upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-03-12 05:32:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/secure/usr.sbin/sshd/Makefile
Ed Maste 1323ec5712 ssh: update to OpenSSH v8.9p1 
Release notes are available at https://www.openssh.com/txt/release-8.9

Some highlights:

 * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
   restricting forwarding and use of keys added to ssh-agent(1)

 * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid
   ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
   default KEXAlgorithms list (after the ECDH methods but before the
   prime-group DH ones). The next release of OpenSSH is likely to
   make this key exchange the default method.

 * sshd(8), portable OpenSSH only: this release removes in-built
   support for MD5-hashed passwords. If you require these on your
   system then we recommend linking against libxcrypt or similar.

Future deprecation notice
=========================

A near-future release of OpenSSH will switch scp(1) from using the
legacy scp/rcp protocol to using SFTP by default.

Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.

MFC after:	1 month
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
2022-04-13 16:00:56 -04:00

73 lines
1.7 KiB
Makefile
Raw Blame History

# $FreeBSD$
.include <src.opts.mk>
.include "${SRCTOP}/secure/ssh.mk"
CONFS= moduli sshd_config
CONFSDIR= /etc/ssh
PROG= sshd
SRCS= sshd.c auth-rhosts.c auth-passwd.c \
audit.c audit-bsm.c audit-linux.c platform.c \
sshpty.c sshlogin.c servconf.c serverloop.c \
auth.c auth2.c auth-options.c session.c \
auth2-chall.c groupaccess.c \
auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \
auth2-none.c auth2-passwd.c auth2-pubkey.c \
monitor.c monitor_wrap.c auth-krb5.c \
auth2-gss.c gss-serv.c gss-serv-krb5.c \
loginrec.c auth-pam.c auth-shadow.c auth-sia.c \
srclimit.c sftp-server.c sftp-common.c \
sandbox-null.c sandbox-rlimit.c sandbox-systrace.c sandbox-darwin.c \
sandbox-seccomp-filter.c sandbox-capsicum.c sandbox-pledge.c \
sandbox-solaris.c uidswap.c
PACKAGE= ssh
# gss-genr.c really belongs in libssh; see src/secure/lib/libssh/Makefile
SRCS+= gss-genr.c
MAN= sshd.8 sshd_config.5
# Don't rebuild based on moduli.c
moduli: .MADE
# pam should always happen before ssh here for static linking
LIBADD= pam ssh util
.if ${MK_LDNS} != "no"
CFLAGS+= -DHAVE_LDNS=1
#DPADD+= ${LIBLDNS}
#LDADD+= -lldns
.endif
.if ${MK_AUDIT} != "no"
CFLAGS+= -DUSE_BSM_AUDIT=1 -DHAVE_GETAUDIT_ADDR=1
LIBADD+= bsm
.endif
.if ${MK_BLACKLIST_SUPPORT} != "no"
CFLAGS+= -DUSE_BLACKLIST=1 -I${SRCTOP}/contrib/blacklist/include
SRCS+= blacklist.c
LIBADD+= blacklist
LDFLAGS+=-L${LIBBLACKLISTDIR}
.endif
.if ${MK_GSSAPI} != "no" && ${MK_KERBEROS_SUPPORT} != "no"
CFLAGS+= -include krb5_config.h
SRCS+= krb5_config.h
LIBADD+= gssapi_krb5 gssapi krb5
.endif
.if ${MK_TCP_WRAPPERS} != "no"
CFLAGS+= -DLIBWRAP=1
LIBADD+= wrap
.endif
LIBADD+= crypto
.if defined(LOCALBASE)
CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\"
.endif
.include <bsd.prog.mk>
.PATH: ${SSHDIR}
Reference in a new issue View git blame Copy permalink