openssh-sshd-makecerts: support ed25519 host key generation [release 6.6p1-3mamba;Tue Apr 29 2014]

README.md

@@ -1,2 +1,8 @@
 # openssh
 
+SSH (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine.
+It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network.
+X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL).
+

openssh-6.6p1-ssh_config.patch

@@ -0,0 +1,20 @@
+--- openssh-6.6p1/ssh_config.orig	2013-10-10 01:24:12.000000000 +0200
++++ openssh-6.6p1/ssh_config	2014-04-09 16:26:50.292117342 +0200
+@@ -17,9 +17,9 @@
+ # list of available options, their meanings and defaults, please see the
+ # ssh_config(5) man page.
+ 
+-# Host *
++Host *
+ #   ForwardAgent no
+-#   ForwardX11 no
++    ForwardX11 no
+ #   RhostsRSAAuthentication no
+ #   RSAAuthentication yes
+ #   PasswordAuthentication yes
+@@ -46,3 +46,5 @@
+ #   VisualHostKey no
+ #   ProxyCommand ssh -q -W %h:%p gateway.example.com
+ #   RekeyLimit 1G 1h
++    SendEnv LANG LC_*
++    ServerAliveInterval 60

openssh-pamdconf

@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth       required     pam_group.so
+auth       include      system-auth
+auth       required     pam_nologin.so
+account    include      system-auth
+password   include      system-auth
+session    include      system-auth
+session    required     pam_limits.so

openssh-sshd-makecerts

@@ -0,0 +1,87 @@
+#!/bin/sh
+
+RSA1_KEY=/etc/ssh/ssh_host_key
+RSA_KEY=/etc/ssh/ssh_host_rsa_key
+DSA_KEY=/etc/ssh/ssh_host_dsa_key
+ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key
+ED25519_KEY=/etc/ssh/ssh_host_ed25519_key
+
+KEYGEN=/usr/bin/ssh-keygen
+
+function do_rsa1_keygen
+{
+   if [ ! -s $RSA1_KEY ]; then
+      echo -n $"Generating SSH1 RSA host key: "
+      if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
+         chmod 600 $RSA1_KEY
+         chmod 644 $RSA1_KEY.pub
+      else
+         echo $"RSA1 key generation failed!"
+         exit 1
+      fi
+   fi
+}
+
+function do_rsa_keygen
+{
+   if [ ! -s $RSA_KEY ]; then
+      echo -n $"Generating SSH2 RSA host key: "
+      if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
+        chmod 600 $RSA_KEY
+        chmod 644 $RSA_KEY.pub
+     else
+        echo $"RSA key generation failed!"
+        exit 1
+     fi
+   fi
+}
+
+function do_dsa_keygen
+{
+   if [ ! -s $DSA_KEY ]; then
+      echo -n $"Generating SSH2 DSA host key: "
+      if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
+         chmod 600 $DSA_KEY
+         chmod 644 $DSA_KEY.pub
+      else
+         echo $"DSA key generation failed!"
+         exit 1
+      fi
+   fi
+}
+
+function do_ecdsa_keygen
+{
+   if [ ! -s $ECDSA_KEY ]; then
+      echo -n $"Generating SSH2 ECDSA host key: "
+      if $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then
+         chmod 600 $ECDSA_KEY
+         chmod 644 $ECDSA_KEY.pub
+      else
+         failure $"ECDSA key generation failed!"
+         exit 1
+      fi
+   fi
+}
+
+function do_ed25519_keygen
+{
+   if [ ! -s $ED25519_KEY ]; then
+      echo -n $"Generating SSH2 ED25519 host key: "
+      if $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >&/dev/null; then
+         chmod 600 $ED25519_KEY
+         chmod 644 $ED25519_KEY.pub
+      else
+         failure $"ED25519 key generation failed!"
+         exit 1
+      fi
+   fi
+}
+
+# Create keys if necessary
+do_rsa_keygen
+do_rsa1_keygen
+do_dsa_keygen
+do_ecdsa_keygen
+do_ed25519_keygen
+exit 0

openssh-sshd.conf

@@ -0,0 +1 @@
+d /run/sshd 0755 root root

openssh-sshd.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=OpenSSH server daemon
+After=syslog.target network.target auditd.service
+ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
+
+[Service]
+EnvironmentFile=-/etc/sysconfig/ssh
+#ExecStartPre=/usr/bin/test -c /dev/null
+ExecStartPre=/usr/bin/ssh-makecerts
+ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target

openssh-sshd.socket

@@ -0,0 +1,11 @@
+[Unit]
+Description=OpenSSH Server Socket
+Conflicts=sshd.service
+ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
+
+[Socket]
+ListenStream=22
+Accept=yes
+
+[Install]
+WantedBy=sockets.target

openssh-sshd@.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=OpenSSH per-connection server daemon
+After=auditd.service
+
+[Service]
+EnvironmentFile=-/etc/sysconfig/ssh
+#ExecStartPre=/usr/bin/test -c /dev/null
+ExecStartPre=/usr/bin/ssh-makecerts
+ExecStart=-/usr/sbin/sshd -i $SSHD_OPTS
+StandardInput=socket

openssh.spec

@@ -0,0 +1,450 @@
+%define groupid       65002
+%define userid        65002
+
+%define with_opensc   0
+%define with_chroot   1
+%define with_selinux  0
+
+Name:          openssh
+Version:       6.6p1
+Release:       3mamba
+Summary:       OpenSSH free Secure Shell (SSH) implementation
+Group:         Network/Security
+Vendor:        openmamba
+Distribution:  openmamba
+Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
+URL:           http://www.openssh.com/
+Source0:       ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
+Source1:       openssh-pamdconf
+Source2:       openssh-sshd-makecerts
+Source3:       openssh-sshd.service
+Source4:       openssh-sshd@.service
+Source5:       openssh-sshd.socket
+Source6:       openssh-sshd.conf
+Patch0:        openssh-6.6p1-ssh_config.patch
+License:       BSD
+## AUTOBUILDREQ-BEGIN
+BuildRequires: bash
+BuildRequires: glibc-devel
+BuildRequires: libopenssl-devel
+BuildRequires: libwrap-devel
+BuildRequires: libz-devel
+BuildRequires: pam-devel
+## AUTOBUILDREQ-END
+%if "%{stage1}" != "1"
+BuildRequires: %{_bindir}/xauth
+%endif
+%if %with_opensc
+BuildRequires: libopensc-devel
+BuildRequires: coreutils
+%endif
+BuildRequires: libwrap-devel
+BuildRequires: libopenssl >= 1.0.1c
+BuildRoot:     %{_tmppath}/%{name}-%{version}-root
+
+# NOTE:
+# see http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-watchdog.html
+
+%description
+SSH (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine.
+It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network.
+X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL).
+
+%package common
+Summary:       OpenSSH free Secure Shell (SSH) implementation
+Group:         Network/Security
+Requires:      libopenssl >= 1.0.1
+
+%description common
+SSH (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine.
+It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network.
+X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL).
+
+This package includes the core files necessary for both the OpenSSH client and server.
+To make this package useful, you should also install openssh-clients, openssh-server, or both.
+
+%package clients
+Summary:       OpenSSH Secure Shell protocol clients
+Group:         Network/Security
+Provides:      openssh-client
+Obsoletes:     openssh-client
+Requires:      openssh-common = %{?epoch:%epoch:}%{version}-%{release}
+Provides:      openssh
+Obsoletes:     openssh
+
+%description clients
+SSH (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine.
+It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network.
+X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL).
+
+This package includes the clients necessary to make encrypted connections to SSH servers.
+
+%package server
+Summary:       OpenSSH Secure Shell protocol server (sshd)
+Group:         System/Servers
+Requires(post): openssh-common = %{?epoch:%epoch:}%{version}-%{release}
+
+%description server
+SSH (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine.
+It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network.
+X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL).
+
+This package contains the secure shell daemon. 
+The sshd is the server part of the secure shell protocol and allows ssh clients to connect to your host.
+
+%prep
+%setup -q
+%patch0 -p1
+
+%build
+# note: --with-rand-helper unneeded for Linux
+# (openSSH uses the Linux kernel random source)
+%if %with_chroot
+export CFLAGS="%{optflags} -DUSE_CHROOT"
+%endif
+%configure \
+   --sysconfdir=%{_sysconfdir}/ssh \
+   --libexecdir=%{_libexecdir}/openssh \
+   --with-pid-dir=/run/sshd \
+   --with-md5-passwords \
+   --with-ipv4-default \
+   --with-mantype=man \
+%if %with_opensc
+   --with-opensc \
+%endif
+   --with-pam \
+   --with-xauth=%{_bindir}/xauth \
+%if %with_selinux
+   --with-selinux \
+%endif
+   --with-tcp-wrappers \
+   --without-rsh \
+   --without-smartcard \
+   --without-zlib-version-check \
+   --disable-suid-ssh \
+   --disable-etc-default-login \
+   --with-default-path=/usr/local/bin:/bin:/usr/bin \
+   --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
+   --disable-strip
+
+%make
+
+
+%install
+[ "%{buildroot}" != / ] && rm -rf %{buildroot}
+
+install -d %{buildroot}%{_var}/empty
+install -d %{buildroot}%{_sysconfdir}/{ssh,pam.d}
+
+# note: 'make check-config' fails but it's an harmless error
+%makeinstall
+
+install -D -m 600 %{S:1} %{buildroot}%{_sysconfdir}/pam.d/sshd
+install -D -m 755 %{SOURCE2} %{buildroot}%{_bindir}/ssh-makecerts
+install -D -m 644 %{SOURCE3} %{buildroot}/lib/systemd/system/sshd.service
+install -D -m 644 %{SOURCE4} %{buildroot}/lib/systemd/system/sshd@.service
+install -D -m 644 %{SOURCE5} %{buildroot}/lib/systemd/system/sshd.socket
+install -D -m 644 %{SOURCE6} %{buildroot}%{_prefix}/lib/tmpfiles.d/sshd.conf
+
+rm -f %{buildroot}%{_datadir}/Ssh.bin
+
+# customize the configuration files of ssh server
+sed -i 's/#Protocol 2,1/Protocol 2/
+        s/#\(UsePAM\).*/\1 yes/
+        s/#X11Forwarding no/X11Forwarding yes/
+        s/#\(UsePrivilegeSeparation yes\)/\1/
+        s/#\(AllowTcpForwarding\) .*/\1 no/' \
+   %{buildroot}%{_sysconfdir}/ssh/sshd_config
+
+echo "AcceptEnv LANG LC_*" >> %{buildroot}%{_sysconfdir}/ssh/sshd_config
+
+install -m0755 contrib/ssh-copy-id %{buildroot}%{_bindir}/ssh-copy-id
+install -m0644 contrib/ssh-copy-id.1 %{buildroot}%{_mandir}/man1/ssh-copy-id.1
+
+%clean
+[ "%{buildroot}" != / ] && rm -rf %{buildroot}
+
+%post clients
+if [ $1 -gt 1 ]; then
+   grep "SendEnv" %{_sysconfdir}/ssh/ssh_config >/dev/null || \
+      echo "    SendEnv LANG LC_*" >> %{_sysconfdir}/ssh/ssh_config
+   grep "ServerAliveInterval" %{_sysconfdir}/ssh/ssh_config >/dev/null || \
+      echo "    ServerAliveInterval 60" >> %{_sysconfdir}/ssh/ssh_config
+fi
+:
+
+%pre server
+/usr/sbin/groupadd sshd -g %{groupid} 2>/dev/null || :
+/usr/sbin/useradd -u %{userid} -g sshd -c 'ssh daemon' -d /var/empty \
+   -s /bin/false sshd 2>/dev/null
+exit 0
+
+%post server
+if [ $1 -eq 1 ]; then
+# new install
+   %{_bindir}/ssh-makecerts
+#   /sbin/chkconfig --add sshd
+#   service sshd start
+fi
+if [ $1 -gt 1 ]; then
+# update
+   sed -i 's/#\(AllowTcpForwarding\) .*/\1 no/
+           s/#X11Forwarding no/X11Forwarding yes/' \
+      %{_sysconfdir}/ssh/sshd_config
+   grep "AcceptEnv" %{_sysconfdir}/ssh/sshd_config >/dev/null || \
+      echo "    AcceptEnv LANG LC_*" >> %{_sysconfdir}/ssh/sshd_config
+fi
+exit 0
+
+%posttrans server
+systemctl -q daemon-reload
+systemctl -q enable sshd.socket
+systemctl -q start sshd.socket
+exit 0
+
+%preun server
+if [ $1 -eq 0 ]; then
+# erase
+   systemctl -q stop sshd.socket
+   systemctl -q disable sshd.socket
+fi
+exit 0
+
+%postun server
+systemctl -q daemon-reload
+exit 0
+
+%files common
+%defattr(-,root,root)
+%{_bindir}/ssh-copy-id
+%{_bindir}/ssh-keygen
+%{_bindir}/ssh-keyscan
+%{_bindir}/ssh-makecerts
+%{_libexecdir}/openssh/ssh-keysign
+%{_libexecdir}/openssh/ssh-pkcs11-helper
+%{_mandir}/man1/ssh-copy-id.1*
+%{_mandir}/man1/ssh-keygen.1*
+%{_mandir}/man1/ssh-keyscan.1*
+%{_mandir}/man8/ssh-keysign.8*
+%{_mandir}/man8/ssh-pkcs11-helper.8*
+
+%files clients
+%defattr(-,root,root)
+%config(noreplace) %{_sysconfdir}/ssh/ssh_config
+%{_bindir}/scp
+%{_bindir}/sftp
+%{_bindir}/slogin
+%{_bindir}/ssh
+%{_bindir}/ssh-add
+%{_bindir}/ssh-agent
+%{_mandir}/man1/scp.*
+%{_mandir}/man1/sftp.*
+%{_mandir}/man1/ssh-add.*
+%{_mandir}/man1/ssh-agent.*
+%{_mandir}/man1/ssh.*
+%{_mandir}/man1/slogin.*
+%{_mandir}/man5/ssh_config.*
+
+%files server
+%defattr(-,root,root)
+%attr(0600,root,root) %{_sysconfdir}/pam.d/sshd
+%config(noreplace) %{_sysconfdir}/ssh/moduli
+%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/ssh/sshd_config
+%{_sbindir}/sshd
+/lib/systemd/system/sshd.service
+/lib/systemd/system/sshd.socket
+/lib/systemd/system/sshd@.service
+%{_prefix}/lib/tmpfiles.d/sshd.conf
+%{_libexecdir}/openssh/sftp-server
+%attr(0755,root,sys) %dir /var/empty
+%{_mandir}/man5/sshd_config.*
+%{_mandir}/man8/sftp-server.*
+%{_mandir}/man8/sshd.*
+%{_mandir}/man5/moduli.*
+
+%changelog
+* Tue Apr 29 2014 Silvan Calarco <silvan.calarco@mambasoft.it> 6.6p1-3mamba
+- openssh-sshd-makecerts: support ed25519 host key generation
+
+* Wed Apr 09 2014 Silvan Calarco <silvan.calarco@mambasoft.it> 6.6p1-2mamba
+- patch ssh_config with default configuration; set 'ServerAliveInterval 60'
+
+* Sun Mar 16 2014 Automatic Build System <autodist@mambasoft.it> 6.6p1-1mamba
+- automatic version update by autodist
+
+* Thu Jan 30 2014 Automatic Build System <autodist@mambasoft.it> 6.5p1-1mamba
+- automatic version update by autodist
+
+* Tue Nov 12 2013 Silvan Calarco <silvan.calarco@mambasoft.it> 6.4p1-2mamba
+- install ssh-copy-id from contrib/
+
+* Fri Nov 08 2013 Automatic Build System <autodist@mambasoft.it> 6.4p1-1mamba
+- automatic version update by autodist
+
+* Mon Oct 14 2013 Silvan Calarco <silvan.calarco@mambasoft.it> 6.3p1-3mamba
+- ssh-makecerts: remove usage of success and failure functions from obsoleted initscripts functions
+
+* Thu Sep 26 2013 Silvan Calarco <silvan.calarco@mambasoft.it> 6.3p1-2mamba
+- switched to systemd
+
+* Fri Sep 13 2013 Automatic Build System <autodist@mambasoft.it> 6.3p1-1mamba
+- automatic version update by autodist
+
+* Thu May 16 2013 Automatic Build System <autodist@mambasoft.it> 6.2p2-1mamba
+- automatic version update by autodist
+
+* Tue Mar 26 2013 Automatic Build System <autodist@mambasoft.it> 6.2p1-1mamba
+- automatic version update by autodist
+
+* Wed Aug 29 2012 Automatic Build System <autodist@mambasoft.it> 6.1p1-1mamba
+- automatic version update by autodist
+
+* Tue Jul 03 2012 Silvan Calarco <silvan.calarco@mambasoft.it> 6.0p1-2mamba
+- rebuilt with openssl 1.0.1c
+
+* Sun Apr 22 2012 Automatic Build System <autodist@mambasoft.it> 6.0p1-1mamba
+- automatic version update by autodist
+
+* Thu Apr 12 2012 Silvan Calarco <silvan.calarco@mambasoft.it> 5.9p1-6mamba
+- Add SendEnv/AcceptEnv configuration entries to pass LANG and LC_* variables
+
+* Thu Mar 15 2012 Silvan Calarco <silvan.calarco@mambasoft.it> 5.9p1-5mamba
+- rebuilt with openssl 1.0.1
+
+* Sat Jan 07 2012 Davide Madrisan <davide.madrisan@gmail.com> 5.9p1-4mamba
+- make the initscript dash compliant
+
+* Tue Dec 06 2011 Silvan Calarco <silvan.calarco@mambasoft.it> 5.9p1-3mamba
+- added post code to generate host keys at rpm installation
+
+* Thu Sep 15 2011 Silvan Calarco <silvan.calarco@mambasoft.it> 5.9p1-2mamba
+- openssh-common: don't obsolete openssh; move obsolete to openssh-clients
+
+* Tue Sep 06 2011 Automatic Build System <autodist@mambasoft.it> 5.9p1-1mamba
+- automatic version update by autodist
+
+* Tue May 03 2011 Automatic Build System <autodist@mambasoft.it> 5.8p2-1mamba
+- automatic update by autodist
+
+* Wed Mar 02 2011 Davide Madrisan <davide.madrisan@gmail.com> 5.8p1-2mamba
+- initscript: remove bashisms
+- initscript: also create /etc/ssh/ssh_host_ecdsa_key when not found
+
+* Fri Feb 04 2011 Automatic Build System <autodist@mambasoft.it> 5.8p1-1mamba
+- automatic update by autodist
+
+* Tue Jan 25 2011 Automatic Build System <autodist@mambasoft.it> 5.7p1-1mamba
+- automatic update by autodist
+
+* Mon Aug 23 2010 Automatic Build System <autodist@mambasoft.it> 5.6p1-1mamba
+- automatic update to 5.6p1 by autodist
+
+* Fri Apr 16 2010 Automatic Build System <autodist@mambasoft.it> 5.5p1-1mamba
+- automatic update to 5.5p1 by autodist
+
+* Fri Mar 12 2010 Automatic Build System <autodist@mambasoft.it> 5.4p1-1mamba
+- automatic update to 5.4p1 by autodist
+
+* Thu Oct 01 2009 Automatic Build System <autodist@mambasoft.it> 5.3p1-1mamba
+- automatic update to 5.3p1 by autodist
+
+* Mon Feb 23 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 5.2p1-1mamba
+- automatic update to 5.2p1 by autodist
+
+* Fri Aug 29 2008 Ercole 'ercolinux' Carpanetto <ercole69@gmail.com> 5.1p1-1mamba
+- update to 5.1p1
+
+* Sun Dec 16 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 4.7p1-2mamba
+- make openssh-common obsolete openssh instead of openssh-clients
+
+* Thu Dec 13 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 4.7p1-1mamba
+- update to 4.7p1
+- openssh-client renamed to openssh-clients
+- scp moved to openssh-clients
+- openssh renamed to openssh-common
+- openssh-clients obsoletes and provides openssh
+
+* Mon Jun 25 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 4.6p1-2mamba
+- changed pam file for pam 0.99.7
+- don't restart the service on upgrade
+
+* Tue Apr 24 2007 Davide Madrisan <davide.madrisan@gmail.com> 4.6p1-1mamba
+- update to 4.6p1
+- enable support for tcp wrappers
+- restrict permissions for sshd_config and sshd (pam configuration)
+- initscript reworked
+
+* Tue Dec 26 2006 Silvan Calarco <silvan.calarco@mambasoft.it> 4.5p1-2qilnx
+- fix xauth path for Xorg 7.1
+
+* Fri Nov 10 2006 Silvan Calarco <silvan.calarco@mambasoft.it> 4.5p1-1qilnx
+- update to version 4.5p1 by autospec
+
+* Fri Nov 03 2006 Silvan Calarco <silvan.calarco@mambasoft.it> 4.4p1-1qilnx
+- update to version 4.4p1 by autospec
+- removed patch against CVE-2006-0225 (fixed upstream in version 4.3p1)
+
+* Tue Jun 20 2006 Davide Madrisan <davide.madrisan@qilinux.it> 3.9p1-6qilnx
+- security update: fixed CVE-2006-0225
+- updated initscript
+- added a patch from OpenPKG to use ssh in a chroot environment not enabled
+  by default
+
+* Fri Jan 27 2006 Silvan Calarco <silvan.calarco@mambasoft.it> 3.9p1-5qilnx
+- use "service" script to start/stop initscript
+
+* Tue Oct 18 2005 Davide Madrisan <davide.madrisan@qilinux.it> 3.9p1-4qilnx
+- security fix QSA-2005-121 (CAN-2005-2798)
+
+* Fri Oct 14 2005 Davide Madrisan <davide.madrisan@qilinux.it> 3.9p1-3qilnx
+- rebuilt
+
+* Tue Mar 29 2005 Silvan Calarco <silvan.calarco@mambasoft.it> 3.9p1-2qilnx
+- added pam_group support in sshd authentication
+- disabled Tcp Forwarding in default configuration for security reasons with nx
+
+* Thu Feb 10 2005 Davide Madrisan <davide.madrisan@qilinux.it> 3.9p1-1qilnx
+- update to version 3.9p1 by autospec
+
+* Fri Feb 27 2004 Davide Madrisan <davide.madrisan@qilinux.it> 3.7.1p2-1qilnx
+- specfile updated to permit a non root user to build the package
+
+* Tue Oct 04 2003 Silvan Calarco <silvan.calarco@mambasoft.it> 3.7.1p2-2qilnx
+- fixed a pam error which caused the password being asked twice
+- sshd groupid and userid assignment as in QiLinux resources database
+
+* Wed Sep 24 2003 Davide Madrisan <davide.madrisan@qinet.it> 3.7.1p2-1qilnx
+- rebuild with 3.7.1p2
+- updated install block to activate PAM (disabled by defaut from this version on)
+- fixed bash commands in openssh-server -> %%pre
+  
+* Wed Sep 17 2003 Davide Madrisan <davide.madrisan@qinet.it> 3.7.1p1-1qilnx
+- first build of 3.7.1p1
+- added some options to pass to the configure script
+
+* Tue Jun 17 2003 Silvan Calarco <silvan.calarco@qinet.it> 3.6.1p2-1qilnx
+- first build of 3.6.1p2
+- changed configuration scripts to enable X11 tunnelling
+
+* Wed May 21 2003 Silvan Calarco <silvan.calarco@qinet.it> 3.6.1p1-5qilnx
+- changed pamd default authentication with ldap (from required to sufficient)
+
+* Mon May 05 2003 Alessandro Ramazzina <alessandro.ramazzina@qinet.it> 3.6.1p1-4qilnx
+- added sshd group and sshd user for openssh-server
+
+* Wed Apr 30 2003 Alessandro Ramazzina <alessandro.ramazzina@qinet.it> 3.6.1p1-3qilnx
+- fixed a configuration files location error
+
+* Wed Apr 30 2003 Alessandro Ramazzina <alessandro.ramazzina@qinet.it> 3.6.1p1-2qilnx          
+- added -n openssh-server to the %%post and %%preun parameters
+
+* Fri Apr 18 2003 Alessandro Ramazzina <alessandro.ramazzina@qinet.it> 3.6.1p1-1qilnx
+- creation of openssh package