Hi,
It's been uploaded to non-us.debian.org, but if you're in a hurry, you
can grab it here:
http://www.hands.com/~phil/debian/openssh/
Things from the debian patch that might be worth taking upstream:
configure.in:
. The tcp-wrappers patch (mentioned here recently)
Makefile:
. Put OPT_FLAGS back in so I can set options in debian/rules
. Install ssh with SUID bit set
sshd.c:
. use macro for PAM service name, so I can change it to ``ssh'' in
debian/rules
. disable motd & lastlogin messages if HAVE_PAM
sshd.pam
. Apparently this one works well, but I don't know how widespread
pam_unix.o is, so perhaps offering it as an alternative, or as
comments in the file
sshd_config:
. enable ForwardX11. I cannot see a reason to have this disabled
on the server, and it's a pain having to switch it back on all
the time.
ssh-copy-id & ssh-copy-id.1
. A script that uses ssh to install one's identity into a remote
authorized_keys, and makes sure that the permissions at the
other end are likely to work afterwards. It's quite handy, but
could probably do with a few options to control where it gets
the keys from.
and in several files:
. Change defaults for ForwardX11 & ForwardAgent to be ``off'' for
security
BTW the diff is here:
http://www.hands.com/~phil/debian/openssh/openssh_1.2pre13-1.diff.gz
and also contains a load of debian specific packaging files under the
debian directory, that you can safely ignore
Cheers, Phil.
It's been uploaded to non-us.debian.org, but if you're in a hurry, you
can grab it here:
http://www.hands.com/~phil/debian/openssh/
Things from the debian patch that might be worth taking upstream:
configure.in:
. The tcp-wrappers patch (mentioned here recently)
Makefile:
. Put OPT_FLAGS back in so I can set options in debian/rules
. Install ssh with SUID bit set
sshd.c:
. use macro for PAM service name, so I can change it to ``ssh'' in
debian/rules
. disable motd & lastlogin messages if HAVE_PAM
sshd.pam
. Apparently this one works well, but I don't know how widespread
pam_unix.o is, so perhaps offering it as an alternative, or as
comments in the file
sshd_config:
. enable ForwardX11. I cannot see a reason to have this disabled
on the server, and it's a pain having to switch it back on all
the time.
ssh-copy-id & ssh-copy-id.1
. A script that uses ssh to install one's identity into a remote
authorized_keys, and makes sure that the permissions at the
other end are likely to work afterwards. It's quite handy, but
could probably do with a few options to control where it gets
the keys from.
and in several files:
. Change defaults for ForwardX11 & ForwardAgent to be ``off'' for
security
BTW the diff is here:
http://www.hands.com/~phil/debian/openssh/openssh_1.2pre13-1.diff.gz
and also contains a load of debian specific packaging files under the
debian directory, that you can safely ignore
Cheers, Phil.