diff --git a/openssh-5.3p1-nss-keys.patch b/openssh-5.3p1-nss-keys.patch index af12b97..dbf34cb 100644 --- a/openssh-5.3p1-nss-keys.patch +++ b/openssh-5.3p1-nss-keys.patch @@ -1366,3 +1366,43 @@ diff -up openssh-5.3p1/ssh-rsa.c.nss-keys openssh-5.3p1/ssh-rsa.c /* encode signature */ buffer_init(&b); buffer_put_cstring(&b, "ssh-rsa"); +diff -up /dev/null openssh-5.2p1/README.nss +--- /dev/null 2008-11-17 17:51:52.160001870 +0100 ++++ openssh-5.2p1/README.nss 2008-11-18 19:11:41.000000000 +0100 +@@ -0,0 +1,36 @@ ++How to use NSS tokens with OpenSSH? ++ ++This version of OpenSSH contains experimental support for authentication using ++keys stored in tokens stored in NSS database. This for example includes any ++PKCS#11 tokens which are installed in your NSS database. ++ ++As the code is experimental and preliminary only SSH protocol 2 is supported. ++The NSS certificate and token databases are looked for in the ~/.ssh ++directory or in a directory specified by environment variable NSS_DB_PATH. ++ ++Common operations: ++ ++(1) tell the ssh client to use the NSS keys: ++ ++ $ ssh -o 'UseNSS yes' otherhost ++ ++ if you want to use a specific token: ++ ++ $ ssh -o 'UseNSS yes' -o 'NSS Token My PKCS11 Token' otherhost ++ ++(2) or tell the agent to use the NSS keys: ++ ++ $ ssh-add -n ++ ++ if you want to use a specific token: ++ ++ $ ssh-add -n -T 'My PKCS11 Token' ++ ++(3) extract the public key from token so it can be added to the ++server: ++ ++ $ ssh-keygen -n ++ ++ if you want to use a specific token and/or key: ++ ++ $ ssh-keygen -n -D 'My PKCS11 Token' 'My Key ID' diff --git a/openssh.spec b/openssh.spec index e87ebb3..dcc3e7f 100644 --- a/openssh.spec +++ b/openssh.spec @@ -69,8 +69,9 @@ Summary: An open source implementation of SSH protocol versions 1 and 2 Name: openssh Version: 5.3p1 -Release: 4%{?dist}%{?rescue_rel} +Release: 5%{?dist}%{?rescue_rel} URL: http://www.openssh.com/portable.html +#URL1: http://pamsshauth.sourceforge.net #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc # This package differs from the upstream OpenSSH tarball in that @@ -520,6 +521,9 @@ fi %endif %changelog +* Tue Oct 27 2009 Jan F. Chadima - 5.3p1-5 +- Add README.nss + * Mon Oct 19 2009 Tomas Mraz - 5.3p1-4 - Add pam_ssh_agent_auth module to a subpackage.