To install the patch, do the following: # cd /usr/src/usr.bin (or elsewhere) # tar xvfz .../openssh-3.1.tgz # cd ssh # patch -p0 < openbsd29_3.1.patch # make obj # make cleandir # make depend # make # make install # cp ssh_config sshd_config /etc diff -Nur sshd/Makefile sshd/Makefile --- sshd/Makefile Sun Oct 7 20:14:20 2001 +++ sshd/Makefile Tue Oct 16 13:31:53 2001 @@ -7,7 +7,8 @@ BINMODE=555 BINDIR= /usr/sbin MAN= sshd.8 -CFLAGS+=-DHAVE_LOGIN_CAP -DBSD_AUTH +CFLAGS+=-DHAVE_LOGIN_CAP +#CFLAGS+=-DBSD_AUTH SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \ sshpty.c sshlogin.c servconf.c serverloop.c \ @@ -47,8 +48,8 @@ DPADD+= ${LIBWRAP} .endif -#.if (${SKEY:L} == "yes") -#CFLAGS+= -DSKEY -#LDADD+= -lskey -#DPADD+= ${SKEY} -#.endif +.if (${SKEY:L} == "yes") +CFLAGS+= -DSKEY +LDADD+= -lskey +DPADD+= ${SKEY} +.endif Index: Makefile =================================================================== RCS file: /cvs/src/usr.bin/ssh/Makefile,v retrieving revision 1.10 diff -u -r1.10 Makefile --- Makefile 9 Feb 2002 17:37:34 -0000 1.10 +++ Makefile 6 Mar 2002 16:55:42 -0000 @@ -7,8 +7,8 @@ distribution: install -C -o root -g wheel -m 0644 ${.CURDIR}/ssh_config \ - ${DESTDIR}/etc/ssh/ssh_config + ${DESTDIR}/etc/ssh_config install -C -o root -g wheel -m 0644 ${.CURDIR}/sshd_config \ - ${DESTDIR}/etc/ssh/sshd_config + ${DESTDIR}/etc/sshd_config .include Index: README =================================================================== RCS file: /cvs/src/usr.bin/ssh/README,v retrieving revision 1.5 diff -u -r1.5 README --- README 9 Feb 2002 17:37:34 -0000 1.5 +++ README 6 Mar 2002 16:55:42 -0000 @@ -14,7 +14,7 @@ # make depend # make # make install - # cp ssh_config sshd_config /etc/ssh + # cp ssh_config sshd_config /etc OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Index: readconf.h =================================================================== RCS file: /cvs/src/usr.bin/ssh/readconf.h,v retrieving revision 1.42 diff -u -r1.42 readconf.h --- readconf.h 4 Mar 2002 17:27:39 -0000 1.42 +++ readconf.h 6 Mar 2002 16:55:42 -0000 @@ -81,7 +81,7 @@ char *user; /* User to log in as. */ int escape_char; /* Escape character; -2 = none */ - char *system_hostfile;/* Path for /etc/ssh/ssh_known_hosts. */ + char *system_hostfile;/* Path for /etc/ssh_known_hosts. */ char *user_hostfile; /* Path for $HOME/.ssh/known_hosts. */ char *system_hostfile2; char *user_hostfile2; Index: servconf.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/servconf.c,v retrieving revision 1.101 diff -u -r1.101 servconf.c --- servconf.c 4 Feb 2002 12:15:25 -0000 1.101 +++ servconf.c 6 Mar 2002 16:55:42 -0000 @@ -818,7 +818,7 @@ * These options can contain %X options expanded at * connect time, so that you can specify paths like: * - * AuthorizedKeysFile /etc/ssh_keys/%u + * AuthorizedKeysFile /etc_keys/%u */ case sAuthorizedKeysFile: case sAuthorizedKeysFile2: Index: session.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/session.c,v retrieving revision 1.128 diff -u -r1.128 session.c --- session.c 16 Feb 2002 00:51:44 -0000 1.128 +++ session.c 6 Mar 2002 16:55:42 -0000 @@ -857,7 +857,7 @@ } /* - * Run $HOME/.ssh/rc, /etc/ssh/sshrc, or xauth (whichever is found + * Run $HOME/.ssh/rc, /etc/sshrc, or xauth (whichever is found * first in this order). */ static void @@ -1062,7 +1062,7 @@ /* * Must take new environment into use so that .ssh/rc, - * /etc/ssh/sshrc and xauth are run in the proper environment. + * /etc/sshrc and xauth are run in the proper environment. */ environ = env; Index: ssh-keyscan.1 =================================================================== RCS file: /cvs/src/usr.bin/ssh/ssh-keyscan.1,v retrieving revision 1.14 diff -u -r1.14 ssh-keyscan.1 --- ssh-keyscan.1 13 Feb 2002 08:33:47 -0000 1.14 +++ ssh-keyscan.1 6 Mar 2002 16:55:43 -0000 @@ -138,7 +138,7 @@ or .Dq ssh-dsa . .Pp -.Pa /etc/ssh/ssh_known_hosts +.Pa /etc/ssh_known_hosts .Sh BUGS It generates "Connection closed by remote host" messages on the consoles of all the machines it scans if the server is older than version 2.9. Index: ssh.1 =================================================================== RCS file: /cvs/src/usr.bin/ssh/ssh.1,v retrieving revision 1.148 diff -u -r1.148 ssh.1 --- ssh.1 18 Feb 2002 17:55:20 -0000 1.148 +++ ssh.1 6 Mar 2002 16:55:43 -0000 @@ -126,7 +126,7 @@ .Pa /etc/shosts.equiv , and if additionally the server can verify the client's host key (see -.Pa /etc/ssh/ssh_known_hosts +.Pa /etc/ssh_known_hosts and .Pa $HOME/.ssh/known_hosts in the @@ -365,7 +365,7 @@ .Pa $HOME/.ssh/known_hosts in the user's home directory. Additionally, the file -.Pa /etc/ssh/ssh_known_hosts +.Pa /etc/ssh_known_hosts is automatically checked for known hosts. Any new hosts are automatically added to the user's file. If a host's identification @@ -573,7 +573,7 @@ Specifies an alternative per-user configuration file. If a configuration file is given on the command line, the system-wide configuration file -.Pq Pa /etc/ssh/ssh_config +.Pq Pa /etc/ssh_config will be ignored. The default for the per-user configuration file is .Pa $HOME/.ssh/config . @@ -648,7 +648,7 @@ command line options, user's configuration file .Pq Pa $HOME/.ssh/config , and system-wide configuration file -.Pq Pa /etc/ssh/ssh_config . +.Pq Pa /etc/ssh_config . For each parameter, the first obtained value will be used. The configuration files contain sections bracketed by @@ -886,7 +886,7 @@ .It Cm GlobalKnownHostsFile Specifies a file to use for the global host key database instead of -.Pa /etc/ssh/ssh_known_hosts . +.Pa /etc/ssh_known_hosts . .It Cm HostbasedAuthentication Specifies whether to try rhosts based authentication with public key authentication. @@ -1144,7 +1144,7 @@ file, and refuses to connect to hosts whose host key has changed. This provides maximum protection against trojan horse attacks, however, can be annoying when the -.Pa /etc/ssh/ssh_known_hosts +.Pa /etc/ssh_known_hosts file is poorly maintained, or connections to new hosts are frequently made. This option forces the user to manually @@ -1312,7 +1312,7 @@ .It Pa $HOME/.ssh/known_hosts Records host keys for all hosts the user has logged into that are not in -.Pa /etc/ssh/ssh_known_hosts . +.Pa /etc/ssh_known_hosts . See .Xr sshd 8 . .It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa @@ -1367,7 +1367,7 @@ identity files. This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. -.It Pa /etc/ssh/ssh_known_hosts +.It Pa /etc/ssh_known_hosts Systemwide list of known host keys. This file should be prepared by the system administrator to contain the public host keys of all machines in the @@ -1390,13 +1390,13 @@ does not convert the user-supplied name to a canonical name before checking the key, because someone with access to the name servers would then be able to fool host authentication. -.It Pa /etc/ssh/ssh_config +.It Pa /etc/ssh_config Systemwide configuration file. This file provides defaults for those values that are not specified in the user's configuration file, and for those users who do not have a configuration file. This file must be world-readable. -.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key +.It Pa /etc/ssh_host_key, /etc/ssh_host_dsa_key, /etc/ssh_host_rsa_key These three files contain the private parts of the host keys and are used for .Cm RhostsRSAAuthentication @@ -1431,7 +1431,7 @@ will be installed so that it requires successful RSA host authentication before permitting \s+2.\s0rhosts authentication. If the server machine does not have the client's host key in -.Pa /etc/ssh/ssh_known_hosts , +.Pa /etc/ssh_known_hosts , it can be stored in .Pa $HOME/.ssh/known_hosts . The easiest way to do this is to @@ -1468,7 +1468,7 @@ This file may be useful to permit logins using .Nm but not using rsh/rlogin. -.It Pa /etc/ssh/sshrc +.It Pa /etc/sshrc Commands in this file are executed by .Nm when the user logs in just before the user's shell (or command) is started. Index: sshd.8 =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshd.8,v retrieving revision 1.170 diff -u -r1.170 sshd.8 --- sshd.8 28 Feb 2002 20:46:10 -0000 1.170 +++ sshd.8 6 Mar 2002 16:55:43 -0000 @@ -198,7 +198,7 @@ .It Fl f Ar configuration_file Specifies the name of the configuration file. The default is -.Pa /etc/ssh/sshd_config . +.Pa /etc/sshd_config . .Nm refuses to start if there is no configuration file. .It Fl g Ar login_grace_time @@ -214,11 +214,11 @@ is not run as root (as the normal host key files are normally not readable by anyone but root). The default is -.Pa /etc/ssh/ssh_host_key +.Pa /etc/ssh_host_key for protocol version 1, and -.Pa /etc/ssh/ssh_host_rsa_key +.Pa /etc/ssh_host_rsa_key and -.Pa /etc/ssh/ssh_host_dsa_key +.Pa /etc/ssh_host_dsa_key for protocol version 2. It is possible to have multiple host key files for the different protocol versions and host key algorithms. @@ -316,7 +316,7 @@ .Sh CONFIGURATION FILE .Nm reads configuration data from -.Pa /etc/ssh/sshd_config +.Pa /etc/sshd_config (or the file specified with .Fl f on the command line). @@ -496,11 +496,11 @@ Specifies a file containing a private host key used by SSH. The default is -.Pa /etc/ssh/ssh_host_key +.Pa /etc/ssh_host_key for protocol version 1, and -.Pa /etc/ssh/ssh_host_rsa_key +.Pa /etc/ssh_host_rsa_key and -.Pa /etc/ssh/ssh_host_dsa_key +.Pa /etc/ssh_host_dsa_key for protocol version 2. Note that .Nm @@ -966,7 +966,7 @@ If .Pa $HOME/.ssh/rc exists, runs it; else if -.Pa /etc/ssh/sshrc +.Pa /etc/sshrc exists, runs it; otherwise runs xauth. The @@ -1103,7 +1103,7 @@ permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323 .Sh SSH_KNOWN_HOSTS FILE FORMAT The -.Pa /etc/ssh/ssh_known_hosts , +.Pa /etc/ssh_known_hosts , and .Pa $HOME/.ssh/known_hosts files contain host public keys for all known hosts. @@ -1128,7 +1128,7 @@ .Pp Bits, exponent, and modulus are taken directly from the RSA host key; they can be obtained, e.g., from -.Pa /etc/ssh/ssh_host_key.pub . +.Pa /etc/ssh_host_key.pub . The optional comment field continues to the end of the line, and is not used. .Pp Lines starting with @@ -1150,7 +1150,7 @@ long, and you definitely don't want to type in the host keys by hand. Rather, generate them by a script or by taking -.Pa /etc/ssh/ssh_host_key.pub +.Pa /etc/ssh_host_key.pub and adding the host names at the front. .Ss Examples .Bd -literal @@ -1159,19 +1159,19 @@ .Ed .Sh FILES .Bl -tag -width Ds -.It Pa /etc/ssh/sshd_config +.It Pa /etc/sshd_config Contains configuration data for .Nm sshd . This file should be writable by root only, but it is recommended (though not necessary) that it be world-readable. -.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key +.It Pa /etc/ssh_host_key, /etc/ssh_host_dsa_key, /etc/ssh_host_rsa_key These three files contain the private parts of the host keys. These files should only be owned by root, readable only by root, and not accessible to others. Note that .Nm does not start if this file is group/world-accessible. -.It Pa /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key.pub, /etc/ssh/ssh_host_rsa_key.pub +.It Pa /etc/ssh_host_key.pub, /etc/ssh_host_dsa_key.pub, /etc/ssh_host_rsa_key.pub These three files contain the public parts of the host keys. These files should be world-readable but writable only by root. @@ -1204,7 +1204,7 @@ .Pa id_rsa.pub files into this file, as described in .Xr ssh-keygen 1 . -.It Pa "/etc/ssh/ssh_known_hosts" and "$HOME/.ssh/known_hosts" +.It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts" These files are consulted when using rhosts with RSA host authentication or protocol version 2 hostbased authentication to check the public key of the host. @@ -1212,7 +1212,7 @@ The client uses the same files to verify that it is connecting to the correct remote host. These files should be writable only by root/the owner. -.Pa /etc/ssh/ssh_known_hosts +.Pa /etc/ssh_known_hosts should be world-readable, and .Pa $HOME/.ssh/known_hosts can but need not be world-readable. @@ -1320,13 +1320,13 @@ .Ed .Pp If this file does not exist, -.Pa /etc/ssh/sshrc +.Pa /etc/sshrc is run, and if that does not exist either, xauth is used to store the cookie. .Pp This file should be writable only by the user, and need not be readable by anyone else. -.It Pa /etc/ssh/sshrc +.It Pa /etc/sshrc Like .Pa $HOME/.ssh/rc . This can be used to specify Index: sshd_config =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshd_config,v retrieving revision 1.48 diff -u -r1.48 sshd_config --- sshd_config 19 Feb 2002 02:50:59 -0000 1.48 +++ sshd_config 6 Mar 2002 16:55:43 -0000 @@ -14,10 +14,10 @@ #ListenAddress :: # HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key +#HostKey /etc/ssh_host_key # HostKeys for protocol version 2 -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key +#HostKey /etc/ssh_host_rsa_key +#HostKey /etc/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 3600 @@ -42,7 +42,7 @@ #RhostsAuthentication no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +# For this to work you will also need host keys in /etc/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no Index: pathnames.h =================================================================== RCS file: /cvs/src/usr.bin/ssh/pathnames.h,v retrieving revision 1.11 diff -u -r1.11 pathnames.h --- pathnames.h 9 Feb 2002 17:37:34 -0000 1.11 +++ pathnames.h 6 Mar 2002 18:10:32 -0000 @@ -13,7 +13,7 @@ */ #define ETCDIR "/etc" -#define SSHDIR ETCDIR "/ssh" +#define SSHDIR ETCDIR #define _PATH_SSH_PIDDIR "/var/run" /*