summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authormrg <mrg@pkgsrc.org>1998-02-12 14:27:00 +0000
committermrg <mrg@pkgsrc.org>1998-02-12 14:27:00 +0000
commit27305e22c1f32e86a146f131ca4b10cb096d8ca8 (patch)
tree9558c3783e4e30d9b511be2b7bd91c3a9a90bd3d /security
parent16e0bc77e56dfceeaa42832d95d2265a2720a938 (diff)
downloadpkgsrc-27305e22c1f32e86a146f131ca4b10cb096d8ca8.tar.gz
add features/fixes from <jbernard@tater.mines.edu> in pr#4928
Diffstat (limited to 'security')
-rw-r--r--security/ssh/Makefile99
-rw-r--r--security/ssh/patches/patch-ab51
-rw-r--r--security/ssh/patches/patch-ac380
-rw-r--r--security/ssh/patches/patch-ae4
-rw-r--r--security/ssh/patches/patch-aj43
-rw-r--r--security/ssh/patches/patch-ao28
-rw-r--r--security/ssh/pkg/DEINSTALL.pre15
-rw-r--r--security/ssh/pkg/DESCR16
-rw-r--r--security/ssh/pkg/MESSAGE.pre19
-rw-r--r--security/ssh/pkg/PLIST25
-rw-r--r--security/ssh/pkg/PLIST.pre28
11 files changed, 523 insertions, 185 deletions
diff --git a/security/ssh/Makefile b/security/ssh/Makefile
index 905a6a9f444..9cbe11c3917 100644
--- a/security/ssh/Makefile
+++ b/security/ssh/Makefile
@@ -3,7 +3,7 @@
# Date created: 19971214
# Whom: hubertf@netbsd.org
#
-# $NetBSD: Makefile,v 1.10 1998/02/10 15:54:37 tv Exp $
+# $NetBSD: Makefile,v 1.11 1998/02/12 14:27:00 mrg Exp $
# FreeBSD Id: Makefile,v 1.47 1997/11/10 22:04:42 dima Exp
#
# Maximal ssh package requires a YES value for USE_PERL
@@ -17,11 +17,29 @@ MASTER_SITES= ftp://ftp.cs.hut.fi/pub/ssh/ \
MAINTAINER= mrg@eterna.com.au
-# You can set USA_RESIDENT appropriately in /etc/mk.conf if this bugs you..
-.if !defined(USA_RESIDENT)
-USA_RESIDENT= NO
+RESTRICTED= "Crypto; export-controlled"
+MIRROR_DISTFILE= no
+IS_INTERACTIVE= YES
+
+CFLAGS= -O2
+GNU_CONFIGURE= YES
+
+# Include local make config file here. It is essential to have this
+# precede any override targets (those that override defaults in
+# <bsd.port.mk> that test variables that may be set here. Note that
+# this inclusion is otherwise redundant, since <bsd.port.mk> includes
+# <bsd.own.mk>, which includes it.
+
+OPSYS!= uname -s
+.if (${OPSYS} == "FreeBSD")
+.include "/etc/make.conf"
+.else
+.include "/etc/mk.conf"
.endif
+# You can set USA_RESIDENT appropriately in /etc/mk.conf if this bugs you..
+USA_RESIDENT?= NO
+
.if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES
DISTFILES= ${DISTNAME}.tar.gz rsaref2.tar.gz
MASTER_SITES= \
@@ -33,13 +51,11 @@ MASTER_SITES= \
ftp://isdec.vc.cvut.cz/pub/security/unimi/crypt/applied-crypto/
.endif
-RESTRICTED= "Crypto; export-controlled"
-MIRROR_DISTFILE= no
-IS_INTERACTIVE= YES
-
-GNU_CONFIGURE= YES
+# Use SSH_CONF_DIR from /etc/mk.conf, if defined; otherwise default to /etc
+SSH_CONF_DIR?=/etc
-CONFIGURE_ARGS+= --prefix=${PREFIX} --with-etcdir=/etc --disable-suid-ssh
+CONFIGURE_ARGS+= --prefix=${PREFIX} --with-etcdir=${SSH_CONF_DIR} \
+ --disable-suid-ssh
#Uncomment if all your users are in their own group and their homedir
#is writeable by that group. Beware the security implications!
@@ -67,6 +83,16 @@ CONFIGURE_ARGS+= --with-secureid
CONFIGURE_ARGS+= --without-idea
.endif
+# Support for libwrap.
+.if defined(USE_LIBWRAP) && ${USE_LIBWRAP} == YES
+CONFIGURE_ARGS+= --with-libwrap
+.endif
+
+# Include SOCKS firewall support
+.if defined(USE_SOCKS) && ${USE_SOCKS} == YES
+CONFIGURE_ARGS+= --with-socks="-L${PREFIX}/lib -lsocks5"
+.endif
+
MAN1= scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 \
make-ssh-known-hosts.1
MAN8= sshd.8
@@ -90,34 +116,59 @@ fetch-depends:
post-extract:
.if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES
- @mv ${WRKDIR}/rsaref2 ${WRKSRC}/rsaref2
+ @${MV} ${WRKDIR}/rsaref2 ${WRKSRC}/rsaref2
.endif
+pre-install:
+ @${CAT} pkg/PLIST.pre | ${SED} \
+ -e 's;\<\$$SSH_CONF_DIR\>;'${SSH_CONF_DIR}';g' \
+ >pkg/PLIST
+ @${CAT} pkg/MESSAGE.pre | ${SED} \
+ -e 's;\<\$$SSH_CONF_DIR\>;'${SSH_CONF_DIR}';g' \
+ -e 's;\<\$$PREFIX\>;'${PREFIX}';g' \
+ >pkg/MESSAGE
+ @${CAT} pkg/DEINSTALL.pre | ${SED} \
+ -e 's;\<\$$SSH_CONF_DIR\>;'${SSH_CONF_DIR}';g' \
+ >pkg/DEINSTALL
+
post-install:
- @ln -sf /etc/ssh_host_key ${PREFIX}/etc
- @ln -sf /etc/ssh_host_key.pub ${PREFIX}/etc
- @if [ ! -f ${PREFIX}/etc/ssh_host_key ]; then \
+ @${MKDIR} ${PREFIX}/share/examples/ssh
+ @${MKDIR} ${WRKDIR}${SSH_CONF_DIR}
+ (cd ${WRKSRC}; ${SETENV} ${MAKE_ENV} ${MAKE_PROGRAM} ${MAKE_FLAGS} \
+ ${MAKEFILE} install_prefix=${WRKDIR} install-configs)
+ ${INSTALL_DATA} ${WRKDIR}${SSH_CONF_DIR}/ssh_config \
+ ${WRKDIR}${SSH_CONF_DIR}/sshd_config ${PREFIX}/share/examples/ssh
+ @if [ ! -f ${SSH_CONF_DIR}/ssh_host_key ]; then \
${ECHO} "Generating a secret host key..."; \
- ${PREFIX}/bin/ssh-keygen -f ${PREFIX}/etc/ssh_host_key -N ""; \
+ ${PREFIX}/bin/ssh-keygen \
+ -f ${SSH_CONF_DIR}/ssh_host_key -N ""; \
fi
.if defined(MANZ)
${RM} -f ${PREFIX}/man/man1/slogin.1.gz
- ln -sf ssh.1.gz ${PREFIX}/man/man1/slogin.1.gz
+ ${LN} -sf ssh.1.gz ${PREFIX}/man/man1/slogin.1.gz
.else
${RM} -f ${PREFIX}/man/man1/slogin.1
- ln -sf ssh.1 ${PREFIX}/man/man1/slogin.1
+ ${LN} -sf ssh.1 ${PREFIX}/man/man1/slogin.1
.endif
# @if [ ! -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \
# ${ECHO} "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \
# ${ECHO} "#!/bin/sh" > ${PREFIX}/etc/rc.d/sshd.sh; \
-# ${ECHO} "[ -f ${PREFIX}/etc/ssh_host_key ] || ${PREFIX}/bin/ssh-keygen -f ${PREFIX}/etc/ssh_host_key -N ''" >> ${PREFIX}/etc/rc.d/sshd.sh; \
+# ${ECHO} "[ -f ${SSH_CONF_DIR}/ssh_host_key ] || ${PREFIX}/bin/ssh-keygen -f ${SSH_CONF_DIR}/ssh_host_key -N ''" >> ${PREFIX}/etc/rc.d/sshd.sh; \
# ${ECHO} "[ -x ${PREFIX}/sbin/sshd ] && ${PREFIX}/sbin/sshd && ${ECHO} -n ' sshd'" >> ${PREFIX}/etc/rc.d/sshd.sh; \
# chmod 755 ${PREFIX}/etc/rc.d/sshd.sh; \
# fi
+ @${CAT} pkg/MESSAGE
+
+pre-clean:
+ @${RM} -f pkg/PLIST pkg/MESSAGE pkg/DEINSTALL
+
+# Include <bsd.port.mk> here. It is essential to have all the override
+# targets precede inclusion of this.
.include <bsd.port.mk>
-# Following stuff must be after <bsd.port.mk> to expand exists() properly
+# Following stuff must be after <bsd.port.mk> to expand
+# exists(${PREFIX}) properly
.if defined(USE_PERL) && ${USE_PERL} == YES || \
exists(${PREFIX}/bin/perl5.00404) && \
@@ -127,13 +178,3 @@ CONFIGURE_ENV+= PERL=${PREFIX}/bin/perl5.00404
.else
CONFIGURE_ENV+= PERL=/replace_it_with_PERL_path
.endif
-
-# Support for libwrap.
-.if defined(USE_LIBWRAP) && ${USE_LIBWRAP} == YES
-CONFIGURE_ARGS+= --with-libwrap
-.endif
-
-# Include SOCKS firewall support
-.if defined(USE_SOCKS) && ${USE_SOCKS} == YES
-CONFIGURE_ARGS+= --with-socks="-L${PREFIX}/lib -lsocks5"
-.endif
diff --git a/security/ssh/patches/patch-ab b/security/ssh/patches/patch-ab
index 5214a5f44af..3bfd4125c9d 100644
--- a/security/ssh/patches/patch-ab
+++ b/security/ssh/patches/patch-ab
@@ -1,8 +1,8 @@
Index: configure
-*** configure.orig Fri Aug 22 10:28:43 1997
---- configure Thu Dec 18 12:52:15 1997
+*** configure.orig Tue Jan 20 05:24:14 1998
+--- configure Sat Jan 24 19:04:05 1998
***************
-*** 1757,1768 ****
+*** 1759,1770 ****
export CFLAGS CC
@@ -14,10 +14,43 @@ Index: configure
-
echo $ac_n "checking that the compiler works""... $ac_c" 1>&6
- echo "configure:1769: checking that the compiler works" >&5
---- 1757,1762 ----
+ echo "configure:1771: checking that the compiler works" >&5
+--- 1759,1764 ----
***************
-*** 6931,6937 ****
+*** 6853,6867 ****
+ case "$enableval" in
+ no)
+ echo "$ac_t""no" 1>&6
+! SSHINSTALLMODE=0711
+ ;;
+ *) echo "$ac_t""yes" 1>&6
+! SSHINSTALLMODE=04711
+ ;;
+ esac
+ else
+ echo "$ac_t""yes" 1>&6
+! SSHINSTALLMODE=04711
+
+ fi
+
+--- 6847,6861 ----
+ case "$enableval" in
+ no)
+ echo "$ac_t""no" 1>&6
+! SSHINSTALLMODE=0511
+ ;;
+ *) echo "$ac_t""yes" 1>&6
+! SSHINSTALLMODE=04511
+ ;;
+ esac
+ else
+ echo "$ac_t""yes" 1>&6
+! SSHINSTALLMODE=04511
+
+ fi
+
+***************
+*** 7013,7019 ****
ac_given_srcdir=$srcdir
ac_given_INSTALL="$INSTALL"
@@ -25,7 +58,7 @@ Index: configure
EOF
cat >> $CONFIG_STATUS <<EOF
---- 6925,6931 ----
+--- 7007,7013 ----
ac_given_srcdir=$srcdir
ac_given_INSTALL="$INSTALL"
@@ -34,7 +67,7 @@ Index: configure
cat >> $CONFIG_STATUS <<EOF
***************
-*** 7036,7042 ****
+*** 7118,7124 ****
cat >> $CONFIG_STATUS <<EOF
@@ -42,7 +75,7 @@ Index: configure
EOF
cat >> $CONFIG_STATUS <<\EOF
for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
---- 7030,7036 ----
+--- 7112,7118 ----
cat >> $CONFIG_STATUS <<EOF
diff --git a/security/ssh/patches/patch-ac b/security/ssh/patches/patch-ac
index 46a3ff28881..89fbc02cf49 100644
--- a/security/ssh/patches/patch-ac
+++ b/security/ssh/patches/patch-ac
@@ -1,93 +1,287 @@
-Index: Makefile.inc
---- Makefile.in.orig Fri Aug 22 01:28:42 1997
-+++ Makefile.in Mon Nov 24 15:14:18 1997
-@@ -263,8 +263,10 @@
- GMPDEP = $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a
-
- ZLIBDIR = zlib-1.0.4
--ZLIBDEP = $(ZLIBDIR)/libz.a
--ZLIBLIBS = -L$(ZLIBDIR) -lz
-+ZLIBINCDIR = /usr/include
-+ZLIBLIBDIR = /usr/lib
-+ZLIBDEP = $(ZLIBINCDIR)/libz.a
-+ZLIBLIBS = -L$(ZLIBLIBDIR) -lz
-
- RSAREFDIR = rsaref2
- RSAREFSRCDIR = $(RSAREFDIR)/source
-@@ -368,7 +370,7 @@
- $(CC) -o rfc-pg rfc-pg.o
-
- .c.o:
-- $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $<
-+ $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBINCDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $<
-
- sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
- -rm -f sshd
-@@ -416,14 +418,14 @@
- $(GMPDIR)/libgmp.a:
- cd $(GMPDIR); $(MAKE)
-
--$(ZLIBDEP):
-- -if test '!' -d $(ZLIBDIR); then \
-- mkdir $(ZLIBDIR); \
-- cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \
-- fi
-- cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \
-- CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \
-- -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a
-+#$(ZLIBDEP):
-+# -if test '!' -d $(ZLIBDIR); then \
-+# mkdir $(ZLIBDIR); \
-+# cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \
-+# fi
-+# cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \
-+# CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \
-+# -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a
-
- $(RSAREFSRCDIR)/librsaref.a:
- -if test '!' -d $(RSAREFDIR); then \
-@@ -480,7 +482,7 @@
- # (otherwise it can only log in as the user it runs as, and must be
- # bound to a non-privileged port). Also, password authentication may
- # not be available if non-root and using shadow passwords.
--install: $(PROGRAMS) make-dirs generate-host-key install-configs
-+install: $(PROGRAMS) make-dirs install-configs
- -rm -f $(install_prefix)$(bindir)/ssh.old
- -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old
- -chmod 755 $(install_prefix)$(bindir)/ssh.old
-@@ -591,13 +593,13 @@
- -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg
- cd $(GMPDIR); $(MAKE) clean
- # cd $(RSAREFSRCDIR); rm -f *.o *.a
-- cd $(ZLIBDIR); $(MAKE) clean
-+# cd $(ZLIBDIR); $(MAKE) clean
-
- distclean: clean
- -rm -f Makefile config.status config.cache config.log config.h
- -rm -f ssh.1 sshd.8 make-ssh-known-hosts.1
- cd $(GMPDIR); $(MAKE) distclean
-- cd $(ZLIBDIR); $(MAKE) distclean
-+# cd $(ZLIBDIR); $(MAKE) distclean
-
- dist: dist-free
-
-@@ -632,8 +634,8 @@
- gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - )
- # tar cf - $(RSAREFDIR) | (cd $(DISTNAME); tar xf -)
- # cd $(DISTNAME)/$(RSAREFSRCDIR); rm -f *.o *.a
-- (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -)
-- cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS
-+# (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -)
-+# cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS
-
- dist-free-make-tar:
- tar pcf $(DISTNAME).tar $(DISTNAME)
-@@ -656,7 +658,7 @@
- (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null
-
- depend:
-- $(MAKEDEP) -I$(srcdir) -I. -I$(GMPDIR) -I$(ZLIBDIR) $(DEFS) $(SRCS)
-+ $(MAKEDEP) -I$(srcdir) -I. $(DEFS) $(SRCS)
-
- tags:
- -rm -f TAGS
+Index: Makefile.in
+*** Makefile.in.orig Tue Jan 20 05:24:13 1998
+--- Makefile.in Mon Jan 26 19:49:03 1998
+***************
+*** 266,273 ****
+ GMPDEP = $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a
+
+ ZLIBDIR = zlib-1.0.4
+! ZLIBDEP = $(ZLIBDIR)/libz.a
+! ZLIBLIBS = -L$(ZLIBDIR) -lz
+
+ RSAREFDIR = rsaref2
+ RSAREFSRCDIR = $(RSAREFDIR)/source
+--- 266,275 ----
+ GMPDEP = $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a
+
+ ZLIBDIR = zlib-1.0.4
+! ZLIBINCDIR = /usr/include
+! ZLIBLIBDIR = /usr/lib
+! ZLIBDEP = $(ZLIBINCDIR)/libz.a
+! ZLIBLIBS = -L$(ZLIBLIBDIR) -lz
+
+ RSAREFDIR = rsaref2
+ RSAREFSRCDIR = $(RSAREFDIR)/source
+***************
+*** 371,377 ****
+ $(CC) -o rfc-pg rfc-pg.o
+
+ .c.o:
+! $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $<
+
+ sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
+ -rm -f sshd
+--- 373,379 ----
+ $(CC) -o rfc-pg rfc-pg.o
+
+ .c.o:
+! $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBINCDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $<
+
+ sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
+ -rm -f sshd
+***************
+*** 419,432 ****
+ $(GMPDIR)/libgmp.a:
+ cd $(GMPDIR); $(MAKE)
+
+! $(ZLIBDEP):
+! -if test '!' -d $(ZLIBDIR); then \
+! mkdir $(ZLIBDIR); \
+! cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \
+! fi
+! cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \
+! CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \
+! -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a
+
+ $(RSAREFSRCDIR)/librsaref.a:
+ -if test '!' -d $(RSAREFDIR); then \
+--- 421,434 ----
+ $(GMPDIR)/libgmp.a:
+ cd $(GMPDIR); $(MAKE)
+
+! #$(ZLIBDEP):
+! # -if test '!' -d $(ZLIBDIR); then \
+! # mkdir $(ZLIBDIR); \
+! # cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \
+! # fi
+! # cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \
+! # CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \
+! # -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a
+
+ $(RSAREFSRCDIR)/librsaref.a:
+ -if test '!' -d $(RSAREFDIR); then \
+***************
+*** 483,492 ****
+ # (otherwise it can only log in as the user it runs as, and must be
+ # bound to a non-privileged port). Also, password authentication may
+ # not be available if non-root and using shadow passwords.
+! install: $(PROGRAMS) make-dirs generate-host-key install-configs
+ -rm -f $(install_prefix)$(bindir)/ssh.old
+ -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old
+! -chmod 755 $(install_prefix)$(bindir)/ssh.old
+ $(INSTALL_PROGRAM) -o root -m $(SSH_INSTALL_MODE) ssh $(install_prefix)$(bindir)/ssh
+ -if test "`echo ssh | sed '$(transform)'`" '!=' ssh; then \
+ rm -f $(install_prefix)$(bindir)/`echo ssh | sed '$(transform)'`; \
+--- 485,494 ----
+ # (otherwise it can only log in as the user it runs as, and must be
+ # bound to a non-privileged port). Also, password authentication may
+ # not be available if non-root and using shadow passwords.
+! install: $(PROGRAMS) make-dirs install-configs
+ -rm -f $(install_prefix)$(bindir)/ssh.old
+ -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old
+! -chmod 555 $(install_prefix)$(bindir)/ssh.old
+ $(INSTALL_PROGRAM) -o root -m $(SSH_INSTALL_MODE) ssh $(install_prefix)$(bindir)/ssh
+ -if test "`echo ssh | sed '$(transform)'`" '!=' ssh; then \
+ rm -f $(install_prefix)$(bindir)/`echo ssh | sed '$(transform)'`; \
+***************
+*** 501,507 ****
+ -for p in $(NORMAL_PROGRAMS) $(X_PROGRAMS) $(OTHER_PROGRAMS); do \
+ rm -f $(install_prefix)$(bindir)/$$p.old ; \
+ mv $(install_prefix)$(bindir)/$$p $(install_prefix)$(bindir)/$$p.old; \
+! $(INSTALL_PROGRAM) -m 0755 $$p $(install_prefix)$(bindir)/$$p; \
+ if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \
+ rm -f $(install_prefix)$(bindir)/`echo $$p | sed '$(transform)'`; \
+ $(LN_S) $$p \
+--- 503,509 ----
+ -for p in $(NORMAL_PROGRAMS) $(X_PROGRAMS) $(OTHER_PROGRAMS); do \
+ rm -f $(install_prefix)$(bindir)/$$p.old ; \
+ mv $(install_prefix)$(bindir)/$$p $(install_prefix)$(bindir)/$$p.old; \
+! $(INSTALL_PROGRAM) $$p $(install_prefix)$(bindir)/$$p; \
+ if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \
+ rm -f $(install_prefix)$(bindir)/`echo $$p | sed '$(transform)'`; \
+ $(LN_S) $$p \
+***************
+*** 511,517 ****
+ rm -f $(install_prefix)$(bindir)/$$p.old ; \
+ mv $(install_prefix)$(bindir)/$$p $(install_prefix)$(bindir)/$$p.old; \
+ $(INSTALL_DATA) $$p $(install_prefix)$(bindir)/$$p; \
+! chmod 755 $(install_prefix)$(bindir)/$$p; \
+ if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \
+ rm -f $(install_prefix)$(bindir)/`echo $$p | sed '$(transform)'`; \
+ $(LN_S) $$p \
+--- 513,519 ----
+ rm -f $(install_prefix)$(bindir)/$$p.old ; \
+ mv $(install_prefix)$(bindir)/$$p $(install_prefix)$(bindir)/$$p.old; \
+ $(INSTALL_DATA) $$p $(install_prefix)$(bindir)/$$p; \
+! chmod 555 $(install_prefix)$(bindir)/$$p; \
+ if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \
+ rm -f $(install_prefix)$(bindir)/`echo $$p | sed '$(transform)'`; \
+ $(LN_S) $$p \
+***************
+*** 520,533 ****
+ -for p in $(SBIN_PROGRAMS); do \
+ rm -f $(install_prefix)$(sbindir)/$$p.old ; \
+ mv $(install_prefix)$(sbindir)/$$p $(install_prefix)$(sbindir)/$$p.old; \
+! $(INSTALL_PROGRAM) -m 0755 $$p $(install_prefix)$(sbindir)/$$p; \
+ if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \
+ rm -f $(install_prefix)$(sbindir)/`echo $$p | sed '$(transform)'`;\
+ $(LN_S) $$p \
+ $(install_prefix)$(sbindir)/`echo $$p | sed '$(transform)'`; fi;\
+ done
+ -for p in $(MAN1PAGES); do \
+! $(INSTALL_DATA) -m 0644 $(srcdir)/$$p $(install_prefix)$(man1dir)/$$p ; \
+ if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \
+ rm -f $(install_prefix)$(man1dir)/`echo $$p | sed '$(transform)'`;\
+ $(LN_S) $$p \
+--- 522,535 ----
+ -for p in $(SBIN_PROGRAMS); do \
+ rm -f $(install_prefix)$(sbindir)/$$p.old ; \
+ mv $(install_prefix)$(sbindir)/$$p $(install_prefix)$(sbindir)/$$p.old; \
+! $(INSTALL_PROGRAM) $$p $(install_prefix)$(sbindir)/$$p; \
+ if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \
+ rm -f $(install_prefix)$(sbindir)/`echo $$p | sed '$(transform)'`;\
+ $(LN_S) $$p \
+ $(install_prefix)$(sbindir)/`echo $$p | sed '$(transform)'`; fi;\
+ done
+ -for p in $(MAN1PAGES); do \
+! $(INSTALL_DATA) $(srcdir)/$$p $(install_prefix)$(man1dir)/$$p ; \
+ if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \
+ rm -f $(install_prefix)$(man1dir)/`echo $$p | sed '$(transform)'`;\
+ $(LN_S) $$p \
+***************
+*** 542,548 ****
+ $(install_prefix)$(man1dir)/`echo slogin.1 | sed '$(transform)'`; \
+ fi
+ -for p in $(MAN1GENERATED); do \
+! $(INSTALL_DATA) -m 0644 $$p $(install_prefix)$(man1dir)/$$p ; \
+ if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \
+ rm -f $(install_prefix)$(man1dir)/`echo $$p | sed '$(transform)'`;\
+ $(LN_S) $$p \
+--- 544,550 ----
+ $(install_prefix)$(man1dir)/`echo slogin.1 | sed '$(transform)'`; \
+ fi
+ -for p in $(MAN1GENERATED); do \
+! $(INSTALL_DATA) $$p $(install_prefix)$(man1dir)/$$p ; \
+ if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \
+ rm -f $(install_prefix)$(man1dir)/`echo $$p | sed '$(transform)'`;\
+ $(LN_S) $$p \
+***************
+*** 550,556 ****
+ fi; \
+ done
+ -for p in $(MAN8GENERATED); do \
+! $(INSTALL_DATA) -m 0644 $$p $(install_prefix)$(man8dir)/$$p; \
+ if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \
+ rm -f $(install_prefix)$(man8dir)/`echo $$p | sed '$(transform)'`;\
+ $(LN_S) $$p \
+--- 552,558 ----
+ fi; \
+ done
+ -for p in $(MAN8GENERATED); do \
+! $(INSTALL_DATA) $$p $(install_prefix)$(man8dir)/$$p; \
+ if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \
+ rm -f $(install_prefix)$(man8dir)/`echo $$p | sed '$(transform)'`;\
+ $(LN_S) $$p \
+***************
+*** 559,570 ****
+
+ install-configs:
+ -if test '!' -f $(install_prefix)$(HOST_CONFIG_FILE); then \
+! $(INSTALL_DATA) -m 0644 $(srcdir)/host_config.sample \
+ $(install_prefix)$(HOST_CONFIG_FILE); fi
+ -if test '!' -f $(install_prefix)$(SERVER_CONFIG_FILE); then \
+ cat $(srcdir)/server_config.sample | \
+ sed "s#_ETCDIR_#$(etcdir)#g" >/tmp/ssh_inst.$$$$; \
+! $(INSTALL_DATA) -m 0644 /tmp/ssh_inst.$$$$ \
+ $(install_prefix)$(SERVER_CONFIG_FILE); \
+ rm -f /tmp/ssh_inst.$$$$; fi
+
+--- 561,573 ----
+
+ install-configs:
+ -if test '!' -f $(install_prefix)$(HOST_CONFIG_FILE); then \
+! /usr/bin/install -c -o root -g wheel -m 0644 \
+! $(srcdir)/host_config.sample \
+ $(install_prefix)$(HOST_CONFIG_FILE); fi
+ -if test '!' -f $(install_prefix)$(SERVER_CONFIG_FILE); then \
+ cat $(srcdir)/server_config.sample | \
+ sed "s#_ETCDIR_#$(etcdir)#g" >/tmp/ssh_inst.$$$$; \
+! /usr/bin/install -c -o root -g wheel -m 0644 /tmp/ssh_inst.$$$$ \
+ $(install_prefix)$(SERVER_CONFIG_FILE); \
+ rm -f /tmp/ssh_inst.$$$$; fi
+
+***************
+*** 594,606 ****
+ -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg
+ cd $(GMPDIR); $(MAKE) clean
+ # cd $(RSAREFSRCDIR); rm -f *.o *.a
+! cd $(ZLIBDIR); $(MAKE) clean
+
+ distclean: clean
+ -rm -f Makefile config.status config.cache config.log config.h
+ -rm -f ssh.1 sshd.8 make-ssh-known-hosts.1
+ cd $(GMPDIR); $(MAKE) distclean
+! cd $(ZLIBDIR); $(MAKE) distclean
+
+ dist: dist-free
+
+--- 597,609 ----
+ -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg
+ cd $(GMPDIR); $(MAKE) clean
+ # cd $(RSAREFSRCDIR); rm -f *.o *.a
+! # cd $(ZLIBDIR); $(MAKE) clean
+
+ distclean: clean
+ -rm -f Makefile config.status config.cache config.log config.h
+ -rm -f ssh.1 sshd.8 make-ssh-known-hosts.1
+ cd $(GMPDIR); $(MAKE) distclean
+! # cd $(ZLIBDIR); $(MAKE) distclean
+
+ dist: dist-free
+
+***************
+*** 633,640 ****
+ gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - )
+ # tar cf - $(RSAREFDIR) | (cd $(DISTNAME); tar xf -)
+ # cd $(DISTNAME)/$(RSAREFSRCDIR); rm -f *.o *.a
+! (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -)
+! cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS
+
+ #ifdef F_SECURE_COMMERCIAL
+ #
+--- 636,643 ----
+ gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - )
+ # tar cf - $(RSAREFDIR) | (cd $(DISTNAME); tar xf -)
+ # cd $(DISTNAME)/$(RSAREFSRCDIR); rm -f *.o *.a
+! # (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -)
+! # cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS
+
+ #ifdef F_SECURE_COMMERCIAL
+ #
+***************
+*** 662,668 ****
+ (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null
+
+ depend:
+! $(MAKEDEP) -I$(srcdir) -I. -I$(GMPDIR) -I$(ZLIBDIR) $(DEFS) $(SRCS)
+
+ tags:
+ -rm -f TAGS
+--- 665,671 ----
+ (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null
+
+ depend:
+! $(MAKEDEP) -I$(srcdir) -I. $(DEFS) $(SRCS)
+
+ tags:
+ -rm -f TAGS
diff --git a/security/ssh/patches/patch-ae b/security/ssh/patches/patch-ae
index 6f8a5e79039..430bbc232b5 100644
--- a/security/ssh/patches/patch-ae
+++ b/security/ssh/patches/patch-ae
@@ -1,6 +1,6 @@
Index: server_config.sample
-*** server_config.sample.orig Thu Mar 27 09:04:06 1997
---- server_config.sample Fri Mar 28 15:45:53 1997
+*** server_config.sample.orig Tue Jan 20 05:20:14 1998
+--- server_config.sample Tue Jan 20 20:40:35 1998
***************
*** 16,22 ****
FascistLogging no
diff --git a/security/ssh/patches/patch-aj b/security/ssh/patches/patch-aj
index 02da3ad1639..6b2f50fbe73 100644
--- a/security/ssh/patches/patch-aj
+++ b/security/ssh/patches/patch-aj
@@ -1,8 +1,8 @@
Index: configure.in
-*** configure.in.orig Fri Aug 22 10:28:43 1997
---- configure.in Thu Dec 18 12:52:28 1997
+*** configure.in.orig Tue Jan 20 05:24:14 1998
+--- configure.in Sat Jan 24 19:05:51 1998
***************
-*** 623,631 ****
+*** 635,643 ****
export CFLAGS CC
@@ -12,7 +12,7 @@ Index: configure.in
AC_MSG_CHECKING([that the compiler works])
AC_TRY_RUN([ main(int ac, char **av) { return 0; } ],
---- 623,631 ----
+--- 635,643 ----
export CFLAGS CC
@@ -23,12 +23,43 @@ Index: configure.in
AC_MSG_CHECKING([that the compiler works])
AC_TRY_RUN([ main(int ac, char **av) { return 0; } ],
***************
-*** 1525,1528 ****
+*** 1506,1519 ****
+ [ case "$enableval" in
+ no)
+ AC_MSG_RESULT(no)
+! SSHINSTALLMODE=0711
+ ;;
+ *) AC_MSG_RESULT(yes)
+! SSHINSTALLMODE=04711
+ ;;
+ esac ],
+ AC_MSG_RESULT(yes)
+! SSHINSTALLMODE=04711
+ )
+
+ # We include this here only to make it visible in --help; this is only used
+--- 1506,1519 ----
+ [ case "$enableval" in
+ no)
+ AC_MSG_RESULT(no)
+! SSHINSTALLMODE=0511
+ ;;
+ *) AC_MSG_RESULT(yes)
+! SSHINSTALLMODE=04511
+ ;;
+ esac ],
+ AC_MSG_RESULT(yes)
+! SSHINSTALLMODE=04511
+ )
+
+ # We include this here only to make it visible in --help; this is only used
+***************
+*** 1539,1542 ****
AC_SUBST(CONFOBJS)
AC_SUBST(SSHINSTALLMODE)
! AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile)
---- 1525,1528 ----
+--- 1539,1542 ----
AC_SUBST(CONFOBJS)
AC_SUBST(SSHINSTALLMODE)
diff --git a/security/ssh/patches/patch-ao b/security/ssh/patches/patch-ao
index 314d60a8c4b..a4a67e43f21 100644
--- a/security/ssh/patches/patch-ao
+++ b/security/ssh/patches/patch-ao
@@ -1,14 +1,16 @@
Index: newchannels.c
---- newchannels.c.orig Tue Apr 22 17:40:11 1997
-+++ newchannels.c Sat Jul 19 11:42:06 1997
-@@ -2139,6 +2139,10 @@
- ssh-agent connections on your system */
- old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
-
-+ /* Make sure the socket doesn't already exist, left over from a system
-+ crash perhaps. */
-+ unlink(channel_forwarded_auth_socket_name);
-+
- if (bind(sock, (struct sockaddr *)&sunaddr, AF_UNIX_SIZE(sunaddr)) < 0)
- packet_disconnect("Agent socket bind failed: %.100s", strerror(errno));
-
+*** newchannels.c.orig Tue Jan 20 05:24:06 1998
+--- newchannels.c Tue Jan 20 20:42:58 1998
+***************
+*** 2324,2329 ****
+--- 2324,2333 ----
+ ssh-agent connections on your system */
+ old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
+
++ /* Make sure the socket doesn't already exist, left over from a system
++ crash perhaps. */
++ unlink(channel_forwarded_auth_socket_name);
++
+ if (bind(sock, (struct sockaddr *)&sunaddr, AF_UNIX_SIZE(sunaddr)) < 0)
+ packet_disconnect("Agent socket bind failed: %.100s", strerror(errno));
+
diff --git a/security/ssh/pkg/DEINSTALL.pre b/security/ssh/pkg/DEINSTALL.pre
new file mode 100644
index 00000000000..c1e18ea0d4f
--- /dev/null
+++ b/security/ssh/pkg/DEINSTALL.pre
@@ -0,0 +1,15 @@
+#! /bin/sh
+
+case "$2" in
+ DEINSTALL) cat <<EOF
+
+=============================================================
+Note that ssh configuration, key, and random-seed files
+(<$SSH_CONF_DIR>/ssh*) are not removed in the deinstallation
+process. You should remove those by hand, if you no longer
+need them.
+=============================================================
+
+EOF
+ ;;
+esac
diff --git a/security/ssh/pkg/DESCR b/security/ssh/pkg/DESCR
index 1398c52d792..5c76294d0b0 100644
--- a/security/ssh/pkg/DESCR
+++ b/security/ssh/pkg/DESCR
@@ -1,13 +1,11 @@
-Secure Shell is a program to log into another computer over a network,
-to execute commands in a remote machine, and to move files from one
-machine to another. It provides strong authentication and secure
-communications over insecure channels. It is inteded as a replacement
-for rlogin, rsh, and rcp.
+SSH (Secure Shell) is a program to log into another computer over a
+network, to execute commands in a remote machine, and to move files
+from one machine to another. It provides strong authentication and
+secure communications over insecure channels. It is intended as a
+replacement for rlogin, rsh, rcp, and rdist.
FEATURES
- o Complete replacement for rlogin, rsh, and rcp.
-
o Strong authentication. Closes several security holes (e.g., IP,
routing, and DNS spoofing). New authentication methods: .rhosts
together with RSA based host authentication, and pure RSA
@@ -15,7 +13,7 @@ FEATURES
o Improved privacy. All communications are automatically and
transparently encrypted. RSA is used for key exchange, and a
- conventional cipher (normally IDEA, DES, or triple-DES) for
+ conventional cipher (normally IDEA, Blowfish, or triple-DES) for
encrypting the session. Encryption is started before
authentication, and no passwords or other information is
transmitted in the clear. Encryption is also used to protect
@@ -96,3 +94,5 @@ FEATURES
o Optional compression of all data with gzip (including forwarded X11
and TCP/IP port data), which may result in significant speedups on
slow connections.
+
+ o Complete replacement for rlogin, rsh, and rcp.
diff --git a/security/ssh/pkg/MESSAGE.pre b/security/ssh/pkg/MESSAGE.pre
new file mode 100644
index 00000000000..af07699695d
--- /dev/null
+++ b/security/ssh/pkg/MESSAGE.pre
@@ -0,0 +1,19 @@
+==========================================================================
+If "starter" configuration files were installed (in <$SSH_CONF_DIR>)
+when the package was installed, be sure to examine them (and the man pages
+for ssh and sshd) to determine whether you want to make any changes.
+
+Copies of the example configuration files are installed in
+<$PREFIX>/examples/ssh, so those can still be used for reference after
+you have made changes to those installed in <$SSH_CONF_DIR>, or if
+you had existing configuration files, which would not be overwritten in
+the installation process.
+
+In general, you will want to set up /etc/rc.local to start sshd at boot
+time. Something like the following should do the job:
+
+# Run sshd if installed and configured
+if [ -f <$PREFIX>/sbin/sshd -a -f <$SSH_CONF_DIR>/sshd_config ]; then
+ echo -n ' sshd'; <$PREFIX>/sbin/sshd
+fi
+==========================================================================
diff --git a/security/ssh/pkg/PLIST b/security/ssh/pkg/PLIST
deleted file mode 100644
index 6690140a329..00000000000
--- a/security/ssh/pkg/PLIST
+++ /dev/null
@@ -1,25 +0,0 @@
-@comment $NetBSD: PLIST,v 1.2 1997/12/18 02:45:02 mrg Exp $
-@comment XXX etc/rc.d/sshd.sh - not yet - hubertf
-bin/scp
-bin/ssh
-@exec ln -fs %f %B/slogin
-@unexec rm -f %B/slogin
-bin/ssh-add
-bin/ssh-agent
-bin/ssh-askpass
-bin/ssh-keygen
-bin/make-ssh-known-hosts
-man/man1/make-ssh-known-hosts.1.gz
-man/man1/scp.1.gz
-man/man1/ssh-add.1.gz
-man/man1/ssh-agent.1.gz
-man/man1/ssh-keygen.1.gz
-man/man1/ssh.1.gz
-man/man1/slogin.1.gz
-man/man8/sshd.8.gz
-sbin/sshd
-@exec ln -s /etc/ssh_host_key %B
-@unexec rm -f %B/ssh_host_key
-@exec ln -s /etc/ssh_host_key.pub %B
-@unexec rm -f %B/ssh_host_key.pub
-@exec if [ ! -f %D/etc/ssh_host_key ]; then echo "Generating a secret host key.." ; %D/bin/ssh-keygen -N "" -f %D/etc/ssh_host_key; fi
diff --git a/security/ssh/pkg/PLIST.pre b/security/ssh/pkg/PLIST.pre
new file mode 100644
index 00000000000..84c160353a2
--- /dev/null
+++ b/security/ssh/pkg/PLIST.pre
@@ -0,0 +1,28 @@
+@comment $NetBSD: PLIST.pre,v 1.1 1998/02/12 14:27:49 mrg Exp $
+@comment XXX etc/rc.d/sshd.sh - not yet - hubertf
+bin/scp
+bin/ssh
+@exec ln -fs %f %B/slogin
+@unexec rm %B/slogin
+bin/ssh-add
+bin/ssh-agent
+bin/ssh-askpass
+bin/ssh-keygen
+bin/make-ssh-known-hosts
+man/man1/make-ssh-known-hosts.1.gz
+man/man1/scp.1.gz
+man/man1/ssh-add.1.gz
+man/man1/ssh-agent.1.gz
+man/man1/ssh-keygen.1.gz
+man/man1/ssh.1.gz
+man/man1/slogin.1.gz
+man/man8/sshd.8.gz
+sbin/sshd
+@exec if [ ! -d %D/share/examples/ssh ]; then mkdir -p %D/share/examples/ssh; fi
+share/examples/ssh/ssh_config
+share/examples/ssh/sshd_config
+@exec if [ ! -d <$SSH_CONF_DIR> ]; then echo "Creating directory <$SSH_CONF_DIR> for ssh config files.." ; mkdir -p <$SSH_CONF_DIR>; fi
+@exec if [ ! -f <$SSH_CONF_DIR>/ssh_config ]; then echo "Installing example ssh_config in <$SSH_CONF_DIR>.." ; /usr/bin/install -c -o root -g wheel -m 0644 %D/share/examples/ssh/ssh_config <$SSH_CONF_DIR>; fi
+@exec if [ ! -f <$SSH_CONF_DIR>/sshd_config ]; then echo "Installing example sshd_config in <$SSH_CONF_DIR>.." ; /usr/bin/install -c -o root -g wheel -m 0644 %D/share/examples/ssh/sshd_config <$SSH_CONF_DIR>; fi
+@exec if [ ! -f <$SSH_CONF_DIR>/ssh_host_key ]; then echo "Generating a secret host key in <$SSH_CONF_DIR>.." ; %D/bin/ssh-keygen -N "" -f <$SSH_CONF_DIR>/ssh_host_key; fi
+@dirrm share/examples/ssh