Current status

openssh OpenBSD's secure shell client and server (remote login program)

3.6.1_6 security =182 3.6.1_6Version of this port present on the latest quarterly branch.

DEPRECATED: Long out of date with multiple security issues.
This port expired on: 2008-02-11

There is no maintainer for this port.

Any concerns regarding this port should be directed to the FreeBSD Ports mailing list via ports@FreeBSD.org

Port Added: unknown

Last Update: 2008-03-05 04:25:43

SVN Revision: unknown

People watching this port, also watch: openssl, nmap, wget

Also Listed In: ipv6

License: not specified in port

Description:

Secure Shell is a set of programs for logging into a remote machine and for executing commands on a remote machine. It is intended to replace rlogin, rsh, rcp, etc. and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is a version of Secure Shell based upon a much less encumbered SSH version 1.2.12, which has a BSD-style license. Maintained by the OpenBSD project, this is the most free and secure SSH implementation in the world. OpenSSH supports SSH protocol version 1.5 and 2.0. If you don't need SKEY/OPIE you like to use openssh-portable WWW: http://www.openssh.com/ - Brian Feldman green@FreeBSD.org

SVNWeb : Homepage

There is no configure plist information for this port.

Dependency lines:

• openssh>0:security/openssh

No installation instructions: this port has been deleted.

The package name of this deleted port was: openssh

PKGNAME: openssh

Flavors: there is no flavor information for this port.

distinfo:

There is no distinfo for this port.

There are no ports dependent upon this port

Configuration Options

===> The following configuration options are available for openssh-3.6.1_6: AFS=off (default) "With AFC Support" KERBEROS=off (default) "With Kerberos Support" SKEY=off (default) "With SKEY Support" ===> Use 'make config' to modify these settings

Master Sites:

Expand this list (4 items)

Collapse this list.
1. ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/
2. ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/
3. ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/
4. ftp://ftp1.se.openbsd.org/pub/OpenBSD/OpenSSH/
Collapse this list.

• port deleted on 2008-03-02
  REASON: Has expired: Outdated and has security issues
  

- expire port: Long out of date with multiple security issues.
  (Don't worry, openssh-portable is still there.)

- Mark DEPRECATED and set expirtation date for one month.
  Long out of date with multiple security issues.

- Remove FreeBSD 4.X support from unmaintained ports in categories starting
  with letter r-s

- Add ipv6 category

PR:             ports/107052
Submitted by:   Janos Mohacsi <janos.mohacsi@bsd.hu>

Fix build after DESTDIR update.

Submitted by:   gabor

- Convert to OPTIONS
- Switch to rc_subr script

PR:             ports/96625
Submitted by:   Peter Thoenen <peter.thoenen@yahoo.com> <eol1@yahoo.com>

- Add SHA256

- add a line why this port exist
- drop maintainership

- make PKGNAMESUFFIX more flexible

- add SIZE

- fix Usage

- fix spelling of gssapi

- add CONFLICTS
Submitted by:   eikemeier@fillmore-labs.com

Bump PORTREVISION for PAM security fix committed on Sep 26.

- Security Fix in PAM handling
Obtained from:  des

- mark FORBIDDEN until fixes.

- Security Fix obtained from OpenBSD
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/buffer.c.diff?r1=1.18&r2=1.19

Submitted by:   ash@lab.poc.net

Add Solar Designer's additional fixes to buffer management.

- Securitry Fix revision 2
http://www.openssh.com/txt/buffer.adv
Approved by:    lioux (portmgr)

Do not record expanded size before attempting to reallocate associated
memory.

Obtained from:  OpenBSD

- strip MAKE_ENV, LDFLAGS is set in bsd.openssl.mk

- use hook for bsd.openssl.mk

- honor any given LDFLAGS

- use bsd.openssl.mk

- Update to 3.6.1

- Update to 3.6
This version does no longer compile on FreeBSD 2.2.8

- merge patch from openssh-portable
  to initialize resolver libary before
  chroot to /var/empty if UsePrivilegeSeparation=yes

- use include more consistent

- retire pkg-comment

- add COMMENT

extra spaces removed

Update to 3.5

Fix BATCH problem in CURRENT

Fix an build problem with make install on STABLE

Fix build in STABLE and CURRENT, _PATH_CP is defined in system includes

display PKGMESSAGE on manual build too.

FreeBSD specifc security fix for:
ChallengeResponseAuthentication yes

PermitRootLogin no explanation added.

'PermitRootLogin no' is the new default for the OpenSSH port.
This now matches the PermitRootLogin configuration of OpenSSH in
the base system.  Please be aware of this when upgrading your
OpenSSH port, and if truly necessary, re-enable remote root login
by readjusting this option in your sshd_config.

Users are encouraged to create single-purpose users with ssh keys
and very narrowly defined sudo privileges instead of using root
for automated tasks.

give Enviroment from login.conf priority over all others,
problem found by drs@rucus.ru.ac.za.

Defaults changed: (Gregory Sutter)
 ChallengeResponseAuthentication no
 UseLogin no

SSH_PRIVSEP_USER=sshd, distributioin patch set it to nobodyh. (Jan Srzednicki)

#undef USE_PIPES, problems with ppp over ssh. (Kugimoto Takeshi)

fix missing includes for "canohost.h"

Update to openssh-3.4
Update to openssh-3.4p1

Security FIX, Please update to this Version.

Options for both:
USE_OPENSSL_BASE=yes
        uses an older opensssl in the base system.

Options for portable:
OPENSSH_OVERWRITE_BASE=yes
        includes USE_OPENSSL_BASE=yes
        installls in the paths of the base system

Add missing codeblock

Patch from current, noted by drs@rucus.ru.ac.za:
environment variables in the 'setenv' field of login.conf are set now.

Small cleanups for smoothlees migration to $PREFIX/etc/shh

Fix a typo, only affects when installing a packae on a clean system.
Submitted by:   anders@fix.no

Create user when package is extracted

Enable privilege separation as default,
create user and home if it not exists.

Merge PAM-changes from openssh currrent
Fix build with SKEY=yes, pr# 36119
Cleanup pw_expire handling.
Add missing includes
Changes defaults to: PermitRootLogin=no, UsePrivilegeSeparation=no
Use $PREFIX/etc/ssh for config, updating manpages too.

Update to openssh-3.3
- New program ssh-keysign
- New manpages for ssh_config and sshd_config
- Merge Pathes to new files
- Fix GCC problem with unsupported __func__ in older Releases

- Get rid of PERL and use SED

- get rid of duplicate code in Makefiles.
- Fix USE_OPENSSL_PORT and USE_OPENSSL_BASE
- drop obsolete/broken USE_OPENSSL

Update to OpenSSH 3.2.3

- patch openssh-3.1-adv.token.patch is now obsolete.
- remerged PAM changes form previous port
- declare CMSG_* macros.
- fixed bad type in function input_userauth_passwd_changereq

Update to OpenSSH-portable-3.2.3p1

- patch openssh-3.1p1-adv.token.patch is now obsolete
- keep previously declared CONFIGURE_ARGS
- remove openssh-mit-krb5-20020326.diff (should be in the distribution now)
- patch patch-readpassphrase.c is now in teh distribution
- merged previous patches.
- extend CONFIGURE_ARGS so it find OPENSSL again.
- new patches for GSSAPI, not fully tested.

If you have the patch applied:
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/36080

Builds with openssl-0.9.6d under:
2.2.8-RELEASE
3.2-RELEASE
4.2-RELEASE
4.6-RC

Use crypto.3 as dependeny.
To keep consistent with USE_SSL in bsd.port.mk

Chase openssl shlib version increase.

Pointy hat to:  dinoex

openssl:
- some configure scripts check the version of the lib
  so we need to update SHLIBVER
- bump PORTREVISION

openssh:
- build ports with local openssl, if it exists

Security fix for token passing, see bugtraq for details.
- fetch and use openssh-3.1-adv.token.patch to build.
- bump PORTREVISION

remove obsolete patch: openssh/files/patch-cipher.c

Updated Patch on openBSD website,
patch openssh/files/patch-cipher.c is now obsolete.

Fix problem with auth_ttyok and ttyname

Merge patches from -stable with USE_PAM and HAVE_LOGIN_CAP
Bump PORTREVISION

PR:             35904

Rename Patches to make navigation much more easier.

create ssh_config-dist and sshd_config-dist
make sure that package install and deinstall
don't temper existing configuration files.
install sshd.sh now as sample.

Package changed, but no need to update
if you have PORTREVISION=2

Add etc/moduli if it does not exist already.
sshd complainied about it.

Extend the description for openssh-portable   Fix description for openssh    

- Fix Problem with 3des chiper   - Patch from openssh-portable, which works
fine.   - bump PORTREVISION    

- add defines for comatibility with older FreeBSD releases 3.x and 2.2.8        
  SHUT_RD, SHUT_WR, SHUT_RDWR           INET_ADDRSTRLEN   - add dirname() from
FreeBSD 4.5   - use utimes instead of futimes fore FreeBSD < 4.x    

- Add more INET6 #ifdef's   - Suggested patch modified and extended    

Pass option to generate rsa1 keys, which is now required.    

Update to OpenSSH 3.1 OpennSSH-portable 3.1p1    

Fix off-by-one error.    

Change some defines from "YES" to "yes"   See samples in the porters-handbook.  
 

- Udate to OpenSSH-3.0.2   - make batch-processing cleaner    

Use newer patch from OpenBSD ftp site, no relevant changes   (SKey is not set in
this port)    

- generate now all 3 host keyes if they don't exists before   - save patchfile
from openbsd, it has been removed.    

make portlint a bit happier    

Supply DEAFULT for PATCH_SITES    

Update to openssh-3.0.1 and openssh-portable-3.0.1p1    

Update to OpenSSH 3.0 and OpenSSH-portable 3.0p1   Extracted from Changelog (not
complete):    

cvs rm'ing patch-coredump, as the current versions are safe.   It does no harm,
so a second bump of PORTVERSION is not needed.    

- included an patch that solves a coredump in sshd   - Bumped PORTREVISION    

Let PREFIX/libdata exists, even as it had been created by the port,   Logs on
beton complaining about it.    

- Update to OpenSSH 2.9.9   - convert portname into lowercase   - PREFIX support
for default sshd_config   - security-patch for cookie files obsolete    

- Extend patches in submakefiles, to build under 3.5 STABLE    

This adds two environment variables into environment of user: LANG & MM_CHARSET,
   when used standard login via telnet or console    

change MAINTAINER to FreeBSD.org address    

- Drop modifier L in makefile, all options have to be set     in lowercase "yes"
  - Tested build with FreeBSD 4.1     openssl-0.9.6a needs to be installed form
ports.   	"FORBIDDEN" must be removed by hand.    

- Don't generate keys if BATCH is defined,     they will be generated when the
package is installed.   - Update MAN1, MAN8    

- Fix FreeBSD specific patch, exit now if change of password fails.   	Forwarded
by dwcjr    

Fix spelling and make portline happy (training spaces)    

- Switch to the user's uid before attempting to unlink the auth forwarding    
file, nullifying the effects of a race.   - Bump PORTREVISION    

- Update from OpenSSH 2.2.0 to OpenSSH 2.9   - Features:     Possible use of
sftp/sftp-server with older FreeBSD releases.     Use a newer version
independently from the Base system.     Easier to test and fix possible security
bugs.   - Bugs:     build of pam_ssm.so isn't be supported any more     Any file
named "cookie" can be deleted by this and any older "sshd"     with X11
Forwarding.    

make openssh comply with section 4.4.9 (MAN vars in Makefile, not plist)    

Move the maintainer to ports.  I don't have the capacity to continue   to
support very old systems myself.    

Add patch to prevent Bleichenbacher attack on SSH1 server. Bump   PORTREVISION. 
  

Bump PORTREVISION due to security fix.    

Add patch to deal with possible remote root exploit found by   Michal Zalewski
of the Bindview RAZOR Team, and some patches to hopefully   deal with
compilation on older versions of FreeBSD.    

Mark FORBIDDEN: several problems including possible remote root   compromise.
OpenSSH 2.3.0 included in 4.2-STABLE is not vulnerable.    

Add the security fix for inability to actually deny ssh-agent or X11  
forwarding requests.  

10 vulnerabilities affecting 79 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities

Last updated:
2021-03-05 21:21:29