merge with latest dev version

13 files changed, 171 insertions, 0 deletions

diff --git a/core/modules/sshd/TODO b/core/modules/sshd/TODO
new file mode 100644
index 00000000..b4e0a9c1
--- /dev/null
+++ b/core/modules/sshd/TODO
@@ -0,0 +1,3 @@
+make mltk install sshd if its not installed
+
+Distros: Ubuntu, Suse, soon Arch!
diff --git a/core/modules/sshd/data/etc/issue.net b/core/modules/sshd/data/etc/issue.net
new file mode 100644
index 00000000..7dfbddb5
--- /dev/null
+++ b/core/modules/sshd/data/etc/issue.net
@@ -0,0 +1,6 @@
+++++++++++++++++++++++++++++++++++++++
++                                    +
++      MiniLinux SSH Session         +
++                                    +
+++++++++++++++++++++++++++++++++++++++
+
diff --git a/core/modules/sshd/data/etc/ssh/ssh_host_dsa_key b/core/modules/sshd/data/etc/ssh/ssh_host_dsa_key
new file mode 100644
index 00000000..0132fe84
--- /dev/null
+++ b/core/modules/sshd/data/etc/ssh/ssh_host_dsa_key
@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBugIBAAKBgQDu6vk2uFnUyKt9/In9Rtkq+2zqwd8slm90NUt6JBXyjYsIJwRp
+hxRG1sFDho3ogog5hlt+y+UuNPc5QchT/e3O71zt2XbrfK2irr4XBJILuup95AGe
+iW/gzMIUD4an8I58yYM9rXhTzvIMwri7jM6EKlCUytafVTdMICVH78Y97QIVAJ9a
+Cs8Gxy91XMoHK3zcHutQcIF3AoGAV6p2ISW0pAE+2GbeKUDvraCNXDG37JaMCjZr
+S+NB3cN/vJwjy0fPI6CB5o6GcgFhB0cxdgCb60lV8Qz76clx4ZJId8PVxeKp4vSw
+kHdSbcRlBpRbe/YJY8ja/ITkvmeiEMncTQByo1t2VXDqHbvgQsllIqbbRWl0B2yV
+WO4Uw4gCgYAFCgiy2Ncal0KhsHAJV5dP4imeyd49lONI488RO18wiODhCzGtkbvV
+pL/saDZWkm3pUhJ9J0qalIZaJGG0WO6GHiQC5CzH21GF9RgsoNjrMl3gzuZB9FxB
+4cg8UyZ2QCqXlRusOCIiZhBdIZzDkK6HlQMMtFGEGg/c9yNgxkPAzQIULLxfDTNh
+8Ouz5BhfKWJrZ0XGUsA=
+-----END DSA PRIVATE KEY-----
diff --git a/core/modules/sshd/data/etc/ssh/ssh_host_dsa_key.pub b/core/modules/sshd/data/etc/ssh/ssh_host_dsa_key.pub
new file mode 100644
index 00000000..97af5cb0
--- /dev/null
+++ b/core/modules/sshd/data/etc/ssh/ssh_host_dsa_key.pub
@@ -0,0 +1 @@
+ssh-dss AAAAB3NzaC1kc3MAAACBAO7q+Ta4WdTIq338if1G2Sr7bOrB3yyWb3Q1S3okFfKNiwgnBGmHFEbWwUOGjeiCiDmGW37L5S409zlByFP97c7vXO3Zdut8raKuvhcEkgu66n3kAZ6Jb+DMwhQPhqfwjnzJgz2teFPO8gzCuLuMzoQqUJTK1p9VN0wgJUfvxj3tAAAAFQCfWgrPBscvdVzKByt83B7rUHCBdwAAAIBXqnYhJbSkAT7YZt4pQO+toI1cMbfslowKNmtL40Hdw3+8nCPLR88joIHmjoZyAWEHRzF2AJvrSVXxDPvpyXHhkkh3w9XF4qni9LCQd1JtxGUGlFt79gljyNr8hOS+Z6IQydxNAHKjW3ZVcOodu+BCyWUipttFaXQHbJVY7hTDiAAAAIAFCgiy2Ncal0KhsHAJV5dP4imeyd49lONI488RO18wiODhCzGtkbvVpL/saDZWkm3pUhJ9J0qalIZaJGG0WO6GHiQC5CzH21GF9RgsoNjrMl3gzuZB9FxB4cg8UyZ2QCqXlRusOCIiZhBdIZzDkK6HlQMMtFGEGg/c9yNgxkPAzQ== root@stp
diff --git a/core/modules/sshd/data/etc/ssh/ssh_host_ecdsa_key b/core/modules/sshd/data/etc/ssh/ssh_host_ecdsa_key
new file mode 100644
index 00000000..1fea2717
--- /dev/null
+++ b/core/modules/sshd/data/etc/ssh/ssh_host_ecdsa_key
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDDwyXBE0s5I7Cci/by2EInEyHyIvfC6IB5U8XF5eZUDlVMxkgBYK0sm
+r3Lyuy4XR3CgBwYFK4EEACKhZANiAATwyn0SyUKavp9CfPiv9IRSu8ICK1HekDMf
+lB4AIOObT1CMEROVfwh6ur1w980426YSZW+j+bQN5RQVDF7njcsD0eiSeJj8HVrR
+3PDpreZJMZVV2mLNYZxuE0kx9ILK12I=
+-----END EC PRIVATE KEY-----
diff --git a/core/modules/sshd/data/etc/ssh/ssh_host_ecdsa_key.pub b/core/modules/sshd/data/etc/ssh/ssh_host_ecdsa_key.pub
new file mode 100644
index 00000000..0ef413ba
--- /dev/null
+++ b/core/modules/sshd/data/etc/ssh/ssh_host_ecdsa_key.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBPDKfRLJQpq+n0J8+K/0hFK7wgIrUd6QMx+UHgAg45tPUIwRE5V/CHq6vXD3zTjbphJlb6P5tA3lFBUMXueNywPR6JJ4mPwdWtHc8Omt5kkxlVXaYs1hnG4TSTH0gsrXYg== root@stp
diff --git a/core/modules/sshd/data/etc/ssh/ssh_host_rsa_key b/core/modules/sshd/data/etc/ssh/ssh_host_rsa_key
new file mode 100644
index 00000000..b37b5a74
--- /dev/null
+++ b/core/modules/sshd/data/etc/ssh/ssh_host_rsa_key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC4QG0lNN4NewU8nTxNr/dpF4FGRrVifIDOgTVcfJluYt3c1mfJ
+tA2/ujwJ9jUV196P7UJ4QsAlpwd6SlKlxQ/tCTF2Zi2tjNtypIuSwBysxBM0BTRr
+L/ntwET2vqdA1wRRRVDMl+l3B3YI1aJBUYqyM72v/yK/jbJiS5hZLp9TXwIDAQAB
+AoGAXEGuJPYexWM20Q3t9vxIBrAFQ9n90o2CtWPPAztEXBhW/M/CciWcyMaIb3h/
+RiurvidPpAXQTkofHWV/ko9klDLDAOTsJE+mir61izvdPHqZH13ZJyI+GUN4bQ0a
+1hV415OPsiks1jBL+J5sD1dvFZU4nOOeFbIZcmCf/Z5DIlECQQDke7DdNiiy2zls
+C1GrCbj0R85h1ZmwZ4GytVkxlik+Ids2aeskxDba5wlEUZutVyGlQuUe6Zm4r2eI
+Vq7/47VnAkEAznELdXCd6zYynGz8RYY4zMtLvu+oWePLKX/6P/egkfkloaB13Ohr
+yEd//V+cnobL9g5ed5Ggt4WF4AhcvKn/SQJBAJDO1AlfievRhVM02U3Nm6s211aq
+Sf3DnC/nP+BtizYVvxl9h8qFkT6rrvPdxQzXbDuRaiVtaD/k63k9dyw25YECQBfF
+GGarUuOUV/t+6QUwUTXzaoNPoPjIq8nZfH0FDC4Cm/yiNy/6av6ijPAlpCj0qGNq
+gCIQWIsJCsMi81qd0FECQQCfu6wSDszVseas0CAcxjP4MU5lVr6/L8//ZUn9TDJM
+WSQelziGbnbsIXq7owCVDxROJ770IqOL4OQZDw5R8Swd
+-----END RSA PRIVATE KEY-----
diff --git a/core/modules/sshd/data/etc/ssh/ssh_host_rsa_key.pub b/core/modules/sshd/data/etc/ssh/ssh_host_rsa_key.pub
new file mode 100644
index 00000000..e6fd0588
--- /dev/null
+++ b/core/modules/sshd/data/etc/ssh/ssh_host_rsa_key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC4QG0lNN4NewU8nTxNr/dpF4FGRrVifIDOgTVcfJluYt3c1mfJtA2/ujwJ9jUV196P7UJ4QsAlpwd6SlKlxQ/tCTF2Zi2tjNtypIuSwBysxBM0BTRrL/ntwET2vqdA1wRRRVDMl+l3B3YI1aJBUYqyM72v/yK/jbJiS5hZLp9TXw== root@stp
diff --git a/core/modules/sshd/data/etc/ssh/sshd_config b/core/modules/sshd/data/etc/ssh/sshd_config
new file mode 100644
index 00000000..3b7d65a6
--- /dev/null
+++ b/core/modules/sshd/data/etc/ssh/sshd_config
@@ -0,0 +1,92 @@
+# Package generated configuration file
+# See the sshd_config(5) manpage for details
+
+# What ports, IPs and protocols we listen for
+Port 22
+# Use these options to restrict which interfaces/protocols sshd will bind to
+#ListenAddress ::
+#ListenAddress 0.0.0.0
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+#Privilege Separation is turned on for security
+UsePrivilegeSeparation yes
+
+# Lifetime and size of ephemeral version 1 server key
+KeyRegenerationInterval 3600
+ServerKeyBits 768
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication:
+LoginGraceTime 30
+PermitRootLogin yes
+StrictModes yes
+
+RSAAuthentication yes
+PubkeyAuthentication yes
+AuthorizedKeysFile	%h/.ssh/authorized_keys
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Change to no to disable tunnelled clear text passwords
+#PasswordAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+X11Forwarding yes
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog yes
+TCPKeepAlive yes
+#UseLogin no
+
+#MaxStartups 10:30:60
+Banner /etc/issue.net
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
+# OpenSLX
+DenyUsers demo
+UseDNS no
+
diff --git a/core/modules/sshd/data/etc/systemd/system/sshd.service b/core/modules/sshd/data/etc/systemd/system/sshd.service
new file mode 100644
index 00000000..fc711808
--- /dev/null
+++ b/core/modules/sshd/data/etc/systemd/system/sshd.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=OpenSSH Daemon
+
+[Service]
+ExecStart=/usr/sbin/sshd -D
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=always
diff --git a/core/modules/sshd/data/etc/tmpfiles.d/sshd.conf b/core/modules/sshd/data/etc/tmpfiles.d/sshd.conf
new file mode 100644
index 00000000..ffb34ca6
--- /dev/null
+++ b/core/modules/sshd/data/etc/tmpfiles.d/sshd.conf
@@ -0,0 +1,3 @@
+d /var/run/sshd 0755 root root
+d /var/empty/sshd 0755 root root
+
diff --git a/core/modules/sshd/module.build b/core/modules/sshd/module.build
new file mode 100644
index 00000000..ebf42c12
--- /dev/null
+++ b/core/modules/sshd/module.build
@@ -0,0 +1,20 @@
+fetch_source() {
+	:
+}
+
+build() {
+
+	local BIN_LOCATION="$(which sshd)"
+	[ ! -z "${BIN_LOCATION}" ] && BIN_LOCATION=$(readlink -f "$BIN_LOCATION")
+	if [ ! -z "${BIN_LOCATION}" -a -e "${BIN_LOCATION}" ]; then
+		tarcopy "${BIN_LOCATION}" "${MODULE_BUILD_DIR}"
+	else
+		perror "'sshd' not found on the system! Please install it."
+	fi
+}
+
+post_copy() {
+	mkdir -p "${TARGET_BUILD_DIR}/var/lib/empty" # suse
+
+	chmod go-rwx "${TARGET_BUILD_DIR}/etc/ssh/"* # no space, " before *
+}
diff --git a/core/modules/sshd/module.conf b/core/modules/sshd/module.conf
new file mode 100644
index 00000000..25793c72
--- /dev/null
+++ b/core/modules/sshd/module.conf
@@ -0,0 +1,3 @@
+REQUIRED_BINARIES="sshd"
+REQUIRED_LIBRARIES=""
+REQUIRED_DIRECTORIES=""