openssh: import from packages

Signed-off-by: Peter Wagner <tripolar@gmx.at>
2026-04-29 23:18:42 +01:00 · 2014-06-16 11:40:09 +02:00
parent 7fedc0c35b
commit fe62d146fa
8 changed files with 484 additions and 0 deletions
@@ -0,0 +1,44 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2006-2011 OpenWrt.org
+
+START=50
+STOP=50
+
+USE_PROCD=1
+PROG=/usr/sbin/sshd
+
+start_service() {
+	for type in rsa dsa; do {
+		# check for keys
+		key=/etc/ssh/ssh_host_${type}_key
+		[ ! -f $key ] && {
+			# generate missing keys
+			[ -x /usr/bin/ssh-keygen ] && {
+				/usr/bin/ssh-keygen -N '' -t $type -f $key 2>&- >&-
+			}
+		}
+	}; done
+	user_exists sshd 22 || user_add sshd 22 22 sshd /var/empty
+	group_exists sshd 22 || group_add sshd 22 
+	mkdir -m 0700 -p /var/empty
+
+	procd_open_instance
+	procd_set_param command $PROG -D
+	procd_close_instance
+}
+
+shutdown() {
+	local pid
+	local pids
+	local pid_mine
+
+	stop
+
+	# kill active clients
+	pid_mine="$$"
+	pids="$(pidof sshd)"
+	for pid in $pids; do
+		[ "$pid" = "$pid_mine" ] && continue
+		[ -e "/proc/$pid/stat" ] && kill $pid
+	done
+}
@@ -0,0 +1,41 @@
+# PAM configuration for the Secure Shell service
+
+# Read environment variables from /etc/environment and
+# /etc/security/pam_env.conf.
+auth       required     pam_env.so
+
+# Skip Google Authenticator if logging in from the local network.
+# auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-sshd-local.conf
+# Google Authenticator 2-step verification.
+# auth       requisite    pam_google_authenticator.so
+
+# Standard Un*x authentication.
+auth       include      common-auth
+
+# Disallow non-root logins when /etc/nologin exists.
+account    required     pam_nologin.so
+
+# Uncomment and edit /etc/security/access.conf if you need to set complex
+# access limits that are hard to express in sshd_config.
+# account    required     pam_access.so
+
+# Standard Un*x authorization.
+account    include      common-account
+
+# Standard Un*x session setup and teardown.
+session    include      common-session
+
+# Print the message of the day upon successful login.
+session    optional     pam_motd.so
+
+# Print the status of the user's mailbox upon successful login.
+session    optional     pam_mail.so standard noenv
+
+# Set up user limits from /etc/security/limits.conf.
+session    required     pam_limits.so
+
+# Set up SELinux capabilities (need modified pam)
+# session    required     pam_selinux.so multiple
+
+# Standard Un*x password updating.
+password   include      common-password
@@ -0,0 +1,4 @@
+# Skip Google Authenticator for local network
+#+ : ALL : 192.168.1.0/24
+ : ALL : LOCAL
+- : ALL : ALL