diff --git a/packages/network/openssh/config/sshd_config b/packages/network/openssh/config/sshd_config index ad8166031e..47c75e876e 100644 --- a/packages/network/openssh/config/sshd_config +++ b/packages/network/openssh/config/sshd_config @@ -107,7 +107,7 @@ SyslogFacility AUTHPRIV #ChrootDirectory none # override default of no subsystems -Subsystem sftp /usr/libexec/sftp-server +Subsystem sftp /usr/lib/openssh/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs diff --git a/packages/network/openssh/init.d/51_sshd b/packages/network/openssh/init.d/51_sshd deleted file mode 100644 index a5dc2f9ce7..0000000000 --- a/packages/network/openssh/init.d/51_sshd +++ /dev/null @@ -1,76 +0,0 @@ -################################################################################ -# Copyright (C) 2009-2010 OpenELEC.tv -# http://www.openelec.tv -# -# This Program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2, or (at your option) -# any later version. -# -# This Program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with OpenELEC.tv; see the file COPYING. If not, write to -# the Free Software Foundation, 51 Franklin Street, Suite 500, Boston, MA 02110, USA. -# http://www.gnu.org/copyleft/gpl.html -################################################################################ - -# start ssh server -# -# runlevels: openelec, textmode - - # can be called from openelec addon. - # ensure that environment is sane - . /etc/profile - - SSHD_START=false - if [ -f $CONFIG_CACHE/service_ssh.conf ]; then - . $CONFIG_CACHE/service_ssh.conf - fi - -# Check if password authentication is disabled - OPTIONS="" - - if [ "$SSHD_DISABLE_PW_AUTH" == "true" ] ; then - OPTIONS="-o 'PasswordAuthentication no'" - fi - - RSA1_KEY="$CONFIG_CACHE/ssh/ssh_host_key" - RSA2_KEY="$CONFIG_CACHE/ssh/ssh_host_rsa_key" - DSA2_KEY="$CONFIG_CACHE/ssh/ssh_host_dsa_key" - - KEYGEN="/usr/bin/ssh-keygen" - SSHD="/usr/sbin/sshd" - - ( - if [ "$SSH" = "yes" -o "$SSHD_START" = "true" ]; then - - # Check for the SSH1 RSA key - if [ ! -s $RSA1_KEY ] ; then - progress "SSH: generating SSH1 RSA key" - $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null - chmod 600 $RSA1_KEY - fi - - # Check for the SSH2 RSA key - if [ ! -s $RSA2_KEY ] ; then - progress "SSH: generating SSH2 RSA key" - $KEYGEN -q -t rsa -f $RSA2_KEY -C '' -N '' >&/dev/null - chmod 600 $RSA2_KEY - fi - - # Check for the SSH2 DSA key - if [ ! -s $DSA2_KEY ] ; then - progress "SSH: generating SSH2 DSA key" - $KEYGEN -q -t dsa -f $DSA2_KEY -C '' -N '' >&/dev/null - chmod 600 $DSA2_KEY - fi - - progress "Starting SSH Server" - rm /var/run/sshd.pid &>/dev/null - eval $SSHD $OPTIONS - fi - )& diff --git a/packages/network/openssh/package.mk b/packages/network/openssh/package.mk index fd71bff90e..20242c7198 100644 --- a/packages/network/openssh/package.mk +++ b/packages/network/openssh/package.mk @@ -57,6 +57,9 @@ post_makeinstall_target() { cp $PKG_DIR/config/ssh_config $INSTALL/etc cp $PKG_DIR/config/sshd_config $INSTALL/etc + mkdir -p $INSTALL/usr/sbin + cp -P $PKG_DIR/scripts/sshd-keygen $INSTALL/usr/sbin + rm -rf $INSTALL/usr/lib/openssh/ssh-keysign rm -rf $INSTALL/usr/lib/openssh/ssh-pkcs11-helper if [ ! $SFTP_SERVER = "yes" ]; then @@ -67,4 +70,7 @@ post_makeinstall_target() { post_install() { add_user sshd x 74 74 "Privilege-separated SSH" "/var/empty/sshd" "/bin/sh" add_group sshd 74 + + enable_service sshd.service +# enable_service sshd.socket } diff --git a/packages/network/openssh/scripts/sshd-keygen b/packages/network/openssh/scripts/sshd-keygen new file mode 100755 index 0000000000..92b6d0d043 --- /dev/null +++ b/packages/network/openssh/scripts/sshd-keygen @@ -0,0 +1,51 @@ +#!/bin/sh +################################################################################ +# This file is part of OpenELEC - http://www.openelec.tv +# Copyright (C) 2009-2012 Stephan Raue (stephan@openelec.tv) +# +# This Program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This Program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with OpenELEC.tv; see the file COPYING. If not, write to +# the Free Software Foundation, 51 Franklin Street, Suite 500, Boston, MA 02110, USA. +# http://www.gnu.org/copyleft/gpl.html +################################################################################ + +. /etc/profile + +RSA1_KEY="$CONFIG_CACHE/ssh/ssh_host_key" +RSA2_KEY="$CONFIG_CACHE/ssh/ssh_host_rsa_key" +DSA2_KEY="$CONFIG_CACHE/ssh/ssh_host_dsa_key" + +KEYGEN="/usr/bin/ssh-keygen" + +mkdir -p $CONFIG_CACHE/ssh + +# Check for the SSH1 RSA key + if [ ! -s $RSA1_KEY ] ; then + progress "SSH: generating SSH1 RSA key" + $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null + chmod 600 $RSA1_KEY + fi + +# Check for the SSH2 RSA key + if [ ! -s $RSA2_KEY ] ; then + progress "SSH: generating SSH2 RSA key" + $KEYGEN -q -t rsa -f $RSA2_KEY -C '' -N '' >&/dev/null + chmod 600 $RSA2_KEY + fi + +# Check for the SSH2 DSA key + if [ ! -s $DSA2_KEY ] ; then + progress "SSH: generating SSH2 DSA key" + $KEYGEN -q -t dsa -f $DSA2_KEY -C '' -N '' >&/dev/null + chmod 600 $DSA2_KEY + fi diff --git a/packages/network/openssh/system.d/sshd-keygen.service b/packages/network/openssh/system.d/sshd-keygen.service new file mode 100644 index 0000000000..e67dd3bf02 --- /dev/null +++ b/packages/network/openssh/system.d/sshd-keygen.service @@ -0,0 +1,10 @@ +[Unit] +Description=OpenSSH Server Key Generation +ConditionPathExists=|!/storage/.cache/ssh/ssh_host_key +ConditionPathExists=|!/storage/.cache/ssh/ssh_host_rsa_key +ConditionPathExists=|!/storage/.cache/ssh/ssh_host_dsa_key + +[Service] +ExecStart=/usr/sbin/sshd-keygen +Type=oneshot + diff --git a/packages/network/openssh/system.d/sshd.service b/packages/network/openssh/system.d/sshd.service new file mode 100644 index 0000000000..5b9acbf1ae --- /dev/null +++ b/packages/network/openssh/system.d/sshd.service @@ -0,0 +1,14 @@ +[Unit] +Description=OpenSSH server daemon +After=syslog.target network.target + +[Service] +# EnvironmentFile=/etc/sysconfig/sshd +ExecStartPre=/usr/sbin/sshd-keygen +ExecStart=/usr/sbin/sshd -D +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process + +[Install] +WantedBy=multi-user.target + diff --git a/packages/network/openssh/system.d/sshd.socket b/packages/network/openssh/system.d/sshd.socket new file mode 100644 index 0000000000..38ed622882 --- /dev/null +++ b/packages/network/openssh/system.d/sshd.socket @@ -0,0 +1,11 @@ +[Unit] +Description=OpenSSH Server Socket +Conflicts=sshd.service + +[Socket] +ListenStream=22 +Accept=yes + +[Install] +WantedBy=sockets.target + diff --git a/packages/network/openssh/system.d/sshd@.service b/packages/network/openssh/system.d/sshd@.service new file mode 100644 index 0000000000..8c28392fa0 --- /dev/null +++ b/packages/network/openssh/system.d/sshd@.service @@ -0,0 +1,10 @@ +[Unit] +Description=OpenSSH per-connection server daemon +Wants=sshd-keygen.service +After=sshd-keygen.service + +[Service] +# EnvironmentFile=-/etc/sysconfig/sshd +ExecStart=-/usr/sbin/sshd +StandardInput=socket + diff --git a/packages/network/openssh/tmpfiles.d/51_sshd.conf b/packages/network/openssh/tmpfiles.d/openssh.conf similarity index 100% rename from packages/network/openssh/tmpfiles.d/51_sshd.conf rename to packages/network/openssh/tmpfiles.d/openssh.conf