HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: Simplify package inputs.
[jackhill/guix/guix.git] / gnu / packages / ssh.scm
CommitLineData
2fbf053b 1;;; GNU Guix --- Functional package management for GNU
9478a252 2;;; Copyright © 2012-2021 Ludovic Courtès <ludo@gnu.org>
06ed5982 3;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
45f2ffb4 4;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
da4483f3 5;;; Copyright © 2015, 2016, 2018, 2019, 2020, 2021 Efraim Flashner <efraim@flashner.co.il>
af8f7eb4 6;;; Copyright © 2016, 2019 Leo Famulari <leo@famulari.name>
f43a652d 7;;; Copyright © 2016, 2021 Nicolas Goaziou <mail@nicolasgoaziou.fr>
94551439 8;;; Copyright © 2016 Christine Lemmer-Webber <cwebber@dustycloud.org>
98d223fd 9;;; Copyright © 2017–2021 Tobias Geerinckx-Rice <me@tobias.gr>
c9a6a36f 10;;; Copyright © 2017 Stefan Reichör <stefan@xsteve.at>
227dbd84 11;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
3c986a7d 12;;; Copyright © 2017 Nikita <nikita@n0.is>
ae72b8f5 13;;; Copyright © 2018 Manuel Graf <graf@init.at>
618631f3 14;;; Copyright © 2019 Gábor Boskovits <boskovits@gmail.com>
b0966ba2 15;;; Copyright © 2019, 2020 Mathieu Othacehe <m.othacehe@gmail.com>
6a39cbe7 16;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
96fe62d8 17;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
09d7f87a 18;;; Copyright © 2020, 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
9e3b6820 19;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
2fbf053b
AE		 20;;;
21;;; This file is part of GNU Guix.
22;;;
23;;; GNU Guix is free software; you can redistribute it and/or modify it
24;;; under the terms of the GNU General Public License as published by
25;;; the Free Software Foundation; either version 3 of the License, or (at
26;;; your option) any later version.
27;;;
28;;; GNU Guix is distributed in the hope that it will be useful, but
29;;; WITHOUT ANY WARRANTY; without even the implied warranty of
30;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
31;;; GNU General Public License for more details.
32;;;
33;;; You should have received a copy of the GNU General Public License
34;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
35
36(define-module (gnu packages ssh)
2102ae2e
DC		 37 #:use-module (gnu packages)
38 #:use-module (gnu packages autotools)
39 #:use-module (gnu packages base)
6a7c4636 40 #:use-module (gnu packages boost)
2fbf053b 41 #:use-module (gnu packages compression)
c9a6a36f 42 #:use-module (gnu packages crypto)
2102ae2e 43 #:use-module (gnu packages elf)
2fbf053b 44 #:use-module (gnu packages gnupg)
2102ae2e 45 #:use-module (gnu packages gperf)
fe0b8a78 46 #:use-module (gnu packages groff)
49d294e5 47 #:use-module (gnu packages guile)
da4483f3 48 #:use-module (gnu packages hurd)
618631f3 49 #:use-module (gnu packages libedit)
2102ae2e 50 #:use-module (gnu packages linux)
c9a6a36f 51 #:use-module (gnu packages logging)
2102ae2e
DC		 52 #:use-module (gnu packages m4)
53 #:use-module (gnu packages multiprecision)
87bf526b 54 #:use-module (gnu packages ncurses)
2102ae2e 55 #:use-module (gnu packages nettle)
89e34644 56 #:use-module (gnu packages kerberos)
2102ae2e
DC		 57 #:use-module (gnu packages perl)
58 #:use-module (gnu packages pkg-config)
c9a6a36f 59 #:use-module (gnu packages popt)
6a7c4636 60 #:use-module (gnu packages protobuf)
ae72b8f5 61 #:use-module (gnu packages python)
3876ed32
OP		 62 #:use-module (gnu packages python-crypto)
63 #:use-module (gnu packages python-web)
44d10b1f 64 #:use-module (gnu packages python-xyz)
2102ae2e 65 #:use-module (gnu packages readline)
8cc099b4 66 #:use-module (gnu packages security-token)
2102ae2e 67 #:use-module (gnu packages texinfo)
cc2b77df 68 #:use-module (gnu packages tls)
2102ae2e
DC		 69 #:use-module (gnu packages xorg)
70 #:use-module (guix build-system cmake)
71 #:use-module (guix build-system gnu)
ae72b8f5 72 #:use-module (guix build-system python)
2fbf053b 73 #:use-module (guix download)
817efe8b 74 #:use-module (guix git-download)
2102ae2e 75 #:use-module ((guix licenses) #:prefix license:)
befbaebf 76 #:use-module (guix packages)
7e90eb98 77 #:use-module (guix utils)
befbaebf 78 #:use-module (srfi srfi-1))
1681cd4a 79
96fe62d8
TGR		 80(define-public hss
81 (package
82 (name "hss")
83 (version "1.8")
84 (source (origin
85 (method git-fetch)
86 (uri (git-reference
b0e7b699 87 (url "https://github.com/six-ddc/hss")
96fe62d8
TGR		 88 (commit (string-append "v" version))))
89 (file-name (git-file-name name version))
90 (sha256
91 (base32
92 "1rpysj65j9ls30bf2c5k5hykzzjfknrihs58imp178bx1wqzw4jl"))))
93 (inputs
8394619b 94 (list readline))
96fe62d8 95 (arguments
f718c0a0 96 `(#:make-flags
845f5a03
TGR		 97 (list ,(string-append "CC=" (cc-for-target))
98 (string-append "INSTALL_BIN=" (assoc-ref %outputs "out") "/bin"))
f718c0a0 99 #:tests? #f ; no tests
96fe62d8
TGR		 100 #:phases
101 (modify-phases %standard-phases
f718c0a0 102 (add-after 'unpack 'patch-file-names
96fe62d8
TGR		 103 (lambda* (#:key inputs outputs #:allow-other-keys)
104 (substitute* "Makefile"
96fe62d8
TGR		 105 (("/usr/local/opt/readline")
106 (assoc-ref inputs "readline")))
3b6b337e
TGR		 107 #t))
108 (delete 'configure)))) ; no configure script
96fe62d8
TGR		 109 (build-system gnu-build-system)
110 (home-page "https://github.com/six-ddc/hss/")
111 (synopsis "Interactive SSH client for multiple servers")
16f6889b
TGR		 112 (description
113 "@command{hss} is an interactive SSH client for multiple servers. Commands
114are executed on all servers in parallel. Execution on one server does not need
115to wait for that on another server to finish before starting. One can run a
116command on hundreds of servers at the same time, with almost the same experience
117as a local Bash shell.
96fe62d8 118
16f6889b 119It supports:
96fe62d8 120@itemize @bullet
16f6889b
TGR		 121@item interactive input: based on GNU readline.
122@item history: responding to the @kbd{C-r} key.
123@item auto-completion: @key{TAB}-completion from remote servers for commands and
124file names.
125@end itemize\n")
96fe62d8
TGR		 126 (license license:expat)))
127
1681cd4a 128(define-public libssh
eed00f93
LF		 129 (package
130 (name "libssh")
49bb544b 131 (version "0.9.6")
eed00f93 132 (source (origin
49bb544b
LF		 133 (method url-fetch)
134 (uri (string-append "https://www.libssh.org/files/"
135 (version-major+minor version)
136 "/libssh-" version ".tar.xz"))
eed00f93
LF		 137 (sha256
138 (base32
49bb544b 139 "16w2mc7pyv9mijjlgacbz8dgczc7ig2m6m70w1pld04vpn2zig46"))))
eed00f93
LF		 140 (build-system cmake-build-system)
141 (outputs '("out" "debug"))
142 (arguments
143 '(#:configure-flags '("-DWITH_GCRYPT=ON")
deed349b 144
eed00f93
LF		 145 ;; TODO: Add 'CMockery' and '-DWITH_TESTING=ON' for the test suite.
146 #:tests? #f))
8394619b 147 (inputs (list zlib libgcrypt mit-krb5))
eed00f93
LF		 148 (synopsis "SSH client library")
149 (description
150 "libssh is a C library implementing the SSHv2 and SSHv1 protocol for client
151and server implementations. With libssh, you can remotely execute programs,
152transfer files, and use a secure and transparent tunnel for your remote
153applications.")
154 (home-page "https://www.libssh.org")
155 (license license:lgpl2.1+)))
2fbf053b
AE		 156
157(define-public libssh2
158 (package
159 (name "libssh2")
61f34ae5 160 (version "1.9.0")
2fbf053b
AE		 161 (source (origin
162 (method url-fetch)
163 (uri (string-append
78d80c5c 164 "https://www.libssh2.org/download/libssh2-"
2fbf053b 165 version ".tar.gz"))
78d80c5c
LF		 166 (sha256
167 (base32
f04dca8e
EF		 168 "1zfsz9nldakfz61d2j70pk29zlmj7w2vv46s9l3x2prhcgaqpyym"))
169 (patches (search-patches "libssh2-CVE-2019-17498.patch"))))
2fbf053b 170 (build-system gnu-build-system)
e9c14f37
EB		 171 ;; The installed libssh2.pc file does not include paths to libgcrypt and
172 ;; zlib libraries, so we need to propagate the inputs.
8394619b 173 (propagated-inputs (list libgcrypt zlib))
61f34ae5 174 (arguments `(#:configure-flags `("--with-libgcrypt")))
35b9e423 175 (synopsis "Client-side C library implementing the SSH2 protocol")
2fbf053b
AE		 176 (description
177 "libssh2 is a library intended to allow software developers access to
35b9e423 178the SSH-2 protocol in an easy-to-use self-contained package. It can be built
2fbf053b
AE		 179into an application to perform many different tasks when communicating with
180a server that supports the SSH-2 protocol.")
181 (license license:bsd-3)
18e627be 182 (home-page "https://www.libssh2.org/")))
fe0b8a78
AE		 183
184(define-public openssh
185 (package
186 (name "openssh")
3235a54c 187 (version "8.8p1")
fe0b8a78 188 (source (origin
644e5f17
TGR		 189 (method url-fetch)
190 (uri (string-append "mirror://openbsd/OpenSSH/portable/"
21f5de6d 191 "openssh-" version ".tar.gz"))
759a526f 192 (patches (search-patches "openssh-hurd.patch"))
644e5f17
TGR		 193 (sha256
194 (base32
3235a54c 195 "1s8z6f7mi1pwsl79cqai8cr350m5lf2ifcxff57wx6mvm478k425"))))
fe0b8a78 196 (build-system gnu-build-system)
8394619b 197 (native-inputs (list groff pkg-config))
618631f3
GB		 198 (inputs `(("libedit" ,libedit)
199 ("openssl" ,openssl)
da4483f3 200 ,@(if (hurd-target?)
9478a252
LC		 201 '()
202 `(("pam" ,linux-pam)
203 ("libfido2" ,libfido2))) ;fails to build on GNU/Hurd
040b6299 204 ("mit-krb5" ,mit-krb5)
683a4a34 205 ("zlib" ,zlib)
4a697466 206 ("xauth" ,xauth))) ; for 'ssh -X' and 'ssh -Y'
fe0b8a78
AE		 207 (arguments
208 `(#:test-target "tests"
d3552450
LF		 209 ;; Otherwise, the test scripts try to use a nonexistent directory and
210 ;; fail.
211 #:make-flags '("REGRESSTMP=\"$${BUILDDIR}/regress\"")
040b6299 212 #:configure-flags `("--sysconfdir=/etc/ssh"
39012aab 213
040b6299 214 ;; Default value of 'PATH' used by sshd.
9af49832
LC		 215 "--with-default-path=/run/current-system/profile/bin"
216
6db6bcf7 217 ;; configure needs to find krb5-config.
040b6299
JD		 218 ,(string-append "--with-kerberos5="
219 (assoc-ref %build-inputs "mit-krb5")
220 "/bin")
221
6db6bcf7 222 ;; libedit is needed for sftp completion.
618631f3
GB		 223 "--with-libedit"
224
39012aab 225 ;; Enable PAM support in sshd.
da4483f3
EF		 226 ,,@(if (hurd-target?)
227 '()
9478a252
LC		 228 '("--with-pam"
229
230 ;; Support creation and use of ecdsa-sk,
231 ;; ed25519-sk keys.
232 "--with-security-key-builtin"))
233
3d8c7783 234
8cc099b4 235
3d8c7783
MO		 236 ;; "make install" runs "install -s" by default,
237 ;; which doesn't work for cross-compiled binaries
238 ;; because it invokes 'strip' instead of
239 ;; 'TRIPLET-strip'. Work around this.
240 ,,@(if (%current-target-system)
241 '("--disable-strip")
242 '()))
39012aab 243
fe0b8a78 244 #:phases
a9ee11d5
RW		 245 (modify-phases %standard-phases
246 (add-after 'configure 'reset-/var/empty
247 (lambda* (#:key outputs #:allow-other-keys)
248 (let ((out (assoc-ref outputs "out")))
249 (substitute* "Makefile"
250 (("PRIVSEP_PATH=/var/empty")
3235a54c 251 (string-append "PRIVSEP_PATH=" out "/var/empty"))))))
a9ee11d5
RW		 252 (add-before 'check 'patch-tests
253 (lambda _
6db6bcf7
TGR		 254 (substitute* "regress/test-exec.sh"
255 (("/bin/sh") (which "sh")))
256
257 ;; Remove 't-exec' regress target which requires user 'sshd'.
258 (substitute* (list "Makefile"
259 "regress/Makefile")
260 (("^(tests:.*) t-exec(.*)" all pre post)
3235a54c 261 (string-append pre post)))))
a9ee11d5 262 (replace 'install
ec7bcdc3
TGR		 263 (lambda* (#:key outputs (make-flags '()) #:allow-other-keys)
264 (let ((out (assoc-ref outputs "out")))
265 ;; Install without host keys and system configuration files.
a03562b4
TGR		 266 ;; This will install /var/empty to the store, which is needed
267 ;; by the system openssh-service-type.
ec7bcdc3 268 (apply invoke "make" "install-nosysconf" make-flags)
ec7bcdc3
TGR		 269 (with-directory-excursion "contrib"
270 (chmod "ssh-copy-id" #o555)
271 (install-file "ssh-copy-id"
272 (string-append out "/bin/"))
273 (install-file "ssh-copy-id.1"
274 (string-append out "/share/man/man1/")))))))))
35b9e423 275 (synopsis "Client and server for the secure shell (ssh) protocol")
fe0b8a78
AE		 276 (description
277 "The SSH2 protocol implemented in OpenSSH is standardised by the
278IETF secsh working group and is specified in several RFCs and drafts.
279It is composed of three layered components:
280
281The transport layer provides algorithm negotiation and a key exchange.
282The key exchange includes server authentication and results in a
283cryptographically secured connection: it provides integrity, confidentiality
284and optional compression.
285
286The user authentication layer uses the established connection and relies on
35b9e423
EB		 287the services provided by the transport layer. It provides several mechanisms
288for user authentication. These include traditional password authentication
fe0b8a78
AE		 289as well as public-key or host-based authentication mechanisms.
290
291The connection layer multiplexes many different concurrent channels over the
292authenticated connection and allows tunneling of login sessions and
35b9e423 293TCP-forwarding. It provides a flow control service for these channels.
fe0b8a78 294Additionally, various channel-specific options can be negotiated.")
166191b3 295 (license (license:non-copyleft "file://LICENSE"
fe0b8a78 296 "See LICENSE in the distribution."))
1121a5c6 297 (home-page "https://www.openssh.com/")))
fe0b8a78 298
65c8512f
MO		 299;; OpenSSH without X support. This allows to use OpenSSH without dragging X
300;; libraries to the closure.
301(define-public openssh-sans-x
302 (package
303 (inherit openssh)
304 (name "openssh-sans-x")
305 (inputs (alist-delete "xauth" (package-inputs openssh)))
306 (synopsis "OpenSSH client and server without X11 support")))
307
49d294e5 308(define-public guile-ssh
096f442d
LC		 309 (package
310 (name "guile-ssh")
311 (version "0.13.1")
312 (home-page "https://github.com/artyom-poptsov/guile-ssh")
313 (source (origin
314 (method git-fetch)
315 (uri (git-reference
316 (url home-page)
317 (commit (string-append "v" version))))
3299530c 318 (file-name (git-file-name name version))
096f442d
LC		 319 (sha256
320 (base32
321 "1xpxkvgj7wgcl450djkcrmrf957mcy2f36hfs5g6kpla1gax2d1g"))
0fb80f34
LC		 322 (patches (search-patches "guile-ssh-fix-test-suite.patch"
323 "guile-ssh-read-error.patch"))))
096f442d
LC		 324 (build-system gnu-build-system)
325 (outputs '("out" "debug"))
326 (arguments
327 `(;; It makes no sense to build libguile-ssh.a.
328 #:configure-flags '("--disable-static")
329
330 #:phases (modify-phases %standard-phases
331 (add-before 'build 'fix-libguile-ssh-file-name
332 (lambda* (#:key outputs #:allow-other-keys)
333 ;; Build and install libguile-ssh.so so that we can use
334 ;; its absolute file name in .scm files, before we build
335 ;; the .go files.
336 (let* ((out (assoc-ref outputs "out"))
337 (lib (string-append out "/lib")))
338 (invoke "make" "install"
339 "-C" "libguile-ssh"
340 "-j" (number->string
341 (parallel-job-count)))
342 (substitute* (find-files "." "\\.scm$")
343 (("\"libguile-ssh\"")
344 (string-append "\"" lib "/libguile-ssh\"")))
345 #t)))
346 ,@(if (%current-target-system)
347 '()
348 '((add-before 'check 'fix-guile-path
349 (lambda* (#:key inputs #:allow-other-keys)
350 (let ((guile (assoc-ref inputs "guile")))
351 (substitute* "tests/common.scm"
352 (("/usr/bin/guile")
353 (string-append guile "/bin/guile")))
354 #t)))))
355 (add-after 'install 'remove-bin-directory
356 (lambda* (#:key outputs #:allow-other-keys)
357 (let* ((out (assoc-ref outputs "out"))
358 (bin (string-append out "/bin"))
359 (examples (string-append
360 out "/share/guile-ssh/examples")))
361 (mkdir-p examples)
362 (rename-file (string-append bin "/ssshd.scm")
363 (string-append examples "/ssshd.scm"))
364 (rename-file (string-append bin "/sssh.scm")
365 (string-append examples "/sssh.scm"))
366 (delete-file-recursively bin)
367 #t))))))
8394619b
LC		 368 (native-inputs (list autoconf
369 automake
370 libtool
371 texinfo
372 pkg-config
373 which
374 guile-3.0)) ;needed when cross-compiling.
375 (inputs (list guile-3.0 libssh libgcrypt))
096f442d
LC		 376 (synopsis "Guile bindings to libssh")
377 (description
378 "Guile-SSH is a library that provides access to the SSH protocol for
379programs written in GNU Guile interpreter. It is a wrapper to the underlying
380libssh library.")
381 (license license:gpl3+)))
513e1950 382
4d8806c3 383(define-public guile2.0-ssh
75c260ba
LC		 384 (package
385 (inherit guile-ssh)
4d8806c3 386 (name "guile2.0-ssh")
0fb80f34
LC		 387 (source (origin
388 (inherit (package-source guile-ssh))
389 (patches (search-patches "guile-ssh-fix-test-suite.patch"))))
bbb219bd 390 (native-inputs
8394619b
LC		 391 (modify-inputs (package-native-inputs guile-ssh)
392 (delete "guile")
393 (prepend guile-2.0 ;needed when cross-compiling.
394 )))
395 (inputs (modify-inputs (package-inputs guile-ssh)
396 (replace "guile" guile-2.0)))))
befbaebf 397
b6bee63b 398(define-public guile2.2-ssh
7e90eb98
LC		 399 (package
400 (inherit guile-ssh)
b6bee63b 401 (name "guile2.2-ssh")
0fb80f34
LC		 402 (source (origin
403 (inherit (package-source guile-ssh))
404 (patches (search-patches "guile-ssh-fix-test-suite.patch"))))
bbb219bd 405 (native-inputs
8394619b
LC		 406 (modify-inputs (package-native-inputs guile-ssh)
407 (delete "guile")
408 (prepend guile-2.2 ;needed when cross-compiling.
409 )))
410 (inputs (modify-inputs (package-inputs guile-ssh)
411 (replace "guile" guile-2.2)))))
7e90eb98 412
513e1950 413(define-public corkscrew
b692a1bb
TGR		 414 ;; The last 2.0 release hails from 2009. Use a fork (submitted upstream as
415 ;; <https://github.com/patpadgett/corkscrew/pull/5>) that adds now-essential
416 ;; IPv6 and TLS support.
417 (let ((revision "0")
418 (commit "268b71e88ee51fddceab96d665b327394f1feb12"))
419 (package
420 (name "corkscrew")
421 (version (git-version "2.0" revision commit))
422 (source
423 (origin
424 (method git-fetch)
425 (uri (git-reference
426 (url "https://github.com/rtgill82/corkscrew")
427 (commit commit)))
428 (sha256
429 (base32 "1rylbimlfig3ii4bqr4r058lkc43pqkxnxqpqdpm31blh3xs0dcw"))
430 (file-name (git-file-name name version))))
431 (build-system gnu-build-system)
432 (arguments
433 `(#:configure-flags
434 (list "--enable-ssl")
435 #:phases
436 (modify-phases %standard-phases
437 (add-after 'unpack 'update-metadata
438 (lambda _
439 (substitute* "configure.ac"
440 ;; Our version differs significantly.
441 (("2.0") (string-append ,version " (Guix)")))
442 (substitute* "corkscrew.c"
443 ;; This domain's since been squat.
444 (("\\(agroman@agroman\\.net\\)")
445 (format #f "<~a>" ,(package-home-page this-package))))))
446 (add-after 'install 'install-documentation
447 (lambda* (#:key outputs #:allow-other-keys)
448 (let* ((out (assoc-ref outputs "out"))
449 (doc (string-append out "/share/doc/" ,name "-" ,version)))
450 (install-file "README.md" doc)
451 #t))))))
452 (native-inputs
8394619b 453 (list autoconf automake pkg-config))
b692a1bb 454 (inputs
8394619b 455 (list openssl))
b692a1bb
TGR		 456 (home-page "https://github.com/patpadgett/corkscrew")
457 (synopsis "SSH tunneling through HTTP(S) proxies")
458 (description
459 "Corkscrew tunnels SSH connections through most HTTP and HTTPS proxies.
460It supports proxy authentication through the HTTP basic authentication scheme
461with optional @acronym{TLS, Transport-Level Security} to protect credentials.")
462 (license license:gpl2+))))
87bf526b
LC		 463
464(define-public mosh
465 (package
466 (name "mosh")
4b8b245b 467 (version "1.3.2")
87bf526b
LC		 468 (source (origin
469 (method url-fetch)
c3671282 470 (uri (string-append "https://mosh.org/mosh-" version ".tar.gz"))
87bf526b
LC		 471 (sha256
472 (base32
4b8b245b 473 "05hjhlp6lk8yjcy59zywpf0r6s0h0b9zxq0lw66dh9x8vxrhaq6s"))))
87bf526b
LC		 474 (build-system gnu-build-system)
475 (arguments
11379192
EF		 476 '(#:phases
477 (modify-phases %standard-phases
2b504cc3
TGR		 478 (add-after 'unpack 'patch-FHS-file-names
479 (lambda _
480 (substitute* "scripts/mosh.pl"
481 (("/bin/sh")
482 (which "sh")))
483 #t))
11379192
EF		 484 (add-after 'install 'wrap
485 (lambda* (#:key outputs #:allow-other-keys)
486 ;; Make sure 'mosh' can find 'mosh-client' and
487 ;; 'mosh-server'.
488 (let* ((out (assoc-ref outputs "out"))
489 (bin (string-append out "/bin")))
490 (wrap-program (string-append bin "/mosh")
491 `("PATH" ":" prefix (,bin)))))))))
87bf526b 492 (native-inputs
8394619b 493 (list pkg-config))
87bf526b
LC		 494 (inputs
495 `(("openssl" ,openssl)
496 ("perl" ,perl)
497 ("perl-io-tty" ,perl-io-tty)
498 ("zlib" ,zlib)
499 ("ncurses" ,ncurses)
500 ("protobuf" ,protobuf)
501 ("boost-headers" ,boost)))
c3671282 502 (home-page "https://mosh.org/")
87bf526b
LC		 503 (synopsis "Remote shell tolerant to intermittent connectivity")
504 (description
2ca12aee
TGR		 505 "Mosh is a remote terminal application that allows client roaming, supports
506intermittent connectivity, and provides intelligent local echo and line editing
507of user keystrokes. It's a replacement for SSH that's more robust and
508responsive, especially over Wi-Fi, cellular, and long-distance links.")
87bf526b 509 (license license:gpl3+)))
8c6cfd55
JD		 510
511(define-public dropbear
512 (package
513 (name "dropbear")
bc34183e 514 (version "2020.81")
e190d12e
TGR		 515 (source
516 (origin
517 (method url-fetch)
518 (uri (string-append
519 "https://matt.ucc.asn.au/dropbear/releases/"
520 "dropbear-" version ".tar.bz2"))
521 (sha256
f72ff06e
EF		 522 (base32 "0fy5ma4cfc2pk25mcccc67b2mf1rnb2c06ilb7ddnxbpnc85s8s8"))
523 (modules '((guix build utils)))
524 (snippet
525 '(begin
526 (delete-file-recursively "libtommath")
527 (delete-file-recursively "libtomcrypt")
528 (substitute* "configure"
529 (("-ltomcrypt") "-ltomcrypt -ltommath"))
530 #t))))
8c6cfd55 531 (build-system gnu-build-system)
f72ff06e
EF		 532 (arguments
533 `(#:configure-flags '("--disable-bundled-libtom")
534 #:tests? #f)) ; there is no "make check" or anything similar
535 (inputs
8394619b 536 (list libtomcrypt libtommath zlib))
8c6cfd55
JD		 537 (synopsis "Small SSH server and client")
538 (description "Dropbear is a relatively small SSH server and
35b9e423
EB		 539client. It runs on a variety of POSIX-based platforms. Dropbear is
540particularly useful for embedded systems, such as wireless routers.")
8c6cfd55
JD		 541 (home-page "https://matt.ucc.asn.au/dropbear/dropbear.html")
542 (license (license:x11-style "" "See file LICENSE."))))
2102ae2e
DC		 543
544(define-public liboop
545 (package
546 (name "liboop")
506737f1 547 (version "1.0.1")
2102ae2e
DC		 548 (source
549 (origin
550 (method url-fetch)
506737f1
TGR		 551 (uri (string-append "http://ftp.lysator.liu.se/pub/liboop/"
552 name "-" version ".tar.gz"))
2102ae2e
DC		 553 (sha256
554 (base32
506737f1 555 "1q0p1l72pq9k3bi7a366j2rishv7dzzkg3i6r2npsfg7cnnidbsn"))))
2102ae2e 556 (build-system gnu-build-system)
359b137c 557 (home-page "https://www.lysator.liu.se/liboop/")
2102ae2e
DC		 558 (synopsis "Event loop library")
559 (description "Liboop is a low-level event loop management library for
560POSIX-based operating systems. It supports the development of modular,
561multiplexed applications which may respond to events from several sources. It
562replaces the \"select() loop\" and allows the registration of event handlers
563for file and network I/O, timers and signals. Since processes use these
564mechanisms for almost all external communication, liboop can be used as the
565basis for almost any application.")
566 (license license:lgpl2.1+)))
567
568(define-public lsh
569 (package
570 (name "lsh")
571 (version "2.1")
572 (source (origin
573 (method url-fetch)
574 (uri (string-append "mirror://gnu/lsh/lsh-"
575 version ".tar.gz"))
576 (sha256
577 (base32
578 "1qqjy9zfzgny0rkb27c8c7dfsylvb6n0ld8h3an2r83pmaqr9gwb"))
579 (modules '((guix build utils)))
580 (snippet
581 '(begin
582 (substitute* "src/testsuite/functions.sh"
583 (("localhost")
584 ;; Avoid host name lookups since they don't work in
585 ;; chroot builds.
586 "127.0.0.1")
587 (("set -e")
588 ;; Make tests more verbose.
589 "set -e\nset -x"))
590
591 (substitute* (find-files "src/testsuite" "-test$")
592 (("localhost") "127.0.0.1"))
593
594 (substitute* "src/testsuite/login-auth-test"
6cbee49d 595 (("/bin/cat") "cat"))
0ec195ff
MC		 596 #t))
597 (patches (search-patches "lsh-fix-x11-forwarding.patch"))))
2102ae2e
DC		 598 (build-system gnu-build-system)
599 (native-inputs
8394619b
LC		 600 (list autoconf
601 automake
602 m4
603 guile-2.0
604 gperf
605 psmisc)) ; for `killall'
2102ae2e 606 (inputs
8394619b
LC		 607 (list nettle-2
608 linux-pam
609 ;; 'rl.c' uses the 'CPPFunction' type, which is no longer in
610 ;; Readline 6.3.
611 readline-6.2
612 liboop
613 zlib
614 gmp
615 ;; The server (lshd) invokes xauth when X11 forwarding is requested.
616 ;; This adds 24 MiB (or 27%) to the closure of lsh.
617 xauth
618 libxau)) ;also required for x11-forwarding
2102ae2e
DC		 619 (arguments
620 '(;; Skip the `configure' test that checks whether /dev/ptmx &
621 ;; co. work as expected, because it relies on impurities (for
622 ;; instance, /dev/pts may be unavailable in chroots.)
d5c969ce
LC		 623 #:configure-flags '("lsh_cv_sys_unix98_ptys=yes"
624
625 ;; Use glibc's argp rather than the bundled one.
626 "--with-system-argp"
627
628 ;; 'lsh_argp.h' checks HAVE_ARGP_PARSE but nothing
629 ;; defines it.
630 "CPPFLAGS=-DHAVE_ARGP_PARSE")
2102ae2e
DC		 631 #:phases
632 (modify-phases %standard-phases
3e34f899
MC		 633 (add-after 'unpack 'disable-failing-tests
634 (lambda _
635 ;; FIXME: Most tests won't run in a chroot, presumably because
636 ;; /etc/profile is missing, and thus clients get an empty $PATH
637 ;; and nothing works. Run only the subset that passes.
638 (delete-file "configure") ;force rebootstrap
639 (substitute* "src/testsuite/Makefile.am"
640 (("seed-test \\\\") ;prevent trailing slash
641 "seed-test")
642 (("^\t(lsh|daemon|tcpip|socks|lshg|lcp|rapid7|lshd).*test.*")
643 ""))
644 #t))
2102ae2e
DC		 645 (add-before 'configure 'pre-configure
646 (lambda* (#:key inputs #:allow-other-keys)
647 (let* ((nettle (assoc-ref inputs "nettle"))
648 (sexp-conv (string-append nettle "/bin/sexp-conv")))
d5c969ce
LC		 649 ;; Remove argp from the list of sub-directories; we don't want
650 ;; to build it, really.
651 (substitute* "src/Makefile.in"
652 (("^SUBDIRS = argp")
653 "SUBDIRS ="))
654
2102ae2e
DC		 655 ;; Make sure 'lsh' and 'lshd' pick 'sexp-conv' in the right place
656 ;; by default.
657 (substitute* "src/environ.h.in"
658 (("^#define PATH_SEXP_CONV.*")
659 (string-append "#define PATH_SEXP_CONV \""
660 sexp-conv "\"\n")))
661
662 ;; Same for the 'lsh-authorize' script.
663 (substitute* "src/lsh-authorize"
664 (("=sexp-conv")
665 (string-append "=" sexp-conv)))
666
667 ;; Tell lshd where 'xauth' lives. Another option would be to
668 ;; hardcode "/run/current-system/profile/bin/xauth", thereby
669 ;; reducing the closure size, but that wouldn't work on foreign
670 ;; distros.
671 (with-fluids ((%default-port-encoding "ISO-8859-1"))
672 (substitute* "src/server_x11.c"
673 (("define XAUTH_PROGRAM.*")
674 (string-append "define XAUTH_PROGRAM \""
675 (assoc-ref inputs "xauth")
676 "/bin/xauth\"\n")))))
677
678 ;; Tests rely on $USER being set.
679 (setenv "USER" "guix"))))))
21de4160 680 (home-page "https://www.lysator.liu.se/~nisse/lsh/")
2102ae2e
DC		 681 (synopsis "GNU implementation of the Secure Shell (ssh) protocols")
682 (description
683 "GNU lsh is a free implementation of the SSH version 2 protocol. It is
684used to create a secure line of communication between two computers,
685providing shell access to the server system from the client. It provides
686both the server daemon and the client application, as well as tools for
687manipulating key files.")
688 (license license:gpl2+)))
c777570b
NG		 689
690(define-public sshpass
691 (package
692 (name "sshpass")
f43a652d 693 (version "1.09")
c777570b
NG		 694 (source
695 (origin
696 (method url-fetch)
697 (uri (string-append "mirror://sourceforge/sshpass/sshpass/"
698 version "/sshpass-" version ".tar.gz"))
699 (sha256
f43a652d 700 (base32 "1dwzqknpswa8vjlbwsx9rcq1j2a7px9h9i2anh09pzkz0mg6wx3i"))))
c777570b 701 (build-system gnu-build-system)
f43a652d
NG		 702 (home-page "https://sourceforge.net/projects/sshpass/")
703 (synopsis "Non-interactive password authentication with SSH")
7230f6d5 704 (description "sshpass is a tool for non-interactively performing password
c777570b
NG		 705authentication with SSH's so-called @dfn{interactive keyboard password
706authentication}.")
707 (license license:gpl2+)))
8caeb117
CAW		 708
709(define-public autossh
710 (package
711 (name "autossh")
d6bbb7e5 712 (version "1.4g")
8caeb117
CAW		 713 (source
714 (origin
715 (method url-fetch)
716 (uri (string-append
26045af9 717 "https://www.harding.motd.ca/autossh/autossh-"
8caeb117
CAW		 718 version ".tgz"))
719 (sha256
d6bbb7e5 720 (base32 "0xqjw8df68f4kzkns5gcah61s5wk0m44qdk2z1d6388w6viwxhsz"))))
8caeb117
CAW		 721 (build-system gnu-build-system)
722 (arguments `(#:tests? #f)) ; There is no "make check" or anything similar
8394619b 723 (inputs (list openssh))
8caeb117
CAW		 724 (synopsis "Automatically restart SSH sessions and tunnels")
725 (description "autossh is a program to start a copy of @command{ssh} and
726monitor it, restarting it as necessary should it die or stop passing traffic.")
26045af9 727 (home-page "https://www.harding.motd.ca/autossh/")
8caeb117
CAW		 728 (license
729 ;; Why point to a source file? Well, all the individual files have a
730 ;; copy of this license in their headers, but there's no separate file
731 ;; with that information.
732 (license:non-copyleft "file://autossh.c"))))
227dbd84
RW		 733
734(define-public pdsh
735 (package
736 (name "pdsh")
91815e8d 737 (version "2.34")
227dbd84
RW		 738 (source
739 (origin
740 (method url-fetch)
b982fb1c 741 (uri (string-append "https://github.com/chaos/pdsh/"
742 "releases/download/pdsh-" version
743 "/pdsh-" version ".tar.gz"))
227dbd84 744 (sha256
91815e8d 745 (base32 "1s91hmhrz7rfb6h3l5k97s393rcm1ww3svp8dx5z8vkkc933wyxl"))))
227dbd84
RW		 746 (build-system gnu-build-system)
747 (arguments
748 `(#:configure-flags
749 (list "--with-ssh")
750 #:phases
751 (modify-phases %standard-phases
752 (add-after 'unpack 'patch-/bin/sh
753 (lambda _
b982fb1c 754 (substitute* '("tests/t0006-pdcp.sh"
755 "tests/t0004-module-loading.sh"
756 "tests/t2001-ssh.sh"
757 "tests/t1003-slurm.sh"
758 "tests/t6036-long-output-lines.sh"
759 "tests/aggregate-results.sh"
760 "tests/t2000-exec.sh"
761 "tests/t0002-internal.sh"
762 "tests/t1002-dshgroup.sh"
763 "tests/t5000-dshbak.sh"
764 "tests/t0001-basic.sh"
765 "tests/t0005-rcmd_type-and-user.sh"
227dbd84 766 "tests/test-lib.sh"
b982fb1c 767 "tests/t2002-mrsh.sh"
768 "tests/t0003-wcoll.sh"
227dbd84
RW		 769 "tests/test-modules/pcptest.c")
770 (("/bin/sh") (which "bash")))
b982fb1c 771 #t))
772 (add-after 'unpack 'patch-tests
773 (lambda _
774 (substitute* "tests/t6036-long-output-lines.sh"
775 (("which") (which "which")))
227dbd84
RW		 776 #t)))))
777 (inputs
8394619b 778 (list openssh mit-krb5 perl))
b982fb1c 779 (native-inputs
8394619b 780 (list which))
b982fb1c 781 (home-page "https://github.com/chaos/pdsh")
227dbd84
RW		 782 (synopsis "Parallel distributed shell")
783 (description "Pdsh is a an efficient, multithreaded remote shell client
784which executes commands on multiple remote hosts in parallel. Pdsh implements
785dynamically loadable modules for extended functionality such as new remote
786shell services and remote host selection.")
787 (license license:gpl2+)))
ae72b8f5 788
48dec2e0
LDB		 789(define-public python-asyncssh
790 (package
791 (name "python-asyncssh")
f440ccd2 792 (version "2.7.1")
48dec2e0
LDB		 793 (source
794 (origin
795 (method url-fetch)
796 (uri (pypi-uri "asyncssh" version))
797 (sha256
798 (base32
f440ccd2 799 "0lnhh2h1mj79j66ni883s9f3xldnbjb10vh80g24b7m003mm524c"))))
48dec2e0
LDB		 800 (build-system python-build-system)
801 (propagated-inputs
8394619b
LC		 802 (list python-cryptography python-pyopenssl python-gssapi
803 python-bcrypt))
48dec2e0 804 (native-inputs
8394619b 805 (list openssh openssl))
48dec2e0
LDB		 806 (arguments
807 `(#:phases
808 (modify-phases %standard-phases
809 (add-after 'unpack 'disable-tests
810 (lambda* _
811 (substitute* "tests/test_agent.py"
812 ;; TODO Test fails for unknown reason
813 (("(.+)async def test_confirm" all indent)
814 (string-append indent "@unittest.skip('disabled by guix')\n"
815 indent "async def test_confirm")))
816 #t)))))
817 (home-page "https://asyncssh.readthedocs.io/")
818 (synopsis "Asynchronous SSHv2 client and server library for Python")
819 (description
820 "AsyncSSH is a Python package which provides an asynchronous client and
821server implementation of the SSHv2 protocol on top of the Python 3.6+ asyncio
822framework.")
823 (license license:epl2.0)))
824
ae72b8f5
MG		 825(define-public clustershell
826 (package
827 (name "clustershell")
f43a7838 828 (version "1.8.4")
ae72b8f5
MG		 829 (source
830 (origin
511a8f8d
TGR		 831 (method git-fetch)
832 (uri (git-reference
833 (url "https://github.com/cea-hpc/clustershell")
834 (commit (string-append "v" version))))
835 (file-name (git-file-name name version))
ae72b8f5 836 (sha256
f43a7838 837 (base32 "11b87vyamcw4rvgxz74jxwkr9ly0h9ldp2wqsi5wc19p0r06la5j"))))
ae72b8f5 838 (build-system python-build-system)
8394619b
LC		 839 (inputs (list openssh))
840 (propagated-inputs (list python-pyyaml))
ae72b8f5
MG		 841 (arguments
842 `(#:phases (modify-phases %standard-phases
843 (add-before 'build 'record-openssh-file-name
844 (lambda* (#:key inputs #:allow-other-keys)
845 (let ((ssh (assoc-ref inputs "openssh")))
846 (substitute* "lib/ClusterShell/Worker/Ssh.py"
847 (("info\\(\"ssh_path\"\\) or \"ssh\"")
848 (string-append "info(\"ssh_path\") or \""
f43a7838 849 ssh "/bin/ssh\"")))))))))
ae72b8f5
MG		 850 (home-page "https://cea-hpc.github.io/clustershell/")
851 (synopsis "Scalable event-driven Python framework for cluster administration")
852 (description
853 "ClusterShell is an event-driven Python framework, designed to run local
854or distant commands in parallel on server farms or on large GNU/Linux
855clusters. It will take care of common issues encountered on HPC clusters,
856such as operating on groups of nodes, running distributed commands using
857optimized execution algorithms, as well as gathering results and merging
858identical outputs, or retrieving return codes. ClusterShell takes advantage
859of existing remote shell facilities such as SSH.")
860 (license license:lgpl2.1+)))
87007947
EF		 861
862(define-public endlessh
863 (package
864 (name "endlessh")
63b148f7 865 (version "1.1")
87007947
EF		 866 (source
867 (origin
63b148f7
TGR		 868 (method git-fetch)
869 (uri (git-reference
b0e7b699 870 (url "https://github.com/skeeto/endlessh")
63b148f7
TGR		 871 (commit version)))
872 (file-name (git-file-name name version))
87007947 873 (sha256
63b148f7 874 (base32 "0ziwr8j1frsp3dajr8h5glkm1dn5cci404kazz5w1jfrp0736x68"))))
87007947
EF		 875 (build-system gnu-build-system)
876 (arguments
9c44af6b
MD		 877 `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
878 ,(string-append "CC=" (cc-for-target)))
63b148f7 879 #:tests? #f ; no test target
87007947
EF		 880 #:phases
881 (modify-phases %standard-phases
63b148f7 882 (delete 'configure)))) ; no configure script
87007947
EF		 883 (home-page "https://github.com/skeeto/endlessh")
884 (synopsis "SSH tarpit that slowly sends an endless banner")
885 (description
886 "Endlessh is an SSH tarpit that very slowly sends an endless, random SSH
887banner. It keeps SSH clients locked up for hours or even days at a time. The
888purpose is to put your real SSH server on another port and then let the script
889kiddies get stuck in this tarpit instead of bothering a real server.
890
891Since the tarpit is in the banner before any cryptographic exchange occurs, this
892program doesn't depend on any cryptographic libraries. It's a simple,
893single-threaded, standalone C program. It uses @code{poll()} to trap multiple
894clients at a time.")
895 (license license:unlicense)))
3876ed32
OP		 896
897(define-public webssh
898 (package
899 (name "webssh")
5fb3be0e 900 (version "1.5.3")
3876ed32
OP		 901 (source (origin
902 (method git-fetch)
903 (uri (git-reference
904 (url "https://github.com/huashengdun/webssh")
905 (commit (string-append "v" version))))
906 (file-name (git-file-name name version))
907 (sha256
908 (base32
5fb3be0e 909 "1bcy9flrzbvams5p77swwiygv54ac58ia7hpic1bvg30b3wpvv7b"))))
3876ed32
OP		 910 (build-system python-build-system)
911 (propagated-inputs
8394619b 912 (list python-paramiko python-tornado))
3876ed32
OP		 913 (home-page "https://webssh.huashengdun.org/")
914 (synopsis "Web application to be used as an SSH client")
915 (description "This package provides a web application to be used as an SSH
916client.
917
918Features:
919@itemize @bullet
920@item SSH password authentication supported, including empty password.
921@item SSH public-key authentication supported, including DSA RSA ECDSA
922Ed25519 keys.
923@item Encrypted keys supported.
924@item Two-Factor Authentication (time-based one-time password) supported.
925@item Fullscreen terminal supported.
926@item Terminal window resizable.
927@item Auto detect the ssh server's default encoding.
928@item Modern browsers are supported.
929@end itemize")
930 (license license:expat)))
jackhill's copy of GNU Guix: https://guix.gnu.org/