diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 1ccca77..dd1e036 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,11 @@ +2025-06-26 Daniel Baumann + + * Releasing version 20250626. + + [ Daniel Baumann ] + * Removing included generated manpage. + * Renaming ssh-authorizedkeys-command to ssh-pubkey. + 2025-06-25 Daniel Baumann * Releasing version 20250625. diff --git a/VERSION.txt b/VERSION.txt index 9acd59f..efcd83e 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -20250625 +20250626 diff --git a/linux/Makefile b/linux/Makefile index 9c73ffc..b950099 100644 --- a/linux/Makefile +++ b/linux/Makefile @@ -101,6 +101,7 @@ uninstall: rmdir --ignore-fail-on-non-empty --parents $(DESTDIR) || true clean: + $(MAKE) -C share/man clean distclean: diff --git a/openssh/Makefile b/openssh/Makefile index 0f95262..543e55f 100644 --- a/openssh/Makefile +++ b/openssh/Makefile @@ -19,7 +19,7 @@ SHELL := sh -e -SCRIPTS = bin/* +SCRIPTS = share/bin/* all: build @@ -62,8 +62,8 @@ build: share/man/*.rst $(MAKE) -C share/man install: build - mkdir -p $(DESTDIR)/usr/bin - cp -r bin/* $(DESTDIR)/usr/bin + mkdir -p $(DESTDIR)/usr/share/openssh-tools + cp -r share/bin $(DESTDIR)/usr/share/openssh-tools mkdir -p $(DESTDIR)/etc/ssh/sshd_config.d cp -r share/openssh-server/* $(DESTDIR)/etc/ssh/sshd_config.d @@ -93,15 +93,13 @@ uninstall: done rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/ssh/sshd_config.d || true - for FILE in bin/*; \ - do \ - rm -f $(DESTDIR)/usr/bin/$$(basename $${FILE}); \ - done - rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/bin || true + rm -f $(DESTDIR)/usr/share/openssh-tools + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/share/openssh-tools || true rmdir --ignore-fail-on-non-empty --parents $(DESTDIR) || true clean: + $(MAKE) -C share/man clean distclean: diff --git a/openssh/bin/ssh-authorizedkeys-command b/openssh/share/bin/ssh-pubkey.in similarity index 52% rename from openssh/bin/ssh-authorizedkeys-command rename to openssh/share/bin/ssh-pubkey.in index 9cadaf3..e11cf1e 100755 --- a/openssh/bin/ssh-authorizedkeys-command +++ b/openssh/share/bin/ssh-pubkey.in @@ -19,4 +19,59 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -exit 0 +PROGRAM="$(basename ${0})" + +Parameters () +{ + GETOPT_LONGOPTIONS="name:," + GETOPT_OPTIONS="n:," + + PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${PROGRAM} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" + + if [ "${?}" != "0" ] + then + echo "'${PROGRAM}': getopt exit" >&2 + exit 1 + fi + + eval set -- "${PARAMETERS}" + + while true + do + case "${1}" in + -h|--help) + Usage + exit 0 + ;; + + --) + shift 1 + break + ;; + + *) + echo "'${PROGRAM}': getopt error" >&2 + exit 1 + ;; + esac + done +} + +Usage () +{ + echo "Usage: ${PROGRAM} USER" >&2 + echo "Usage: ${PROGRAM} -h|--help" >&2 + echo + echo "See ${PROGRAM}(1) for more information." + + exit 1 +} + +Parameters "${@}" + +if [ -z "${1}" ] +then + Usage +fi + +# Run diff --git a/openssh/share/man/ssh-authorizedkeys-command.1 b/openssh/share/man/ssh-authorizedkeys-command.1 deleted file mode 100644 index 058e54a..0000000 --- a/openssh/share/man/ssh-authorizedkeys-command.1 +++ /dev/null @@ -1,114 +0,0 @@ -.\" Open Infrastructure: service-tools -.\" -.\" Copyright (C) 2014-2025 Daniel Baumann -.\" -.\" SPDX-License-Identifier: GPL-3.0+ -.\" -.\" This program is free software: you can redistribute it and/or modify -.\" it under the terms of the GNU General Public License as published by -.\" the Free Software Foundation, either version 3 of the License, or -.\" (at your option) any later version. -.\" -.\" This program is distributed in the hope that it will be useful, -.\" but WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -.\" GNU General Public License for more details. -.\" -.\" You should have received a copy of the GNU General Public License -.\" along with this program. If not, see . -.\" -. -. -.nr rst2man-indent-level 0 -. -.de1 rstReportMargin -\\$1 \\n[an-margin] -level \\n[rst2man-indent-level] -level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] -- -\\n[rst2man-indent0] -\\n[rst2man-indent1] -\\n[rst2man-indent2] -.. -.de1 INDENT -.\" .rstReportMargin pre: -. RS \\$1 -. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] -. nr rst2man-indent-level +1 -.\" .rstReportMargin post: -.. -.de UNINDENT -. RE -.\" indent \\n[an-margin] -.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] -.nr rst2man-indent-level -1 -.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] -.in \\n[rst2man-indent\\n[rst2man-indent-level]]u -.. -.TH "SSH-AUTHORIZEDKEYS-COMMAND" "1" service-tools "Open Infrastructure" -.SH NAME -ssh-authorizedkeys-command \- meta-command to get a users public key for authentication with openssh-server -.SH SYNOPSIS -.nf -\fBssh\-authorizedkeys\-command\fP USER -.fi -.sp -.SH DESCRIPTION -.sp -\fBssh\-authorizedkeys\-command\fP executes the user configured command in /etc/default/ssh\-authorizedkeys\-command. -.sp -The configured command in /etc/default/ssh\-authorizedkeys\-command can be manually edited, by calling \fBdpkg\-reconfigure open\-infrastructure\-openssh\-tools\fP (if available), or by editing /etc/default/ssh\-authorizedkeys\-command directly. -.sp -The configured command can use first argument given to ssh\-authorizedkeys\-command which is the user that the login is performed for by openssh. The command needs to return a valid public key (e.g. \(aqssh\-ed22519 [...]\(aq) which then gets used by openssh. -.SH EXAMPLE -.sp -When using LDAP with the \fBsshPublicKey\fP attribute, a valid command could look like this: -.INDENT 0.0 -.INDENT 3.5 -.nf - -$(ldapsearch \-LLL \-x \-o ldif\-wrap=no \-H ldaps://ldap.example.org:636 \-b dc=example uid=\(dq${1}\(dq \(aqsshPublicKey\(aq | -.in +2 -awk \(aq/^sshPublicKey: / { print $2, $3 }\(aq) - -.in -2 -.fi -.sp -.UNINDENT -.UNINDENT -.SH FILES -.sp -The following files are used: -.INDENT 0.0 -.TP -.B /etc/ssh/sshd_config.d/ssh\-authorizedkeys\-command: -openssh\-server configuration to enable ssh\-authorizedkeys\-command. -.TP -.B /etc/default/ssh\-authorizedkeys\-command -configuration file that contains the user configured command to be executed. -.TP -.B /usr/bin/ssh\-authorizedkeys\-command: -script that executes the user configured command to return the users public keys. -.UNINDENT -.SH SEE ALSO -.nf -sshd_config(5) -.fi -.sp -.SH HOMEPAGE -.sp -More information about service\-tools and the Open Infrastructure project can be -found on the homepage ( ). -.SH CONTACT -.sp -Bug reports, feature requests, help, patches, support and everything else are -welcome on the Open Infrastructure Software Mailing List -< >. -.sp -Debian specific bugs can also be reported in the Debian Bug Tracking System -( ). -.SH AUTHORS -.sp -service\-tools were written by Daniel Baumann -< > and others. -. diff --git a/openssh/share/man/ssh-authorizedkeys-command.1.rst b/openssh/share/man/ssh-pubkey.1.rst similarity index 78% rename from openssh/share/man/ssh-authorizedkeys-command.1.rst rename to openssh/share/man/ssh-pubkey.1.rst index c489d72..1634a95 100644 --- a/openssh/share/man/ssh-authorizedkeys-command.1.rst +++ b/openssh/share/man/ssh-pubkey.1.rst @@ -17,9 +17,9 @@ .. You should have received a copy of the GNU General Public License .. along with this program. If not, see . -========================== -ssh-authorizedkeys-command -========================== +========== +ssh-pubkey +========== ----------------------------------------------------------------------------- meta-command to get a users public key for authentication with openssh-server @@ -31,16 +31,16 @@ meta-command to get a users public key for authentication with openssh-server Synopsis ======== -| **ssh-authorizedkeys-command** USER +| **ssh-pubkey** USER Description =========== -**ssh-authorizedkeys-command** executes the user configured command in /etc/default/ssh-authorizedkeys-command. +**ssh-pubkey** executes a command to show the public key of a user. -The configured command in set by calling ``dpkg-reconfigure open-infrastructure-openssh-tools`` (if available), or by editing /etc/default/ssh-authorizedkeys-command directly. +The configured command in set by calling ``dpkg-reconfigure open-infrastructure-openssh-tools`` (if available), or by editing /usr/bin/ssh-pubkey directly. -The configured command can use first argument given to ssh-authorizedkeys-command which is the user that the login is performed for by openssh. The command needs to return a valid public key (e.g. 'ssh-ed22519 [...]') which then gets used by openssh. +The configured command can use first argument given to ssh-pubkey which is the user that the login is performed for by openssh. The command needs to return a valid public key (e.g. 'ssh-ed22519 [...]') which then gets used by openssh. Example ======= @@ -60,9 +60,12 @@ The following files are used: /etc/ssh/sshd_config.d/ssh-authorizedkeys-command: openssh-server configuration to enable ssh-authorizedkeys-command. -/usr/bin/ssh-authorizedkeys-command: +/usr/bin/ssh-pubkey: script that executes the user configured command to return the users public keys. +/usr/share/openssh-tools/bin/ssh-pubkey.in: + stup of the script that is combined with the user supplied command to /usr/bin/ssh-pubkey. + See also ======== diff --git a/openssh/share/openssh-server/authorizedkeys-command.conf b/openssh/share/openssh-server/authorizedkeys-command.conf index 5e821a7..c8911e4 100644 --- a/openssh/share/openssh-server/authorizedkeys-command.conf +++ b/openssh/share/openssh-server/authorizedkeys-command.conf @@ -1,4 +1,4 @@ # /etc/ssh/sshd_config.d/authorizedkeys-command.conf -AuthorizedKeysCommand /usr/bin/ssh-authorizedkeys-command +AuthorizedKeysCommand /usr/bin/ssh-pubkey AuthorizedKeysCommandUser nobody