maemo.org - Talk - [solved by NIELDK] Openssh=>5.7 for Sailfish ?

maemo.org - Talk (https://talk.maemo.org/index.php)

- SailfishOS (https://talk.maemo.org/forumdisplay.php?f=52)

- - [solved by NIELDK] Openssh=>5.7 for Sailfish ? (https://talk.maemo.org/showthread.php?t=92632)

[solved by NIELDK] Openssh=>5.7 for Sailfish ?

Is it possible to find somewhere Opennssh=>5.7 for Sailfish?
I want to be able to connect to my work and home PCs via my ECDSA keys.
I found this one but it's a .deb file:
https://openrepos.net/content/nieldk/openssh

:confused:

Re: Openssh=>5.7 for Sailfish ?

Well, yes. It's possible. These are the steps I would take (using a linux system):

1. Use google and look for an rpm file.

2. If you can't find it, find the source and compile it yourself.

3. If that doesn't work, for whatever reason, look for a package or script that does deb-to-rpm conversion.

4. You could unpack the .deb file and manually move the over to your filesystem.

Re: Openssh=>5.7 for Sailfish ?

See how this fits your need
https://openrepos.net/content/nieldk/openssh-0

You will need to install as root (devel-su) and force the install to replace the sailfish version from Jolla

rpm -i --force openssh-6.4p1-3.armv7hl.rpm

Re: Openssh=>5.7 for Sailfish ?

Well after installing and removing liblzma my jolla is borked and i'm resetting again. I'm done struggling with rpms . :mad:

Re: Openssh=>5.7 for Sailfish ?

Quote:

Originally Posted by nieldk (Post 1411636)

Oh, after i reset i'll try it! Thank you nieldk! *hugz*
:)

Re: Openssh=>5.7 for Sailfish ?

Can you please file a bug in Mer, so they'd update openssh there?

Re: Openssh=>5.7 for Sailfish ?

Quote:

Originally Posted by shmerl (Post 1411743)

Can you please file a bug in Mer, so they'd update openssh there?

yeah, The thing is, its not a bug. Why there are like 99% of packages that needs update like that ... No idea why packages that are decades outdated.
Talk about security .....

Re: Openssh=>5.7 for Sailfish ?

Updated openssh on my openrepos to fix someminor issue with path variable when SSHing to Jolla device

new version is 6.4p1-4

Update:
Bumped to version 6.5p1-1

Re: Openssh=>5.7 for Sailfish ?

I did :

rpm -i --force /mnt/sdcard/Downloads/openssh-6.5p1-1.armv7hl.rpm

but nothing seems to happen.

ssh -v still results in:

OpenSSH_5.6p1, OpenSSL 1.0.1c-fips 10 May 2012

Even after reboot :confused:

Re: Openssh=>5.7 for Sailfish ?

Quote:

Originally Posted by kollin (Post 1411766)

did you run as root ?

You mean, you got no response - output - from running rpm command at all ?

please post any output here :)

Re: Openssh=>5.7 for Sailfish ?

Quote:

Originally Posted by nieldk (Post 1411776)

did you run as root ?

You mean, you got no response - output - from running rpm command at all ?

please post any output here :)

Yes i ran it as root:

Code:

[root@localhost ~]# rpm -i --force  /mnt/sdcard/Downloads/openssh-6.5p1-1.armv7hl.rpm 

[root@localhost ~]#

There is no output, it just runs and ends without error or something..

After that if i try zypper it ends with :

Code:

zypper install  /mnt/sdcard/Downloads/openssh-6.5p1-1.armv7hl.rpm 

Loading repository data...

Reading installed packages...

'openssh = 0:6.5p1-1' is already installed.

No update candidate for 'openssh-6.5p1-1.armv7hl'. The highest available version is already installed.

BUT ssh -V tells me that operating version of openssh is still 5.6, even after reboot:

Quote:

ssh -V
OpenSSH_5.6p1, OpenSSL 1.0.1c-fips 10 May 2012

Re: Openssh=>5.7 for Sailfish ?

please install also
openssh-clients-6.5p1-1.armv7hl.rpm
openssh-server-6.5p1-1.armv7hl.rpm

Re: Openssh=>5.7 for Sailfish ?

Quote:

Originally Posted by nieldk (Post 1411783)

please install also
openssh-clients-6.5p1-1.armv7hl.rpm
openssh-server-6.5p1-1.armv7hl.rpm

:D
It seems ok now:

Quote:

ssh -V
OpenSSH_6.5p1, OpenSSL 1.0.1c-fips 10 May 2012

EDIT: Now after i ssh nemo@192.168.0.77 i cant start midnight commander as user! :eek:
mc
-bash: mc: command not found

Re: Openssh=>5.7 for Sailfish ?

Quote:

Originally Posted by kollin (Post 1411789)

:D
It seems ok now:

EDIT: Now after i ssh nemo@192.168.0.77 i cant start midnight commander as user! :eek:
mc
-bash: mc: command not found

seems I have a little update to do :)

add to /etc/profile
export PATH=$PATH:/usr/local/bin

Code:

devel-su

echo "export PATH=$PATH:/usr/local/bin" >> /etc/profile

Re: Openssh=>5.7 for Sailfish ?

Quote:

Originally Posted by nieldk (Post 1411794)

seems I have a little update to do :)

add to /etc/profile
export PATH=$PATH:/usr/local/bin

Code:

devel-su

echo "export PATH=$PATH:/usr/local/bin" >> /etc/profile

Now it works.
Thank you!
:D

Re: Openssh=>5.7 for Sailfish ?

How does it work with ECDSA keys you needed ?

Re: Openssh=>5.7 for Sailfish ?

Quote:

Originally Posted by nieldk (Post 1411797)

How does it work with ECDSA keys you needed ?

I'll test it later and let you know. I'm going out now for a Sunday afternoon cup of coffee. ;)

Re: Openssh=>5.7 for Sailfish ?

Quote:

Originally Posted by kollin (Post 1411800)

I'll test it later and let you know. I'm going out now for a Sunday afternoon cup of coffee. ;)

Sounds really GOOOOOD! enjoy my friend
(I tested
ssh-keygen -t ecdsa -b 521 -C "$(whoami)@$(hostname)-$(date -I)"

which seems to indicate it works ;)

Re: Openssh=>5.7 for Sailfish ?

Quote:

Originally Posted by nieldk (Post 1411803)

Sounds really GOOOOOD! enjoy my friend
(I tested
ssh-keygen -t ecdsa -b 521 -C "$(whoami)@$(hostname)-$(date -I)"

which seems to indicate it works ;)

Strange i can't add my private key:

Code:

[nemo@localhost ~]$ ssh-add ~/.ssh/id_ecdsa

Enter passphrase for /home/nemo/.ssh/id_ecdsa: 

Bad passphrase, try again for /home/nemo/.ssh/id_ecdsa: 

Bad passphrase, try again for /home/nemo/.ssh/id_ecdsa:

And i'm sure the password is correct! :confused:

EDIT: It works with DSA keys !!!
So i think it's something wrong with ecdsa compatibility may be openssl or some other package that openssh is related to? :confused:

EDIT2: This looks relevant: https://www.martineve.com/2011/07/22...hy-in-openssh/
and it seems that i cant find nothing with this command:

Code:

[root@localhost ~]# find / -iname *ecdsa*

There is a big chance that ecdsa is amputated from openssl and openssh respectively . :(

Re: Openssh=>5.7 for Sailfish ?

It has some minor issues that I need to correct, but you can try openssl 1.0.1f from my openrepos. I successfully created the ecdsa keys with that

Re: Openssh=>5.7 for Sailfish ?

Quote:

Originally Posted by nieldk (Post 1411868)

It has some minor issues that I need to correct, but you can try openssl 1.0.1f from my openrepos. I successfully created the ecdsa keys with that

:) The only problem now is that i'm unable to add my ecdsa keys too ssh (ssh-add). I don't know how to do that with openssl (i installed it from your openrepos). :)

EDIT: During configuration phase of openssh (on my gentoo system)i can see this line:

Code:

checking whether OpenSSL has complete ECC support... yes

But i don't know how Jolla RPMs are built(with or without ECC support).

Re: Openssh=>5.7 for Sailfish ?

I dont understand :) Did it work for you ?

Code:

[nemo@localhost ~]$ ssh-keygen -t ecdsa -b 521

Generating public/private ecdsa key pair.

Enter file in which to save the key (/home/nemo/.ssh/id_ecdsa): 

Enter passphrase (empty for no passphrase): 

Enter same passphrase again: 

Your identification has been saved in /home/nemo/.ssh/id_ecdsa.

Your public key has been saved in /home/nemo/.ssh/id_ecdsa.pub.

The key fingerprint is:

27:5e:d5:74:ae:fc:1f:87:c9:58:ff:e4:6a:25:12:34 nemo@localhost

The key's randomart image is:

+--[ECDSA  521]---+

|              . .|

|            Eo o |

|           .... .|

|           ... . |

|        S o  .+  |

|       . +  .+.=.|

|        .   ..++=|

|              .o=|

|             ...+|

+-----------------+

Re: Openssh=>5.7 for Sailfish ?

[QUOTE=nieldk;1411913]I dont understand :) Did it work for you ?

No it didn't!
I can't add my existing ecdsa keys to my jolla ssh.

Code:

ssh-add ~/.ssh/id_ecdsa

Enter passphrase for /home/nemo/.ssh/id_ecdsa: 

Bad passphrase, try again for /home/nemo/.ssh/id_ecdsa: 

Bad passphrase, try again for /home/nemo/.ssh/id_ecdsa:

and i'm sure my password is correct!

:)

Re: Openssh=>5.7 for Sailfish ?

just tested with a key generated on my debian box, copied to Jolla

Code:

[nemo@localhost .ssh]$ eval `ssh-agent -s`

Agent pid 31414

[nemo@localhost .ssh]$ ssh-add id_ecdsa

Enter passphrase for id_ecdsa: 

Identity added: id_ecdsa (id_ecdsa)

[nemo@localhost .ssh]$

(the eval `ssh-agent -s` I needed since it was apparently not started)

Re: Openssh=>5.7 for Sailfish ?

Quote:

Originally Posted by nieldk (Post 1411936)

just tested with a key generated on my debian box, copied to Jolla

Code:

[nemo@localhost .ssh]$ eval `ssh-agent -s`

Agent pid 31414

[nemo@localhost .ssh]$ ssh-add id_ecdsa

Enter passphrase for id_ecdsa: 

Identity added: id_ecdsa (id_ecdsa)

[nemo@localhost .ssh]$

(the eval `ssh-agent -s` I needed since it was apparently not started)

Does not work , i don't know why! :(

Code:

eval `ssh-agent -s`

Agent pid 7581

[root@localhost ~]# ssh-add

Enter passphrase for /root/.ssh/id_dsa: 

Identity added: /root/.ssh/id_dsa (/root/.ssh/id_dsa)

[root@localhost ~]# ssh-add ~/.ssh/id_ecdsa 

Enter passphrase for /root/.ssh/id_ecdsa: 

Bad passphrase, try again for /root/.ssh/id_ecdsa: 

Bad passphrase, try again for /root/.ssh/id_ecdsa: 

Bad passphrase, try again for /root/.ssh/id_ecdsa:

:(

EDIT: What are the file permissions of your ecdsa key and ./ssh directory on your jolla?

Re: Openssh=>5.7 for Sailfish ?

just noticed. You are doing this as root.
Did you copy the keys to /root/.ssh
or /home/nemo/.ssh. ?

Re: Openssh=>5.7 for Sailfish ?

Quote:

Originally Posted by nieldk (Post 1411943)

just noticed. You are doing this as root.
Did you copy the keys to /root/.ssh
or /home/nemo/.ssh. ?

Both ;)

10chars

A-ha !
The output from ssh-keygen on my jolla:

Code:

[nemo@localhost ~]$ ssh-keygen -t ecdsa -b 521 -f /home/nemo/.ssh/exp/exp_ecdsa

unknown key type ecdsa

something is not right with ssh installation on my jolla. :(

EDIT2: I manualy copied ssh-add and ssh-keygen (from your rpms) - still no go:

Code:

ssh nemo@192.168.0.77

nemo@192.168.0.77's password: 

Last login: Mon Feb 10 11:37:17 2014 from 192.168.0.1

NOTICE: Env value ignored QT_GSTREAMER_CAMERABIN_FLAGS=15

,---

| SailfishOS 1.0.3.8 (Naamankajärvi) (armv7hl)

'---

Agent pid 12990

Enter passphrase for /home/nemo/.ssh/id_dsa: 

Identity added: /home/nemo/.ssh/id_dsa (/home/nemo/.ssh/id_dsa)

[nemo@localhost ~]$ ssh-add /home/nemo/.ssh/id_ecdsa

Enter passphrase for /home/nemo/.ssh/id_ecdsa: 

Bad passphrase, try again for /home/nemo/.ssh/id_ecdsa: 

Bad passphrase, try again for /home/nemo/.ssh/id_ecdsa: 

Bad passphrase, try again for /home/nemo/.ssh/id_ecdsa: 



[nemo@localhost ~]$ ssh-keygen -v -t ecdsa -b 521 -f /home/nemo/.ssh/exp/ 

unknown key type ecdsa

Re: Openssh=>5.7 for Sailfish ?

I will make a new version that will be compiled against openssl 1.0.1f, later this evening.

Re: Openssh=>5.7 for Sailfish ?

Quote:

Originally Posted by nieldk (Post 1411954)

I will make a new version that will be compiled against openssl 1.0.1f, later this evening.

Thank you! I hope it'll works! ;)

Re: Openssh=>5.7 for Sailfish ?

openssh-6.5p1 r5 uploaded to openrepos.
This, I believe, together with openssl-1.0.1f will help you

Re: Openssh=>5.7 for Sailfish ?

Quote:

Originally Posted by nieldk (Post 1411987)

openssh-6.5p1 r5 uploaded to openrepos.
This, I believe, together with openssl-1.0.1f will help you

Now i see "openssh-6.5p1-1.armv7hl.rpm" is that the updated version (i don't see -r5)?

Re: Openssh=>5.7 for Sailfish ?

Quote:

Originally Posted by kollin (Post 1412007)

Now i see "openssh-6.5p1-1.armv7hl.rpm" is that the updated version (i don't see -r5)?

My bad :)
Now -r5 should be there

Re: Openssh=>5.7 for Sailfish ?

It works now!!!!!

Code:

kollin@felis ~ % ssh nemo@192.168.0.77

nemo@192.168.0.77's password: 

Last login: Mon Feb 10 19:59:37 2014 from 192.168.0.1

NOTICE: Env value ignored QT_GSTREAMER_CAMERABIN_FLAGS=15

,---

| SailfishOS 1.0.3.8 (Naamankajärvi) (armv7hl)

'---

Agent pid 2971

Enter passphrase for /home/nemo/.ssh/id_ecdsa: 

Identity added: /home/nemo/.ssh/id_ecdsa (/home/nemo/.ssh/id_ecdsa)

[nemo@localhost ~]$ ssh kollin@seti.bounceme.net 



 * keychain 2.7.1 ~ http://www.funtoo.org

 * Found existing ssh-agent: 4298

 * Found existing gpg-agent: 4352

 * Known ssh key: /home/kollin/.ssh/id_ecdsa



kollin@felis ~ %

Thank you, thank you, thank you! Kisses, hugz whatever you want ! :D:D:D:D:D:D:D

Re: Openssh=>5.7 for Sailfish ?

Quote:

Originally Posted by kollin (Post 1412018)

It works now!!!!!

Code:

kollin@felis ~ % ssh nemo@192.168.0.77

nemo@192.168.0.77's password: 

Last login: Mon Feb 10 19:59:37 2014 from 192.168.0.1

NOTICE: Env value ignored QT_GSTREAMER_CAMERABIN_FLAGS=15

,---

| SailfishOS 1.0.3.8 (Naamankajärvi) (armv7hl)

'---

Agent pid 2971

Enter passphrase for /home/nemo/.ssh/id_ecdsa: 

Identity added: /home/nemo/.ssh/id_ecdsa (/home/nemo/.ssh/id_ecdsa)

[nemo@localhost ~]$ ssh kollin@seti.bounceme.net 



 * keychain 2.7.1 ~ http://www.funtoo.org

 * Found existing ssh-agent: 4298

 * Found existing gpg-agent: 4352

 * Known ssh key: /home/kollin/.ssh/id_ecdsa



kollin@felis ~ %

Thank you, thank you, thank you! Kisses, hugz whatever you want ! :D:D:D:D:D:D:D

hehe, coffee next time Iam near ;)

Re: Openssh=>5.7 for Sailfish ?

Quote:

Originally Posted by nieldk (Post 1411751)

yeah, The thing is, its not a bug. Why there are like 99% of packages that needs update like that ... No idea why packages that are decades outdated.
Talk about security .....

No, while they have a set of old packages because of GPLv3 avoidance, openssh shouldn't be affected, since it's licensed under BSD (it originates in OpenBSD naturally). So it seems more like a neglect of Mer to me. Please file a bug if you can, if not, let me know and I'll file it. There is no point to complain if no one will file any bugs about it. Such stuff should be fixed in Mer really.

Re: Openssh=>5.7 for Sailfish ?

Quote:

Originally Posted by shmerl (Post 1412063)

Filed as a bug
https://bugs.merproject.org/show_bug.cgi?id=839

Re: [solved by NIELDK] Openssh=>5.7 for Sailfish ?

Thanks! Since you added it to openrepos, may be you can update it in Mer as well using the same spec? Or at least propose to update it to the Mer folks.

Re: [solved by NIELDK] Openssh=>5.7 for Sailfish ?

Quote:

Originally Posted by shmerl (Post 1412276)

Thanks! Since you added it to openrepos, may be you can update it in Mer as well using the same spec? Or at least propose to update it to the Mer folks.

Yes, of course. I have no problem with that.
Going away for a couple of days, but can start during weekend :)

Re: [solved by NIELDK] Openssh=>5.7 for Sailfish ?

Well well, for some reason my login is rejected at https://bugs.merproject.org and even after password reset it refuses to accept my credentials. ???
Anyways. I am posting the spec file here, perhaps some of you have better luck with using OBS :(

Code:

%define WITH_SELINUX 0



# OpenSSH privilege separation requires a user & group ID

%define sshd_uid    74

%define sshd_gid    74



# Do we want to disable building of gnome-askpass? (1=yes 0=no)

%define no_gnome_askpass 1



# Do we want to link against a static libcrypto? (1=yes 0=no)

%define static_libcrypto 0



# Use GTK2 instead of GNOME in gnome-ssh-askpass

%define gtk2 0



# Build position-independent executables (requires toolchain support)?

%define pie 1



# Do we want kerberos5 support (1=yes 0=no)

%define kerberos5 0



# Do we want libedit support

%define libedit 0



# Do we want LDAP support

%define ldap 0



# Whether to build pam_ssh_agent_auth

%define pam_ssh_agent 0



# Reserve options to override askpass settings with:

# rpm -ba|--rebuild --define 'skip_xxx 1'

%{?skip_gnome_askpass:%global no_gnome_askpass 1}



# Add option to build without GTK2 for older platforms with only GTK+.

# Red Hat Linux <= 7.2 and Red Hat Advanced Server 2.1 are examples.

# rpm -ba|--rebuild --define 'no_gtk2 1'

%{?no_gtk2:%global gtk2 0}



# Options for static OpenSSL link:

# rpm -ba|--rebuild --define "static_openssl 1"

%{?static_openssl:%global static_libcrypto 1}



# Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)

%define rescue 0

%{?build_rescue:%global rescue 1}

%{?build_rescue:%global rescue_rel rescue}



# Turn off some stuff for resuce builds

%if %{rescue}

%define kerberos5 0

%define libedit 0

%define pam_ssh_agent 0

%endif



# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1

%define openssh_ver 6.5p1

%define openssh_rel 5

%define pam_ssh_agent_ver 0.9.3

%define pam_ssh_agent_rel 1



Summary: An open source implementation of SSH protocol versions 1 and 2

Name: openssh

Version: %{openssh_ver}

Release: %{openssh_rel}%{?dist}%{?rescue_rel}

URL: http://www.openssh.com/portable.html

#URL1: http://pamsshagentauth.sourceforge.net

Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz



License: BSD

Group: Applications/Internet

BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

Requires: /sbin/nologin





%package clients

Summary: An open source SSH client applications

Group: Applications/Internet

Requires: openssh = %{version}-%{release}



%package server

Summary: An open source SSH server daemon

Group: System Environment/Daemons

Requires: openssh = %{version}-%{release}

Requires(pre): /usr/sbin/useradd

Requires: pam >= 1.0.1-3



%if %{ldap}

%package ldap

Summary: A LDAP support for open source SSH server daemon

Requires: openssh = %{version}-%{release}

Group: System Environment/Daemons

%endif



%package askpass

Summary: A passphrase dialog for OpenSSH and X

Group: Applications/Internet

Requires: openssh = %{version}-%{release}

Obsoletes: openssh-askpass-gnome

Provides: openssh-askpass-gnome



%package -n pam_ssh_agent_auth

Summary: PAM module for authentication with ssh-agent

Group: System Environment/Base

Version: %{pam_ssh_agent_ver}

Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}%{?rescue_rel}

License: BSD



%description

SSH (Secure SHell) is a program for logging into and executing

commands on a remote machine. SSH is intended to replace rlogin and

rsh, and to provide secure encrypted communications between two

untrusted hosts over an insecure network. X11 connections and

arbitrary TCP/IP ports can also be forwarded over the secure channel.



OpenSSH is OpenBSD's version of the last free version of SSH, bringing

it up to date in terms of security and features.



This package includes the core files necessary for both the OpenSSH

client and server. To make this package useful, you should also

install openssh-clients, openssh-server, or both.



%description clients

OpenSSH is a free version of SSH (Secure SHell), a program for logging

into and executing commands on a remote machine. This package includes

the clients necessary to make encrypted connections to SSH servers.



%description server

OpenSSH is a free version of SSH (Secure SHell), a program for logging

into and executing commands on a remote machine. This package contains

the secure shell daemon (sshd). The sshd daemon allows SSH clients to

securely connect to your SSH server.



%if %{ldap}

%description ldap

OpenSSH LDAP backend is a way how to distribute the authorized tokens

among the servers in the network.

%endif



%description askpass

OpenSSH is a free version of SSH (Secure SHell), a program for logging

into and executing commands on a remote machine. This package contains

an X11 passphrase dialog for OpenSSH.



%description -n pam_ssh_agent_auth

This package contains a PAM module which can be used to authenticate

users using ssh keys stored in a ssh-agent. Through the use of the

forwarding of ssh-agent connection it also allows to authenticate with

remote ssh-agent instance.



The module is most useful for su and sudo service stacks.



%prep

%setup -q 

#Do not enable by default



autoreconf



%build

%if %{rescue}

CFLAGS="$CFLAGS -Os"

%endif

%if %{pie}

%ifarch s390 s390x sparc sparcv9 sparc64

CFLAGS="$CFLAGS -fPIC"

%else

CFLAGS="$CFLAGS -fpic"

%endif

SAVE_LDFLAGS="$LDFLAGS"

LDFLAGS="$LDFLAGS -pie -z relro -z now"



export CFLAGS

export LDFLAGS



%endif

%if %{kerberos5}

if test -r /etc/profile.d/krb5-devel.sh ; then

        source /etc/profile.d/krb5-devel.sh

fi

krb5_prefix=`krb5-config --prefix`

if test "$krb5_prefix" != "%{_prefix}" ; then

        CPPFLAGS="$CPPFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"; export CPPFLAGS

        CFLAGS="$CFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"

        LDFLAGS="$LDFLAGS -L${krb5_prefix}/%{_lib}"; export LDFLAGS

else

        krb5_prefix=

        CPPFLAGS="-I%{_includedir}/gssapi"; export CPPFLAGS

        CFLAGS="$CFLAGS -I%{_includedir}/gssapi"

fi

%endif



%configure \

        --sysconfdir=%{_sysconfdir}/ssh \

        --libexecdir=%{_libexecdir}/openssh \

        --datadir=%{_datadir}/openssh \

        --with-defalt-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/bin:/sbin \

        --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/bin:/sbin \

        --with-privsep-path=%{_var}/empty/sshd \

        --enable-vendor-patchlevel="FC-%{version}-%{release}" \

        --disable-strip \

        --without-zlib-version-check \

        --with-ssl-engine \

        --with-ipaddr-display \

%if %{ldap}

        --with-ldap \

%endif

%if %{rescue}

        --without-pam \

%else

        --with-pam \

%endif

%if %{WITH_SELINUX}

        --with-selinux --with-audit=linux \

%if 0

#seccomp_filter cannot be build right now

        --with-sandbox=seccomp_filter \

%else

        --with-sandbox=rlimit \

%endif

%endif

%if %{kerberos5}

        --with-kerberos5${krb5_prefix:+=${krb5_prefix}} \

%else

        --without-kerberos5 \

%endif

%if %{libedit}

        --with-libedit

%else

        --without-libedit

%endif



%if %{static_libcrypto}

perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile

%endif



make



# Define a variable to toggle gnome1/gtk2 building.  This is necessary

# because RPM doesn't handle nested %if statements.

%if %{gtk2}

        gtk2=yes

%else

        gtk2=no

%endif



%if ! %{no_gnome_askpass}

pushd contrib

if [ $gtk2 = yes ] ; then

        make gnome-ssh-askpass2

        mv gnome-ssh-askpass2 gnome-ssh-askpass

else

        make gnome-ssh-askpass1

        mv gnome-ssh-askpass1 gnome-ssh-askpass

fi

%endif



%if %{pam_ssh_agent}

pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}

LDFLAGS="$SAVE_LDFLAGS"

%configure --with-selinux --libexecdir=/%{_libdir}/security --with-mantype=man

make

%endif



%check

#to run tests use "--with check"

%if %{?_with_check:1}%{!?_with_check:0}

make tests

%endif



%install

rm -rf $RPM_BUILD_ROOT

mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh

mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh

mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd

make install DESTDIR=$RPM_BUILD_ROOT

rm -f $RPM_BUILD_ROOT%{_sysconfdir}/ssh/ldap.conf



install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh

install -d -m755 $RPM_BUILD_ROOT/%{_unitdir}

install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}/

install contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1/



%if ! %{no_gnome_askpass}

install contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass

%endif



%if ! %{no_gnome_askpass}

ln -s gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass

install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/

install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/

install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/

%endif



%if %{no_gnome_askpass}

rm -f $RPM_BUILD_ROOT/etc/profile.d/gnome-ssh-askpass.*

%endif



perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*



%if %{pam_ssh_agent}

pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}

make install DESTDIR=$RPM_BUILD_ROOT

%endif

%clean

rm -rf $RPM_BUILD_ROOT



%pre

getent group ssh_keys >/dev/null || groupadd -r ssh_keys || :



%pre server

getent group sshd >/dev/null || groupadd -g %{sshd_uid} -r sshd || :

getent passwd sshd >/dev/null || \

  useradd -c "Privilege-separated SSH" -u %{sshd_uid} -g sshd \

  -s /sbin/nologin -r -d /var/empty/sshd sshd 2> /dev/null || :



%triggerun -n openssh-server -- openssh-server < 5.8p2-12

/bin/systemctl enable sshd.service >/dev/null 2>&1

/sbin/chkconfig --del sshd >/dev/null 2>&1 || :

/bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :



%triggerun -n openssh-server -- openssh-server < 5.9p1-22



/sbin/chkconfig --add sshd >/dev/null 2>&1 || :



%files

%defattr(-,root,root)

%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW PROTOCOL* README README.platform README.privsep README.tun README.dns TODO

%attr(0755,root,root) %dir %{_sysconfdir}/ssh

%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli

%if ! %{rescue}

%attr(0755,root,root) %{_bindir}/ssh-keygen

%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*

%attr(0755,root,root) %dir %{_libexecdir}/openssh

%attr(2111,root,ssh_keys) %{_libexecdir}/openssh/ssh-keysign

%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*

%endif



%files clients

%defattr(-,root,root)

%attr(0755,root,root) %{_bindir}/ssh

%attr(0644,root,root) %{_mandir}/man1/ssh.1*

%attr(0755,root,root) %{_bindir}/scp

%attr(0644,root,root) %{_mandir}/man1/scp.1*

%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config

%attr(0755,root,root) %{_bindir}/slogin

%attr(0644,root,root) %{_mandir}/man1/slogin.1*

%attr(0644,root,root) %{_mandir}/man5/ssh_config.5*

%if ! %{rescue}

%attr(2111,root,nobody) %{_bindir}/ssh-agent

%attr(0755,root,root) %{_bindir}/ssh-add

%attr(0755,root,root) %{_bindir}/ssh-keyscan

%attr(0755,root,root) %{_bindir}/sftp

%attr(0755,root,root) %{_bindir}/ssh-copy-id

%attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper

%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*

%attr(0644,root,root) %{_mandir}/man1/ssh-add.1*

%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*

%attr(0644,root,root) %{_mandir}/man1/sftp.1*

%attr(0644,root,root) %{_mandir}/man1/ssh-copy-id.1*

%attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*

%endif



%if ! %{rescue}

%files server

%defattr(-,root,root)

%dir %attr(0711,root,root) %{_var}/empty/sshd

%attr(0755,root,root) %{_sbindir}/sshd

%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server

%attr(0644,root,root) %{_mandir}/man5/sshd_config.5*

%attr(0644,root,root) %{_mandir}/man5/moduli.5*

%attr(0644,root,root) %{_mandir}/man8/sshd.8*

%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*

%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config

%endif



%if %{ldap}

%files ldap

%defattr(-,root,root)

%doc HOWTO.ldap-keys openssh-lpk-openldap.schema openssh-lpk-sun.schema ldap.conf

%attr(0755,root,root) %{_libexecdir}/openssh/ssh-ldap-helper

%attr(0755,root,root) %{_libexecdir}/openssh/ssh-ldap-wrapper

%attr(0644,root,root) %{_mandir}/man8/ssh-ldap-helper.8*

%attr(0644,root,root) %{_mandir}/man5/ssh-ldap.conf.5*

%endif





%if ! %{no_gnome_askpass}

%files askpass

%defattr(-,root,root)

%attr(0644,root,root) %{_sysconfdir}/profile.d/gnome-ssh-askpass.*

%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass

%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass

%endif



%if %{pam_ssh_agent}

%files -n pam_ssh_agent_auth

%defattr(-,root,root)

%doc pam_ssh_agent_auth-%{pam_ssh_agent_ver}/OPENSSH_LICENSE

%attr(0755,root,root) %{_libdir}/security/pam_ssh_agent_auth.so

%attr(0644,root,root) %{_mandir}/man8/pam_ssh_agent_auth.8*

%endif



%changelog

* Sun Feb 9 2014 Niel Nielsen <nieldk@gmail.com>

- Changed default path to include /bin:/sbin

* Sat Feb 8 2014 Niel Nielsen <nieldk@gmail.com>

- Initial build