As written on the comments:
Colin Watson Says:
May 17th, 2013 at 7:12 pm
I uploaded 6.2 packages to Debian a week or so after you posted this, so you can/should now just use those instead. I expect they should build fine on wheezy.
As a matter of fact, the following is now deprecated
I’ve been using OpenSSH-LPK for years, as this is a really handy solution and no valid alternative existed… until a couple of months.
OpenSSH 6.2 has a new configuration item called “AuthorizedKeysCommand”. The value associated to that key permits to call any executable as a public key provider. Yes, that is sexy.
Debian only have OpenSSH 6.1p1 packages available and tagged as “experimental”, so we had to hack a little bit in order to build 6.2 packages, here’s how:
- Fetch experimental source package
# echo "deb-src http://ftp2.fr.debian.org/debian/ experimental main contrib non-free" > /etc/apt/sources.list.d/experimental.list # apt-get update $ mkdir openssh && cd openssh $ apt-get source openssh
$ wget http://ftp.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.2p1.tar.gz $ cd openssh-6.1p1 $ uupdate -v 6.2p2 ../openssh-6.2p1.tar.gz $ cd ../openssh-6.2p1 $ dch -i # enter changelog informations
As expected, many patches from debian don’t apply anymore, and I was not brave enough to backport them, I’ve just commented them in
#gssapi.patch #selinux-role.patch #copy-id-restorecon.patch #ssh-vulnkey.patch #consolekit.patch #user-group-modes.patch #max-startups-default.patch #package-versioning.patch #debian-banner.patch #lintian-symlink-pickiness.patch #openbsd-docs.patch #ssh-argv0.patch #doc-upstart.patch
In order not to check some files that will not be present as we commented the patches which creates them, we’ll have to remove the following lines from
And the following one from
Finally, we just comment out the use of the
vulnerable_host_keys shell function in
fix_doc_symlink create_sshdconfig create_keys #vulnerable_host_keys fix_statoverride
That’s it! You can now happily build the brand new OpenSSH version using
debuild as usual.
After installing it, you’ll have access to the AuthorizedKeysCommand option.
Thanks gaston, davromaniak and SliX from #GCU for the help.