/ssh/id_ed25519
+.It Pa ~/config/settings/settings/ssh/id_ed25519_sk
+.It Pa ~/config/settings/settings/ssh/id_rsa
Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
authenticator-hosted Ed25519 or RSA authentication identity of the user.
This file should not be readable by anyone but the user.
@@ -1308,16 +1308,16 @@ but it is offered as the default file for the private key.
.Xr ssh 1
will read this file when a login attempt is made.
.Pp
-.It Pa ~/.ssh/id_dsa.pub
-.It Pa ~/.ssh/id_ecdsa.pub
-.It Pa ~/.ssh/id_ecdsa_sk.pub
-.It Pa ~/.ssh/id_ed25519.pub
-.It Pa ~/.ssh/id_ed25519_sk.pub
-.It Pa ~/.ssh/id_rsa.pub
+.It Pa ~/config/settings/settings/ssh/id_dsa.pub
+.It Pa ~/config/settings/settings/ssh/id_ecdsa.pub
+.It Pa ~/config/settings/settings/ssh/id_ecdsa_sk.pub
+.It Pa ~/config/settings/settings/ssh/id_ed25519.pub
+.It Pa ~/config/settings/settings/ssh/id_ed25519_sk.pub
+.It Pa ~/config/settings/settings/ssh/id_rsa.pub
Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
authenticator-hosted Ed25519 or RSA public key for authentication.
The contents of this file should be added to
-.Pa ~/.ssh/authorized_keys
+.Pa ~/config/settings/settings/ssh/authorized_keys
on all machines
where the user wishes to log in using public key authentication.
There is no need to keep the contents of this file secret.
diff --git a/ssh.0 b/ssh.0
index 94a98ae..cc630d6 100644
--- a/ssh.0
+++ b/ssh.0
@@ -112,7 +112,7 @@ DESCRIPTION
Specifies an alternative per-user configuration file. If a
configuration file is given on the command line, the system-wide
configuration file (/etc/ssh/ssh_config) will be ignored. The
- default for the per-user configuration file is ~/.ssh/config. If
+ default for the per-user configuration file is ~/config/settings/ssh/config. If
set to M-bM-^@M-^\noneM-bM-^@M-^], no configuration files will be read.
-f Requests ssh to go to background just before command execution.
@@ -143,9 +143,9 @@ DESCRIPTION
key authentication is read. You can also specify a public key
file to use the corresponding private key that is loaded in
ssh-agent(1) when the private key file is not present locally.
- The default is ~/.ssh/id_rsa, ~/.ssh/id_ecdsa,
- ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519, ~/.ssh/id_ed25519_sk and
- ~/.ssh/id_dsa. Identity files may also be specified on a per-
+ The default is ~/config/settings/settings/ssh/id_rsa, ~/config/settings/settings/ssh/id_ecdsa,
+ ~/config/settings/settings/ssh/id_ecdsa_sk, ~/config/settings/settings/ssh/id_ed25519, ~/config/settings/settings/ssh/id_ed25519_sk and
+ ~/config/settings/settings/ssh/id_dsa. Identity files may also be specified on a per-
host basis in the configuration file. It is possible to have
multiple -i options (and multiple identities specified in
configuration files). If no certificates have been explicitly
@@ -161,7 +161,7 @@ DESCRIPTION
is a shortcut to specify a ProxyJump configuration directive.
Note that configuration directives supplied on the command-line
generally apply to the destination host and not any specified
- jump hosts. Use ~/.ssh/config to specify configuration for jump
+ jump hosts. Use ~/config/settings/settings/ssh/config to specify configuration for jump
hosts.
-K Enables GSSAPI-based authentication and forwarding (delegation)
@@ -483,7 +483,7 @@ AUTHENTICATION
the client machine and the name of the user on that machine, the user is
considered for login. Additionally, the server must be able to verify
the client's host key (see the description of /etc/ssh/ssh_known_hosts
- and ~/.ssh/known_hosts, below) for login to be permitted. This
+ and ~/config/settings/settings/ssh/known_hosts, below) for login to be permitted. This
authentication method closes security holes due to IP spoofing, DNS
spoofing, and routing spoofing. [Note to the administrator:
/etc/hosts.equiv, ~/.rhosts, and the rlogin/rsh protocol in general, are
@@ -499,7 +499,7 @@ AUTHENTICATION
one of the DSA, ECDSA, Ed25519 or RSA algorithms. The HISTORY section of
ssl(8) contains a brief discussion of the DSA and RSA algorithms.
- The file ~/.ssh/authorized_keys lists the public keys that are permitted
+ The file ~/config/settings/settings/ssh/authorized_keys lists the public keys that are permitted
for logging in. When the user logs in, the ssh program tells the server
which key pair it would like to use for authentication. The client
proves that it has access to the private key and the server checks that
@@ -511,15 +511,15 @@ AUTHENTICATION
DEBUG or higher (e.g. by using the -v flag).
The user creates their key pair by running ssh-keygen(1). This stores
- the private key in ~/.ssh/id_dsa (DSA), ~/.ssh/id_ecdsa (ECDSA),
- ~/.ssh/id_ecdsa_sk (authenticator-hosted ECDSA), ~/.ssh/id_ed25519
- (Ed25519), ~/.ssh/id_ed25519_sk (authenticator-hosted Ed25519), or
- ~/.ssh/id_rsa (RSA) and stores the public key in ~/.ssh/id_dsa.pub (DSA),
- ~/.ssh/id_ecdsa.pub (ECDSA), ~/.ssh/id_ecdsa_sk.pub (authenticator-hosted
- ECDSA), ~/.ssh/id_ed25519.pub (Ed25519), ~/.ssh/id_ed25519_sk.pub
- (authenticator-hosted Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's
+ the private key in ~/config/settings/ssh/id_dsa (DSA), ~/config/settings/ssh/id_ecdsa (ECDSA),
+ ~/config/settings/ssh/id_ecdsa_sk (authenticator-hosted ECDSA), ~/config/settings/ssh/id_ed25519
+ (Ed25519), ~/config/settings/ssh/id_ed25519_sk (authenticator-hosted Ed25519), or
+ ~/config/settings/ssh/id_rsa (RSA) and stores the public key in ~/config/settings/ssh/id_dsa.pub (DSA),
+ ~/config/settings/ssh/id_ecdsa.pub (ECDSA), ~/config/settings/ssh/id_ecdsa_sk.pub (authenticator-hosted
+ ECDSA), ~/config/settings/ssh/id_ed25519.pub (Ed25519), ~/config/settings/ssh/id_ed25519_sk.pub
+ (authenticator-hosted Ed25519), or ~/config/settings/ssh/id_rsa.pub (RSA) in the user's
home directory. The user should then copy the public key to
- ~/.ssh/authorized_keys in their home directory on the remote machine.
+ ~/config/settings/ssh/authorized_keys in their home directory on the remote machine.
The authorized_keys file corresponds to the conventional ~/.rhosts file,
and has one key per line, though the lines can be very long. After this,
the user can log in without giving the password.
@@ -547,7 +547,7 @@ AUTHENTICATION
ssh automatically maintains and checks a database containing
identification for all hosts it has ever been used with. Host keys are
- stored in ~/.ssh/known_hosts in the user's home directory. Additionally,
+ stored in ~/config/settings/settings/ssh/known_hosts in the user's home directory. Additionally,
the file /etc/ssh/ssh_known_hosts is automatically checked for known
hosts. Any new hosts are automatically added to the user's file. If a
host's identification ever changes, ssh warns about this and disables
@@ -702,7 +702,7 @@ VERIFYING HOST KEYS
To get a listing of the fingerprints along with their random art for all
known hosts, the following command line can be used:
- $ ssh-keygen -lv -f ~/.ssh/known_hosts
+ $ ssh-keygen -lv -f ~/config/settings/settings/ssh/known_hosts
If the fingerprint is unknown, an alternative method of verification is
available: SSH fingerprints verified by DNS. An additional resource
@@ -846,7 +846,7 @@ ENVIRONMENT
USER Set to the name of the user logging in.
- Additionally, ssh reads ~/.ssh/environment, and adds lines of the format
+ Additionally, ssh reads ~/config/settings/settings/ssh/environment, and adds lines of the format
M-bM-^@M-^\VARNAME=valueM-bM-^@M-^] to the environment if the file exists and users are
allowed to change their environment. For more information, see the
PermitUserEnvironment option in sshd_config(5).
@@ -866,36 +866,36 @@ FILES
host-based authentication without permitting login with
rlogin/rsh.
- ~/.ssh/
+ ~/config/settings/settings/ssh/
This directory is the default location for all user-specific
configuration and authentication information. There is no
general requirement to keep the entire contents of this directory
secret, but the recommended permissions are read/write/execute
for the user, and not accessible by others.
- ~/.ssh/authorized_keys
+ ~/config/settings/settings/ssh/authorized_keys
Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used
for logging in as this user. The format of this file is
described in the sshd(8) manual page. This file is not highly
sensitive, but the recommended permissions are read/write for the
user, and not accessible by others.
- ~/.ssh/config
+ ~/config/settings/settings/ssh/config
This is the per-user configuration file. The file format and
configuration options are described in ssh_config(5). Because of
the potential for abuse, this file must have strict permissions:
read/write for the user, and not writable by others.
- ~/.ssh/environment
+ ~/config/settings/settings/ssh/environment
Contains additional definitions for environment variables; see
ENVIRONMENT, above.
- ~/.ssh/id_dsa
- ~/.ssh/id_ecdsa
- ~/.ssh/id_ecdsa_sk
- ~/.ssh/id_ed25519
- ~/.ssh/id_ed25519_sk
- ~/.ssh/id_rsa
+ ~/config/settings/settings/ssh/id_dsa
+ ~/config/settings/settings/ssh/id_ecdsa
+ ~/config/settings/settings/ssh/id_ecdsa_sk
+ ~/config/settings/settings/ssh/id_ed25519
+ ~/config/settings/settings/ssh/id_ed25519_sk
+ ~/config/settings/settings/ssh/id_rsa
Contains the private key for authentication. These files contain
sensitive data and should be readable by the user but not
accessible by others (read/write/execute). ssh will simply
@@ -904,22 +904,22 @@ FILES
will be used to encrypt the sensitive part of this file using
AES-128.
- ~/.ssh/id_dsa.pub
- ~/.ssh/id_ecdsa.pub
- ~/.ssh/id_ecdsa_sk.pub
- ~/.ssh/id_ed25519.pub
- ~/.ssh/id_ed25519_sk.pub
- ~/.ssh/id_rsa.pub
+ ~/config/settings/settings/ssh/id_dsa.pub
+ ~/config/settings/settings/ssh/id_ecdsa.pub
+ ~/config/settings/settings/ssh/id_ecdsa_sk.pub
+ ~/config/settings/settings/ssh/id_ed25519.pub
+ ~/config/settings/settings/ssh/id_ed25519_sk.pub
+ ~/config/settings/settings/ssh/id_rsa.pub
Contains the public key for authentication. These files are not
sensitive and can (but need not) be readable by anyone.
- ~/.ssh/known_hosts
+ ~/config/settings/settings/ssh/known_hosts
Contains a list of host keys for all hosts the user has logged
into that are not already in the systemwide list of known host
keys. See sshd(8) for further details of the format of this
file.
- ~/.ssh/rc
+ ~/config/settings/settings/ssh/rc
Commands in this file are executed by ssh when the user logs in,
just before the user's shell (or command) is started. See the
sshd(8) manual page for more information.
diff --git a/sshd.0 b/sshd.0
index 00d6081..289345a 100644
--- a/sshd.0
+++ b/sshd.0
@@ -194,13 +194,13 @@ LOGIN PROCESS
5. Sets up basic environment.
- 6. Reads the file ~/.ssh/environment, if it exists, and users are
+ 6. Reads the file ~/config/settings/settings/ssh/environment, if it exists, and users are
allowed to change their environment. See the
PermitUserEnvironment option in sshd_config(5).
7. Changes to user's home directory.
- 8. If ~/.ssh/rc exists and the sshd_config(5) PermitUserRC option
+ 8. If ~/config/settings/settings/ssh/rc exists and the sshd_config(5) PermitUserRC option
is set, runs it; else if /etc/ssh/sshrc exists, runs it;
otherwise runs xauth(1). The M-bM-^@M-^\rcM-bM-^@M-^] files are given the X11
authentication protocol and cookie in standard input. See
@@ -211,7 +211,7 @@ LOGIN PROCESS
database.
SSHRC
- If the file ~/.ssh/rc exists, sh(1) runs it after reading the environment
+ If the file ~/config/settings/settings/ssh/rc exists, sh(1) runs it after reading the environment
files but before starting the user's shell or command. It must not
produce any output on stdout; stderr must be used instead. If X11
forwarding is in use, it will receive the "proto cookie" pair in its
@@ -243,7 +243,7 @@ SSHRC
AUTHORIZED_KEYS FILE FORMAT
AuthorizedKeysFile specifies the files containing public keys for public
key authentication; if this option is not specified, the default is
- ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2. Each line of the
+ ~/config/settings/settings/ssh/authorized_keys and ~/config/settings/settings/ssh/authorized_keys2. Each line of the
file contains one key (empty lines and lines starting with a M-bM-^@M-^X#M-bM-^@M-^Y are
ignored as comments). Public keys consist of the following space-
separated fields: options, keytype, base64-encoded key, comment. The
@@ -356,7 +356,7 @@ AUTHORIZED_KEYS FILE FORMAT
no-pty Prevents tty allocation (a request to allocate a pty will fail).
no-user-rc
- Disables execution of ~/.ssh/rc.
+ Disables execution of ~/config/settings/settings/ssh/rc.
no-X11-forwarding
Forbids X11 forwarding when this key is used for authentication.
@@ -422,7 +422,7 @@ AUTHORIZED_KEYS FILE FORMAT
tunnel.
user-rc
- Enables execution of ~/.ssh/rc previously disabled by the
+ Enables execution of ~/config/settings/settings/ssh/rc previously disabled by the
restrict option.
X11-forwarding
@@ -452,7 +452,7 @@ AUTHORIZED_KEYS FILE FORMAT
cert-authority,no-touch-required,principals="user_a" ssh-rsa ...
SSH_KNOWN_HOSTS FILE FORMAT
- The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host
+ The /etc/ssh/ssh_known_hosts and ~/config/settings/settings/ssh/known_hosts files contain host
public keys for all known hosts. The global file should be prepared by
the administrator (optional), and the per-user file is maintained
automatically: whenever the user connects to an unknown host, its key is
@@ -522,7 +522,7 @@ SSH_KNOWN_HOSTS FILE FORMAT
Rather, generate them by a script, ssh-keyscan(1) or by taking, for
example, /etc/ssh/ssh_host_rsa_key.pub and adding the host names at the
front. ssh-keygen(1) also offers some basic automated editing for
- ~/.ssh/known_hosts including removing hosts matching a host name and
+ ~/config/settings/settings/ssh/known_hosts including removing hosts matching a host name and
converting all host names to their hashed representations.
An example ssh_known_hosts file:
@@ -559,27 +559,27 @@ FILES
host-based authentication without permitting login with
rlogin/rsh.
- ~/.ssh/
+ ~/config/settings/settings/ssh/
This directory is the default location for all user-specific
configuration and authentication information. There is no
general requirement to keep the entire contents of this directory
secret, but the recommended permissions are read/write/execute
for the user, and not accessible by others.
- ~/.ssh/authorized_keys
+ ~/config/settings/settings/ssh/authorized_keys
Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used
for logging in as this user. The format of this file is
described above. The content of the file is not highly
sensitive, but the recommended permissions are read/write for the
user, and not accessible by others.
- If this file, the ~/.ssh directory, or the user's home directory
+ If this file, the ~/config/settings/settings/ssh directory, or the user's home directory
are writable by other users, then the file could be modified or
replaced by unauthorized users. In this case, sshd will not
allow it to be used unless the StrictModes option has been set to
M-bM-^@M-^\noM-bM-^@M-^].
- ~/.ssh/environment
+ ~/config/settings/settings/ssh/environment
This file is read into the environment at login (if it exists).
It can only contain empty lines, comment lines (that start with
M-bM-^@M-^X#M-bM-^@M-^Y), and assignment lines of the form name=value. The file
@@ -587,14 +587,14 @@ FILES
anyone else. Environment processing is disabled by default and
is controlled via the PermitUserEnvironment option.
- ~/.ssh/known_hosts
+ ~/config/settings/settings/ssh/known_hosts
Contains a list of host keys for all hosts the user has logged
into that are not already in the systemwide list of known host
keys. The format of this file is described above. This file
should be writable only by root/the owner and can, but need not
be, world-readable.
- ~/.ssh/rc
+ ~/config/settings/settings/ssh/rc
Contains initialization routines to be run before the user's home
directory becomes accessible. This file should be writable only
by the user, and need not be readable by anyone else.
@@ -653,7 +653,7 @@ FILES
configuration options are described in sshd_config(5).
/etc/ssh/sshrc
- Similar to ~/.ssh/rc, it can be used to specify machine-specific
+ Similar to ~/config/settings/settings/ssh/rc, it can be used to specify machine-specific
login-time initializations globally. This file should be
writable only by root, and should be world-readable.
diff --git a/sshd.8 b/sshd.8
index 9c8f2fc..cc33f4e 100644
--- a/sshd.8
+++ b/sshd.8
@@ -360,7 +360,7 @@ Changes to run with normal user privileges.
Sets up basic environment.
.It
Reads the file
-.Pa ~/.ssh/environment ,
+.Pa ~/config/settings/settings/ssh/environment ,
if it exists, and users are allowed to change their environment.
See the
.Cm PermitUserEnvironment
@@ -370,7 +370,7 @@ option in
Changes to user's home directory.
.It
If
-.Pa ~/.ssh/rc
+.Pa ~/config/settings/settings/ssh/rc
exists and the
.Xr sshd_config 5
.Cm PermitUserRC
@@ -393,7 +393,7 @@ system password database.
.El
.Sh SSHRC
If the file
-.Pa ~/.ssh/rc
+.Pa ~/config/settings/settings/ssh/rc
exists,
.Xr sh 1
runs it after reading the
@@ -438,9 +438,9 @@ does not exist either, xauth is used to add the cookie.
specifies the files containing public keys for
public key authentication;
if this option is not specified, the default is
-.Pa ~/.ssh/authorized_keys
+.Pa ~/config/settings/settings/ssh/authorized_keys
and
-.Pa ~/.ssh/authorized_keys2 .
+.Pa ~/config/settings/settings/ssh/authorized_keys2 .
Each line of the file contains one
key (empty lines and lines starting with a
.Ql #
@@ -585,7 +585,7 @@ option.
Prevents tty allocation (a request to allocate a pty will fail).
.It Cm no-user-rc
Disables execution of
-.Pa ~/.ssh/rc .
+.Pa ~/config/settings/settings/ssh/rc .
.It Cm no-X11-forwarding
Forbids X11 forwarding when this key is used for authentication.
Any X11 forward requests by the client will return an error.
@@ -666,7 +666,7 @@ and
Enable all restrictions, i.e. disable port, agent and X11 forwarding,
as well as disabling PTY allocation
and execution of
-.Pa ~/.ssh/rc .
+.Pa ~/config/settings/settings/ssh/rc .
If any future restriction capabilities are added to authorized_keys files,
they will be included in this set.
.It Cm tunnel="n"
@@ -677,7 +677,7 @@ Without this option, the next available device will be used if
the client requests a tunnel.
.It Cm user-rc
Enables execution of
-.Pa ~/.ssh/rc
+.Pa ~/config/settings/settings/ssh/rc
previously disabled by the
.Cm restrict
option.
@@ -713,7 +713,7 @@ cert-authority,no-touch-required,principals="user_a" ssh-rsa ...
The
.Pa /etc/ssh/ssh_known_hosts
and
-.Pa ~/.ssh/known_hosts
+.Pa ~/config/settings/settings/ssh/known_hosts
files contain host public keys for all known hosts.
The global file should
be prepared by the administrator (optional), and the per-user file is
@@ -822,7 +822,7 @@ or by taking, for example,
and adding the host names at the front.
.Xr ssh-keygen 1
also offers some basic automated editing for
-.Pa ~/.ssh/known_hosts
+.Pa ~/config/settings/settings/ssh/known_hosts
including removing hosts matching a host name and converting all host
names to their hashed representations.
.Pp
@@ -873,14 +873,14 @@ This file is used in exactly the same way as
but allows host-based authentication without permitting login with
rlogin/rsh.
.Pp
-.It Pa ~/.ssh/
+.It Pa ~/config/settings/settings/ssh/
This directory is the default location for all user-specific configuration
and authentication information.
There is no general requirement to keep the entire contents of this directory
secret, but the recommended permissions are read/write/execute for the user,
and not accessible by others.
.Pp
-.It Pa ~/.ssh/authorized_keys
+.It Pa ~/config/settings/settings/ssh/authorized_keys
Lists the public keys (DSA, ECDSA, Ed25519, RSA)
that can be used for logging in as this user.
The format of this file is described above.
@@ -888,7 +888,7 @@ The content of the file is not highly sensitive, but the recommended
permissions are read/write for the user, and not accessible by others.
.Pp
If this file, the
-.Pa ~/.ssh
+.Pa ~/config/settings/settings/ssh
directory, or the user's home directory are writable
by other users, then the file could be modified or replaced by unauthorized
users.
@@ -899,7 +899,7 @@ will not allow it to be used unless the
option has been set to
.Dq no .
.Pp
-.It Pa ~/.ssh/environment
+.It Pa ~/config/settings/settings/ssh/environment
This file is read into the environment at login (if it exists).
It can only contain empty lines, comment lines (that start with
.Ql # ) ,
@@ -911,14 +911,14 @@ controlled via the
.Cm PermitUserEnvironment
option.
.Pp
-.It Pa ~/.ssh/known_hosts
+.It Pa ~/config/settings/settings/ssh/known_hosts
Contains a list of host keys for all hosts the user has logged into
that are not already in the systemwide list of known host keys.
The format of this file is described above.
This file should be writable only by root/the owner and
can, but need not be, world-readable.
.Pp
-.It Pa ~/.ssh/rc
+.It Pa ~/config/settings/settings/ssh/rc
Contains initialization routines to be run before
the user's home directory becomes accessible.
This file should be writable only by the user, and need not be
@@ -996,7 +996,7 @@ The file format and configuration options are described in
.Pp
.It Pa /etc/ssh/sshrc
Similar to
-.Pa ~/.ssh/rc ,
+.Pa ~/config/settings/settings/ssh/rc ,
it can be used to specify
machine-specific login-time initializations globally.
This file should be writable only by root, and should be world-readable.
diff --git a/sshd_config.5 b/sshd_config.5
index 9a1578f..d40d609 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -365,7 +365,7 @@ Note that
is only used when authentication proceeds using a CA listed in
.Cm TrustedUserCAKeys
and is not consulted for certification authorities trusted via
-.Pa ~/.ssh/authorized_keys ,
+.Pa ~/config/settings/settings/ssh/authorized_keys ,
though the
.Cm principals=
key option offers a similar facility (see
@@ -685,7 +685,7 @@ The default is
Forces the execution of the command specified by
.Cm ForceCommand ,
ignoring any command supplied by the client and
-.Pa ~/.ssh/rc
+.Pa ~/config/settings/settings/ssh/rc
if present.
The command is invoked by using the user's login shell with the -c option.
This applies to shell, command, or subsystem execution.
@@ -894,7 +894,7 @@ and
Specifies whether
.Xr sshd 8
should ignore the user's
-.Pa ~/.ssh/known_hosts
+.Pa ~/config/settings/settings/ssh/known_hosts
during
.Cm HostbasedAuthentication
and use only the system-wide known hosts file
@@ -1507,11 +1507,11 @@ Independent of this setting, the permissions of the selected
device must allow access to the user.
.It Cm PermitUserEnvironment
Specifies whether
-.Pa ~/.ssh/environment
+.Pa ~/config/settings/settings/ssh/environment
and
.Cm environment=
options in
-.Pa ~/.ssh/authorized_keys
+.Pa ~/config/settings/settings/ssh/authorized_keys
are processed by
.Xr sshd 8 .
Valid options are
@@ -1527,7 +1527,7 @@ restrictions in some configurations using mechanisms such as
.Ev LD_PRELOAD .
.It Cm PermitUserRC
Specifies whether any
-.Pa ~/.ssh/rc
+.Pa ~/config/settings/settings/ssh/rc
file is executed.
The default is
.Cm yes .
@@ -1865,7 +1865,7 @@ very same IP address.
If this option is set to
.Cm no
(the default) then only addresses and not host names may be used in
-.Pa ~/.ssh/authorized_keys
+.Pa ~/config/settings/settings/ssh/authorized_keys
.Cm from
and
.Nm
--
2.37.3
From 7b823b2992244fa3b96601518e82c8df53117b75 Mon Sep 17 00:00:00 2001
From: Zach Dykstra <dykstra.zachary@gmail.com>
Date: Sun, 27 Dec 2020 21:38:07 -0600
Subject: mux.c: use rename instead of unsupported hard link
diff --git a/mux.c b/mux.c
index b3ffde9..cd87d71 100644
--- a/mux.c
+++ b/mux.c
@@ -1309,9 +1309,9 @@ muxserver_listen(struct ssh *ssh)
}
/* Now atomically "move" the mux socket into position */
- if (link(options.control_path, orig_control_path) != 0) {
+ if (rename(options.control_path, orig_control_path) != 0) {
if (errno != EEXIST) {
- fatal_f("link mux listener %s => %s: %s",
+ fatal_f("rename mux listener %s => %s: %s",
options.control_path, orig_control_path,
strerror(errno));
}
@@ -1320,7 +1320,6 @@ muxserver_listen(struct ssh *ssh)
unlink(options.control_path);
goto disable_mux_master;
}
- unlink(options.control_path);
free(options.control_path);
options.control_path = orig_control_path;
--
2.37.3
From 7534d916c83b13f3b40d59e9386be21c70cebc4f Mon Sep 17 00:00:00 2001
From: Jerome Duval <jerome.duval@gmail.com>
Date: Tue, 8 Jun 2021 14:25:15 +0200
Subject: gcc2 patch sntrup761.c
diff --git a/sntrup761.c b/sntrup761.c
index 57368bd..1fe66d0 100644
--- a/sntrup761.c
+++ b/sntrup761.c
@@ -63,6 +63,7 @@ static void crypto_sort_int32(void *array,long long n)
for (q = top;q > p;q >>= 1) {
if (j != i) for (;;) {
if (j == n - q) goto done;
+{
int32 a = x[j + p];
for (r = q;r > p;r >>= 1)
int32_MINMAX(a,x[j + r]);
@@ -72,6 +73,7 @@ static void crypto_sort_int32(void *array,long long n)
i += 2 * p;
break;
}
+}
}
while (i + p <= n - q) {
for (j = i;j < i + p;++j) {
--
2.37.3
From 8d952a08372ad3678dcc4130c26d1a607c41ab6c Mon Sep 17 00:00:00 2001
From: Sergei Reznikov <diver@gelios.net>
Date: Wed, 20 Oct 2021 16:57:50 +0300
Subject: Use a link to take a backup while replacing the known_hosts file
Based on https://github.com/termux/termux-packages/commit/e696010d8907854dd194311ce8a02da0ca77a121
diff --git a/hostfile.c b/hostfile.c
index c5669c7..7fa07ba 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -700,7 +700,11 @@ hostfile_replace_entries(const char *filename, const char *host, const char *ip,
r = SSH_ERR_SYSTEM_ERROR;
goto fail;
}
+#ifdef __HAIKU__
+ if (rename(filename, back) == -1) {
+#else
if (link(filename, back) == -1) {
+#endif
oerrno = errno;
error_f("link %.100s to %.100s: %s", filename,
back, strerror(errno));
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 2c0c9cd..42c13e1 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1372,7 +1372,11 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host,
/* Backup existing file */
if (unlink(old) == -1 && errno != ENOENT)
fatal("unlink %.100s: %s", old, strerror(errno));
+#ifdef __HAIKU__
+ if (rename(identity_file, old) == -1)
+#else
if (link(identity_file, old) == -1)
+#endif
fatal("link %.100s to %.100s: %s", identity_file, old,
strerror(errno));
/* Move new one into place */
--
2.37.3
Reference in New Issue View Git Blame Copy Permalink