Debian backport of OpenSSH 6.2

Update

As written on the comments:
_
Colin Watson Says:
May 17th, 2013 at 7:12 pm

I uploaded 6.2 packages to Debian a week or so after you posted this, so you can/should now just use those instead. I expect they should build fine on wheezy.
_

As a matter of fact, the following is now deprecated

At ${DAYWORK}, we used to have our own OpenSSH debian package which included the famous OpenSSH LPK patch, which permits the use of an OpenLDAP server as an SSH public key provider.

I’ve been using OpenSSH-LPK for years, as this is a really handy solution and no valid alternative existed… until a couple of months.

OpenSSH 6.2 has a new configuration item called “AuthorizedKeysCommand”. The value associated to that key permits to call any executable as a public key provider. Yes, that is sexy.

Debian only have OpenSSH 6.1p1 packages available and tagged as “experimental”, so we had to hack a little bit in order to build 6.2 packages, here’s how:

  • Fetch experimental source package

echo “deb-src http://ftp2.fr.debian.org/debian/ experimental main contrib non-free” > /etc/apt/sources.list.d/experimental.list

apt-get update

$ mkdir openssh && cd openssh
$ apt-get source openssh
* Bump the release


$ wget http://ftp.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.2p1.tar.gz
$ cd openssh-6.1p1
$ uupdate -v 6.2p2 ../openssh-6.2p1.tar.gz
$ cd ../openssh-6.2p1
$ dch -i # enter changelog informations
* Get rid of conflicting patches

As expected, many patches from debian don’t apply anymore, and I was not brave enough to backport them, I’ve just commented them in debian/patches/series:

#gssapi.patch

#selinux-role.patch

#copy-id-restorecon.patch

#ssh-vulnkey.patch

#consolekit.patch

#user-group-modes.patch

#max-startups-default.patch

#package-versioning.patch

#debian-banner.patch

#lintian-symlink-pickiness.patch

#openbsd-docs.patch

#ssh-argv0.patch

#doc-upstart.patch
* Remove uninstalled files