# Version of ssh-askpass %define aversion 1.2.4.1 # Version of watchdog patch %define wversion 4.4p1 # Version of the hpn patch %define hpnver 13v6 # overrides %define build_skey 0 %define build_krb5 1 %define build_watchdog 0 %define build_x11askpass 1 %define build_gnomeaskpass 1 %define build_ldap 0 %define build_sftpcontrol 0 %define build_hpn 0 %define build_audit 0 %define build_libedit 1 %{?_with_skey: %{expand: %%global build_skey 1}} %{?_without_skey: %{expand: %%global build_skey 0}} %{?_with_krb5: %{expand: %%global build_krb5 1}} %{?_without_krb5: %{expand: %%global build_krb5 0}} %{?_with_watchdog: %{expand: %%global build_watchdog 1}} %{?_without_watchdog: %{expand: %%global build_watchdog 0}} %{?_with_x11askpass: %{expand: %%global build_x11askpass 1}} %{?_without_x11askpass: %{expand: %%global build_x11askpass 0}} %{?_with_gnomeaskpass: %{expand: %%global build_gnomeaskpass 1}} %{?_without_gnomeaskpass: %{expand: %%global build_gnomeaskpass 0}} %{?_with_ldap: %{expand: %%global build_ldap 1}} %{?_without_ldap: %{expand: %%global build_ldap 0}} %{?_with_sftpcontrol: %{expand: %%global build_sftpcontrol 1}} %{?_without_sftpcontrol: %{expand: %%global build_sftpcontrol 0}} %{?_with_hpn: %{expand: %%global build_hpn 1}} %{?_without_hpn: %{expand: %%global build_hpn 0}} %{?_with_audit: %{expand: %%global build_audit 1}} %{?_without_audit: %{expand: %%global build_audit 0}} %{?_with_libedit: %{expand: %%global build_libedit 1}} %{?_without_libedit: %{expand: %%global build_libedit 0}} %define OPENSSH_PATH "/usr/local/bin:/bin:%{_bindir}" %define XAUTH %{_bindir}/xauth Summary: OpenSSH free Secure Shell (SSH) implementation Name: openssh Version: 6.0p1 Release: %mkrel 1 License: BSD Group: Networking/Remote access URL: http://www.openssh.com/ Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc Source2: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.bz2 # ssh-copy-id taken from debian, with "usage" added Source3: ssh-copy-id Source7: openssh-xinetd Source9: README.sftpfilecontrol # this is never to be applied by default # http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-watchdog.html Source10: openssh-%{wversion}-watchdog.patch.tgz Source12: ssh_ldap_key.pl Source15: ssh-avahi-integration Source17: sshd.pam Source21: README.hpn Source22: sshd-keygen.service Source23: sshd.service Source24: sshd.socket Source25: sshd-keygen # patch to set some default configuration Patch1: openssh-distro_conf.diff # rediffed from openssh-4.4p1-watchdog.patch.tgz Patch4: openssh-4.4p1-watchdog.diff # optional ldap support # http://dev.inversepath.com/trac/openssh-lpk #Patch6: http://dev.inversepath.com/openssh-lpk/openssh-lpk-4.6p1-0.3.9.patch # new location for the lpk patch. # rediffed from "svn checkout http://openssh-lpk.googlecode.com/svn/trunk/ openssh-lpk-read-only" Patch6: openssh-lpk-5.4p1-0.3.10.diff # http://sftpfilecontrol.sourceforge.net # Not applied by default # P7 is rediffed and slightly adjusted from http://sftplogging.sourceforge.net/download/v1.5/openssh-4.4p1.sftplogging-v1.5.patch Patch7: openssh-4.9p1.sftplogging-v1.5.diff # (tpg) http://www.psc.edu/networking/projects/hpn-ssh/ Patch11: http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn%{hpnver}.diff Patch12: http://www.psc.edu/networking/projects/hpn-ssh/openssh5.1-peaktput.diff #gw: from Fedora: #fix round-robin DNS with GSSAPI authentification Patch13: openssh-4.3p2-gssapi-canohost.patch Patch14: openssh-4.7p1-audit.patch Patch17: openssh-5.1p1-askpass-progress.patch Patch18: openssh-4.3p2-askpass-grab-info.patch Patch19: openssh-4.0p1-exit-deadlock.patch Patch21: openssh_tcp_wrappers.patch Patch22: openssh-5.9p1-log-usepam-no.patch Provides: ssh Requires(post): openssl >= 0.9.7 Requires(post): makedev Requires(preun): openssl >= 0.9.7 Requires: tcp_wrappers BuildRequires: groff-for-man BuildRequires: openssl-devel >= 0.9.7 BuildRequires: pam-devel BuildRequires: tcp_wrappers-devel BuildRequires: zlib-devel %if %{build_skey} BuildRequires: skey-devel %endif %if %{build_krb5} BuildRequires: krb5-devel %endif %if %{build_x11askpass} BuildRequires: imake BuildRequires: rman # http://qa.mandriva.com/show_bug.cgi?id=22736 BuildRequires: x11-util-cf-files >= 1.0.2 BuildRequires: gccmakedep BuildRequires: libx11-devel BuildRequires: libxt-devel %endif %if %{build_gnomeaskpass} BuildRequires: gtk+2-devel %endif %if %{build_ldap} BuildRequires: openldap-devel >= 2.0 %endif %if %{build_audit} BuildRequires: audit-devel %endif %if %{build_libedit} BuildRequires: edit-devel ncurses-devel %endif BuildConflicts: libgssapi-devel %description Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. You can build %{name} with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] skey smartcard support (disabled) --with[out] krb5 kerberos support (enabled) --with[out] watchdog watchdog support (disabled) --with[out] x11askpass X11 ask pass support (enabled) --with[out] gnomeaskpass Gnome ask pass support (enabled) --with[out] ldap OpenLDAP support (disabled) --with[out] sftpcontrol sftp file control support (disabled) --with[out] hpn HPN ssh/scp support (disabled) --with[out] audit audit support (disabled) --with[out] libedit libedit support in sftp (enabled) %package clients Summary: OpenSSH Secure Shell protocol clients Group: Networking/Remote access Requires: %{name} = %{version}-%{release} Provides: ssh-clients, sftp, ssh %description clients Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the clients necessary to make encrypted connections to SSH servers. %package server Summary: OpenSSH Secure Shell protocol server (sshd) Group: System/Servers Requires(pre): %{name} = %{version}-%{release} chkconfig >= 0.9 Requires(pre): pam >= 0.74 Requires(post): rpm-helper >= 0.24.8-1 Requires(preun): rpm-helper >= 0.24.8-1 Requires(post): openssl >= 0.9.7 Requires(post): makedev Requires: %{name}-clients = %{version}-%{release} %if %{build_skey} Requires: skey %endif %if %{build_audit} BuildRequires: audit %endif Provides: ssh-server, sshd %description server Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package contains the secure shell daemon. The sshd is the server part of the secure shell protocol and allows ssh clients to connect to your host. %package askpass-common Summary: OpenSSH X11 passphrase common scripts Group: Networking/Remote access %description askpass-common OpenSSH X11 passphrase common scripts %if %{build_x11askpass} %package askpass Summary: OpenSSH X11 passphrase dialog Group: Networking/Remote access Requires: %{name} = %{version}-%{release} Requires: %{name}-askpass-common Provides: ssh-extras, ssh-askpass Requires(pre): update-alternatives %description askpass Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package contains Jim Knoble's X11 passphrase dialog. %endif %if %{build_gnomeaskpass} %package askpass-gnome Summary: OpenSSH GNOME passphrase dialog Group: Networking/Remote access Requires: %{name} = %{version}-%{release} Requires: %{name}-askpass-common Requires(pre): update-alternatives Provides: %{name}-askpass, ssh-askpass, ssh-extras %description askpass-gnome Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package contains the GNOME passphrase dialog. %endif %prep %if %{build_x11askpass} echo "Building with x11 askpass..." %endif %if %{build_gnomeaskpass} echo "Building with GNOME askpass..." %endif %if %{build_krb5} echo "Building with Kerberos5 support..." %endif %if %{build_skey} echo "Building with S/KEY support..." %endif %if %{build_watchdog} echo "Building with watchdog support..." %endif %if %{build_ldap} echo "Buiding with support for authenticating to public keys in ldap" %endif %if %{build_sftpcontrol} echo "Buiding with support for sftp file control" %endif %if %{build_hpn} echo "Buiding with support for High Performance Network SSH/SCP" %endif %if %{build_audit} echo "Buiding with audit support" %endif %setup -q -a2 -a10 %patch1 -p1 -b .distro_conf %if %{build_watchdog} #patch -p0 -s -z .wdog < %{name}-%{wversion}-watchdog.patch %patch4 -p1 -b .watchdog %endif %if %{build_ldap} sed -i 's|UsePrivilegeSeparation yes|#UsePrivilegeSeparation yes|' sshd_config %patch6 -p1 -b .lpk rm -f README.lpk.lpk %define _default_patch_fuzz 3 %else %define _default_patch_fuzz 2 %endif %if %{build_sftpcontrol} #cat %{SOURCE8} | patch -p1 -s -z .sftpcontrol echo "This patch is broken or needs to be updated/rediffed"; exit 1 %patch7 -p1 -b .sftplogging-v1.5 # README with license terms for this patch install -m 0644 %{SOURCE9} . %endif %if %{build_hpn} echo "This patch is broken or needs to be updated/rediffed"; exit 1 %patch11 -p1 -b .hpn %patch12 -p1 -b .peak install %{SOURCE21} . %endif %patch13 -p1 -b .canohost %if %{build_audit} %patch14 -p1 -b .audit %endif %patch17 -p1 -b .progress %patch18 -p1 -b .grab-info %patch19 -p1 -b .exit-deadlock %patch21 -p1 -b .tcp_wrappers_mips %patch22 -p1 -b .pam install %{SOURCE12} . install -m 0644 %{SOURCE17} sshd.pam # fix attribs chmod 644 ChangeLog OVERVIEW README* INSTALL CREDITS LICENCE TODO ssh_ldap_key.pl # http://qa.mandriva.com/show_bug.cgi?id=22957 perl -pi -e "s|_OPENSSH_PATH_|%{OPENSSH_PATH}|g" sshd_config %build autoreconf %serverbuild %if %{build_x11askpass} pushd x11-ssh-askpass-%{aversion} %configure2_5x \ --prefix=%{_prefix} --libdir=%{_libdir} \ --mandir=%{_mandir} --libexecdir=%{_libdir}/ssh \ --with-app-defaults-dir=%{_sysconfdir}/X11/app-defaults \ %if %{build_libedit} --with-libedit \ %else --without-libedit \ %endif xmkmf -a %ifarch x86_64 perl -pi -e "s|/usr/lib\b|%{_libdir}|g" Makefile perl -pi -e "s|i586-%{_vendor}-linux-gnu|x86_64-%{_vendor}-linux-gnu|g" Makefile perl -pi -e "s|%{_libdir}/gcc/|/usr/lib/gcc/|g" Makefile perl -pi -e "s|-m32|-m64|g" Makefile perl -pi -e "s|__i386__|__x86_64__|g" Makefile %endif make \ BINDIR=%{_libdir}/ssh \ CDEBUGFLAGS="$RPM_OPT_FLAGS" \ CXXDEBUGFLAGS="$RPM_OPT_FLAGS" # For some reason the x11-ssh-askpass.1.html file is not created on 10.0/10.1 # x86_64, so we just do it manually here... (oden) rm -f x11-ssh-askpass.1x.html x11-ssh-askpass.1x-html rman -f HTML < x11-ssh-askpass._man > x11-ssh-askpass.1x-html && \ mv -f x11-ssh-askpass.1x-html x11-ssh-askpass.1.html popd %endif %if %{build_gnomeaskpass} pushd contrib make gnome-ssh-askpass2 CC="%__cc %optflags %ldflags" mv gnome-ssh-askpass2 gnome-ssh-askpass popd %endif %configure2_5x \ --prefix=%{_prefix} \ --sysconfdir=%{_sysconfdir}/ssh \ --mandir=%{_mandir} \ --libdir=%{_libdir} \ --libexecdir=%{_libdir}/ssh \ --datadir=%{_datadir}/ssh \ --disable-strip \ --with-tcp-wrappers \ --with-pam \ --with-default-path=%{OPENSSH_PATH} \ --with-xauth=%{XAUTH} \ --with-privsep-path=/var/empty \ --without-zlib-version-check \ %if %{build_krb5} --with-kerberos5=%{_prefix} \ %endif %if %{build_skey} --with-skey \ %endif %if %{build_ldap} --with-libs="-lldap -llber" \ --with-cppflags="-DWITH_LDAP_PUBKEY -DLDAP_DEPRECATED" \ %endif --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:%{_sbindir}:%{_bindir} \ %if %{build_libedit} --with-libedit \ %else --without-libedit \ %endif %if %{build_audit} --with-linux-audit \ %endif %make %install rm -rf %{buildroot} %makeinstall_std install -d %{buildroot}%{_sysconfdir}/ssh install -d %{buildroot}%{_sysconfdir}/pam.d/ install -d %{buildroot}%{_sysconfdir}/sysconfig install -m 644 sshd.pam %{buildroot}%{_sysconfdir}/pam.d/sshd if [ -f sshd_config.out ]; then install -m 600 sshd_config.out %{buildroot}%{_sysconfdir}/ssh/sshd_config else install -m 600 sshd_config %{buildroot}%{_sysconfdir}/ssh/sshd_config fi echo "root" > %{buildroot}%{_sysconfdir}/ssh/denyusers if [ -f ssh_config.out ]; then install -m 644 ssh_config.out %{buildroot}%{_sysconfdir}/ssh/ssh_config else install -m 644 ssh_config %{buildroot}%{_sysconfdir}/ssh/ssh_config fi echo " StrictHostKeyChecking no" >> %{buildroot}%{_sysconfdir}/ssh/ssh_config mkdir -p %{buildroot}%{_libdir}/ssh %if %{build_x11askpass} pushd x11-ssh-askpass-%{aversion} #make DESTDIR=%{buildroot} install #make DESTDIR=%{buildroot} install.man #install -d %{buildroot}%{_prefix}/X11R6/lib/X11/doc/html #install -m0644 x11-ssh-askpass.1.html %{buildroot}%{_prefix}/X11R6/lib/X11/doc/html/ install -d %{buildroot}%{_libdir}/ssh install -d %{buildroot}%{_sysconfdir}/X11/app-defaults install -m 644 SshAskpass.ad %{buildroot}%{_sysconfdir}/X11/app-defaults/SshAskpass install -m 755 x11-ssh-askpass %{buildroot}%{_libdir}/ssh/ install -m 644 x11-ssh-askpass.man %{buildroot}%{_mandir}/man1/x11-ssh-askpass.1 popd %endif install -d %{buildroot}%{_sysconfdir}/profile.d/ %if %{build_gnomeaskpass} install -m 755 contrib/gnome-ssh-askpass %{buildroot}%{_libdir}/ssh/gnome-ssh-askpass %endif cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.csh < %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.sh < %{buildroot}%{_sysconfdir}/profile.d/90ssh-client.sh <<'EOF' # fix hanging ssh clients on exit if [ -n "$BASH_VERSION" ]; then shopt -s huponexit elif [ -n "$ZSH_VERSION" ]; then setopt hup fi EOF install -m 755 %{SOURCE3} %{buildroot}/%{_bindir}/ssh-copy-id chmod a+x %{buildroot}/%{_bindir}/ssh-copy-id install -m 644 contrib/ssh-copy-id.1 %{buildroot}/%{_mandir}/man1/ # create pre-authentication directory install -d -m 755 %{buildroot}/var/empty # remove unwanted files rm -f %{buildroot}%{_libdir}/ssh/ssh-askpass # xinetd support (tv) install -d -m 755 %{buildroot}%{_sysconfdir}/xinetd.d/ install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/xinetd.d/sshd-xinetd cat > %{buildroot}%{_sysconfdir}/sysconfig/sshd << EOF #OPTIONS="" EOF # avahi integration support (misc) mkdir -p %{buildroot}%{_sysconfdir}/avahi/services/ install -m 0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/avahi/services/%{name}.service install -d -m 755 %{buildroot}%{_unitdir} install -m 644 %{SOURCE23} %{buildroot}%{_unitdir}/sshd.service install -m 644 %{SOURCE24} %{buildroot}%{_unitdir}/sshd.socket install -m 755 %{SOURCE25} %{buildroot}%{_sbindir}/sshd-keygen # make sure strip can touch it chmod 755 %{buildroot}%{_libdir}/ssh/ssh-keysign %pre server %_pre_useradd sshd /var/empty /bin/true %post server # do some key management; taken from the initscript KEYGEN=/usr/bin/ssh-keygen RSA1_KEY=/etc/ssh/ssh_host_key RSA_KEY=/etc/ssh/ssh_host_rsa_key DSA_KEY=/etc/ssh/ssh_host_dsa_key do_rsa1_keygen() { if [ ! -s $RSA1_KEY ]; then echo -n "Generating SSH1 RSA host key... " if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then chmod 600 $RSA1_KEY chmod 644 $RSA1_KEY.pub echo "done" echo else echo "failed" echo exit 1 fi fi } do_rsa_keygen() { if [ ! -s $RSA_KEY ]; then echo "Generating SSH2 RSA host key... " if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then chmod 600 $RSA_KEY chmod 644 $RSA_KEY.pub echo "done" echo else echo "failed" echo exit 1 fi fi } do_dsa_keygen() { if [ ! -s $DSA_KEY ]; then echo "Generating SSH2 DSA host key... " if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then chmod 600 $DSA_KEY chmod 644 $DSA_KEY.pub echo "done" echo else echo "failed" echo exit 1 fi fi } do_rsa1_keygen do_rsa_keygen do_dsa_keygen %_post_service sshd %preun server %_preun_service sshd %postun server %_postun_userdel sshd %if %{build_x11askpass} %post askpass update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/x11-ssh-askpass 10 update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libdir}/ssh/x11-ssh-askpass 10 %postun askpass [ $1 = 0 ] || exit 0 update-alternatives --remove ssh-askpass %{_libdir}/ssh/x11-ssh-askpass update-alternatives --remove bssh-askpass %{_libdir}/ssh/x11-ssh-askpass %endif %if %{build_gnomeaskpass} %post askpass-gnome update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20 update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20 %postun askpass-gnome [ $1 = 0 ] || exit 0 update-alternatives --remove ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass update-alternatives --remove bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass %endif %triggerpostun server -- openssh-server < 3.8p1 if grep -qE "^\W*auth\W+\w+\W+.*pam_(ldap|winbind|mysql)" /etc/pam.d/system-auth /etc/pam.d/sshd; then perl -pi -e 's|^#UsePAM no|UsePAM yes|' /etc/ssh/sshd_config fi %files %doc ChangeLog OVERVIEW README* INSTALL CREDITS LICENCE TODO ssh_ldap_key.pl %if %{build_ldap} %doc *.schema %endif %if %{build_watchdog} %doc CHANGES-openssh-watchdog openssh-watchdog.html %endif %if %{build_sftpcontrol} %doc README.sftpfilecontrol %endif %{_bindir}/ssh-keygen %dir %{_sysconfdir}/ssh %{_bindir}/ssh-keyscan %attr(4711,root,root) %{_libdir}/ssh/ssh-keysign %{_libdir}/ssh/ssh-pkcs11-helper %{_mandir}/man1/ssh-keygen.1* %{_mandir}/man1/ssh-keyscan.1* %{_mandir}/man8/ssh-keysign.8* %{_mandir}/man8/ssh-pkcs11-helper.8* %files clients %{_bindir}/scp %{_bindir}/ssh %{_bindir}/ssh-agent %{_bindir}/ssh-add %{_bindir}/ssh-copy-id %{_bindir}/slogin %{_bindir}/sftp %{_mandir}/man1/scp.1* %{_mandir}/man1/ssh-copy-id.1* %{_mandir}/man1/slogin.1* %{_mandir}/man1/ssh.1* %{_mandir}/man1/ssh-agent.1* %{_mandir}/man1/ssh-add.1* %{_mandir}/man1/sftp.1* %{_mandir}/man5/ssh_config.5* %config(noreplace) %{_sysconfdir}/ssh/ssh_config %{_sysconfdir}/profile.d/90ssh-client.sh %files server %config(noreplace) %{_sysconfdir}/sysconfig/sshd %{_sbindir}/sshd %{_sbindir}/sshd-keygen %dir %{_libdir}/ssh %{_libdir}/ssh/sftp-server %{_mandir}/man5/sshd_config.5* %{_mandir}/man5/moduli.5* %{_mandir}/man8/sshd.8* %{_mandir}/man8/sftp-server.8* %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/denyusers %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd %config(noreplace) %_sysconfdir/xinetd.d/sshd-xinetd %config(noreplace) %{_sysconfdir}/avahi/services/%{name}.service %config(noreplace) %{_sysconfdir}/ssh/moduli %{_unitdir}/sshd.service %{_unitdir}/sshd.socket %dir /var/empty %files askpass-common %{_sysconfdir}/profile.d/90ssh-askpass.* %if %{build_x11askpass} %files askpass %doc x11-ssh-askpass-%{aversion}/README %doc x11-ssh-askpass-%{aversion}/ChangeLog %doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad %doc x11-ssh-askpass-%{aversion}/x11-ssh-askpass.1.html %{_libdir}/ssh/x11-ssh-askpass %{_sysconfdir}/X11/app-defaults/SshAskpass %{_mandir}/man1/x11-ssh-askpass.1* %endif %if %{build_gnomeaskpass} %files askpass-gnome %{_libdir}/ssh/gnome-ssh-askpass %endif