HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: emacs-scratch-el: Update source and homepage.
[jackhill/guix/guix.git] / gnu / packages / ssh.scm
CommitLineData
2fbf053b 1;;; GNU Guix --- Functional package management for GNU
33ce3f1c 2;;; Copyright © 2012-2022 Ludovic Courtès <ludo@gnu.org>
06ed5982 3;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
45f2ffb4 4;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
22010dd4 5;;; Copyright © 2015, 2016, 2018, 2019, 2020, 2021, 2022 Efraim Flashner <efraim@flashner.co.il>
af8f7eb4 6;;; Copyright © 2016, 2019 Leo Famulari <leo@famulari.name>
f43a652d 7;;; Copyright © 2016, 2021 Nicolas Goaziou <mail@nicolasgoaziou.fr>
94551439 8;;; Copyright © 2016 Christine Lemmer-Webber <cwebber@dustycloud.org>
98d223fd 9;;; Copyright © 2017–2021 Tobias Geerinckx-Rice <me@tobias.gr>
c9a6a36f 10;;; Copyright © 2017 Stefan Reichör <stefan@xsteve.at>
227dbd84 11;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
3c986a7d 12;;; Copyright © 2017 Nikita <nikita@n0.is>
ae72b8f5 13;;; Copyright © 2018 Manuel Graf <graf@init.at>
618631f3 14;;; Copyright © 2019 Gábor Boskovits <boskovits@gmail.com>
b0966ba2 15;;; Copyright © 2019, 2020 Mathieu Othacehe <m.othacehe@gmail.com>
6a39cbe7 16;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
96fe62d8 17;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
bf9c98b1 18;;; Copyright © 2020, 2021, 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com>
9e3b6820 19;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
2fbf053b
AE		 20;;;
21;;; This file is part of GNU Guix.
22;;;
23;;; GNU Guix is free software; you can redistribute it and/or modify it
24;;; under the terms of the GNU General Public License as published by
25;;; the Free Software Foundation; either version 3 of the License, or (at
26;;; your option) any later version.
27;;;
28;;; GNU Guix is distributed in the hope that it will be useful, but
29;;; WITHOUT ANY WARRANTY; without even the implied warranty of
30;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
31;;; GNU General Public License for more details.
32;;;
33;;; You should have received a copy of the GNU General Public License
34;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
35
36(define-module (gnu packages ssh)
2102ae2e 37 #:use-module (gnu packages)
97ebfc8f 38 #:use-module (gnu packages admin)
2102ae2e
DC		 39 #:use-module (gnu packages autotools)
40 #:use-module (gnu packages base)
6a7c4636 41 #:use-module (gnu packages boost)
97ebfc8f 42 #:use-module (gnu packages check)
2fbf053b 43 #:use-module (gnu packages compression)
c9a6a36f 44 #:use-module (gnu packages crypto)
2102ae2e 45 #:use-module (gnu packages elf)
2fbf053b 46 #:use-module (gnu packages gnupg)
2102ae2e 47 #:use-module (gnu packages gperf)
fe0b8a78 48 #:use-module (gnu packages groff)
49d294e5 49 #:use-module (gnu packages guile)
da4483f3 50 #:use-module (gnu packages hurd)
618631f3 51 #:use-module (gnu packages libedit)
2102ae2e 52 #:use-module (gnu packages linux)
c9a6a36f 53 #:use-module (gnu packages logging)
2102ae2e
DC		 54 #:use-module (gnu packages m4)
55 #:use-module (gnu packages multiprecision)
87bf526b 56 #:use-module (gnu packages ncurses)
2102ae2e 57 #:use-module (gnu packages nettle)
89e34644 58 #:use-module (gnu packages kerberos)
2102ae2e
DC		 59 #:use-module (gnu packages perl)
60 #:use-module (gnu packages pkg-config)
c9a6a36f 61 #:use-module (gnu packages popt)
6a7c4636 62 #:use-module (gnu packages protobuf)
ae72b8f5 63 #:use-module (gnu packages python)
3876ed32
OP		 64 #:use-module (gnu packages python-crypto)
65 #:use-module (gnu packages python-web)
44d10b1f 66 #:use-module (gnu packages python-xyz)
2102ae2e 67 #:use-module (gnu packages readline)
8cc099b4 68 #:use-module (gnu packages security-token)
2102ae2e 69 #:use-module (gnu packages texinfo)
cc2b77df 70 #:use-module (gnu packages tls)
2102ae2e
DC		 71 #:use-module (gnu packages xorg)
72 #:use-module (guix build-system cmake)
73 #:use-module (guix build-system gnu)
ae72b8f5 74 #:use-module (guix build-system python)
2fbf053b 75 #:use-module (guix download)
817efe8b 76 #:use-module (guix git-download)
b25e1840 77 #:use-module (guix gexp)
2102ae2e 78 #:use-module ((guix licenses) #:prefix license:)
befbaebf 79 #:use-module (guix packages)
7e90eb98 80 #:use-module (guix utils)
befbaebf 81 #:use-module (srfi srfi-1))
1681cd4a 82
96fe62d8
TGR		 83(define-public hss
84 (package
85 (name "hss")
b8d5cbb7 86 (version "1.9")
96fe62d8
TGR		 87 (source (origin
88 (method git-fetch)
89 (uri (git-reference
b0e7b699 90 (url "https://github.com/six-ddc/hss")
b8d5cbb7 91 (commit version)))
96fe62d8
TGR		 92 (file-name (git-file-name name version))
93 (sha256
94 (base32
b8d5cbb7 95 "12578xhvkg70ma411yh8nbpcpnys420bnm9g0dzypb0vn3jxpz8q"))))
96fe62d8 96 (inputs
8394619b 97 (list readline))
96fe62d8 98 (arguments
b25e1840
TGR		 99 (list #:make-flags
100 #~(list (string-append "CC=" #$(cc-for-target))
101 (string-append "INSTALL_BIN=" #$output "/bin"))
102 #:tests? #f ; no tests
103 #:phases
104 #~(modify-phases %standard-phases
105 (add-after 'unpack 'patch-file-names
106 (lambda _
107 (substitute* "Makefile"
108 (("/usr/local/opt/readline")
109 #$(this-package-input "readline")))))
110 (delete 'configure)))) ; no configure script
96fe62d8
TGR		 111 (build-system gnu-build-system)
112 (home-page "https://github.com/six-ddc/hss/")
113 (synopsis "Interactive SSH client for multiple servers")
16f6889b
TGR		 114 (description
115 "@command{hss} is an interactive SSH client for multiple servers. Commands
116are executed on all servers in parallel. Execution on one server does not need
117to wait for that on another server to finish before starting. One can run a
118command on hundreds of servers at the same time, with almost the same experience
119as a local Bash shell.
96fe62d8 120
16f6889b 121It supports:
96fe62d8 122@itemize @bullet
16f6889b
TGR		 123@item interactive input: based on GNU readline.
124@item history: responding to the @kbd{C-r} key.
125@item auto-completion: @key{TAB}-completion from remote servers for commands and
126file names.
127@end itemize\n")
96fe62d8
TGR		 128 (license license:expat)))
129
1681cd4a 130(define-public libssh
eed00f93
LF		 131 (package
132 (name "libssh")
49bb544b 133 (version "0.9.6")
eed00f93 134 (source (origin
49bb544b
LF		 135 (method url-fetch)
136 (uri (string-append "https://www.libssh.org/files/"
137 (version-major+minor version)
138 "/libssh-" version ".tar.xz"))
eed00f93
LF		 139 (sha256
140 (base32
49bb544b 141 "16w2mc7pyv9mijjlgacbz8dgczc7ig2m6m70w1pld04vpn2zig46"))))
eed00f93
LF		 142 (build-system cmake-build-system)
143 (outputs '("out" "debug"))
144 (arguments
145 '(#:configure-flags '("-DWITH_GCRYPT=ON")
deed349b 146
eed00f93
LF		 147 ;; TODO: Add 'CMockery' and '-DWITH_TESTING=ON' for the test suite.
148 #:tests? #f))
8394619b 149 (inputs (list zlib libgcrypt mit-krb5))
eed00f93
LF		 150 (synopsis "SSH client library")
151 (description
152 "libssh is a C library implementing the SSHv2 and SSHv1 protocol for client
153and server implementations. With libssh, you can remotely execute programs,
154transfer files, and use a secure and transparent tunnel for your remote
155applications.")
156 (home-page "https://www.libssh.org")
157 (license license:lgpl2.1+)))
2fbf053b
AE		 158
159(define-public libssh2
160 (package
161 (name "libssh2")
61f34ae5 162 (version "1.9.0")
2fbf053b
AE		 163 (source (origin
164 (method url-fetch)
165 (uri (string-append
78d80c5c 166 "https://www.libssh2.org/download/libssh2-"
2fbf053b 167 version ".tar.gz"))
78d80c5c
LF		 168 (sha256
169 (base32
f04dca8e
EF		 170 "1zfsz9nldakfz61d2j70pk29zlmj7w2vv46s9l3x2prhcgaqpyym"))
171 (patches (search-patches "libssh2-CVE-2019-17498.patch"))))
2fbf053b 172 (build-system gnu-build-system)
e9c14f37
EB		 173 ;; The installed libssh2.pc file does not include paths to libgcrypt and
174 ;; zlib libraries, so we need to propagate the inputs.
8394619b 175 (propagated-inputs (list libgcrypt zlib))
61f34ae5 176 (arguments `(#:configure-flags `("--with-libgcrypt")))
35b9e423 177 (synopsis "Client-side C library implementing the SSH2 protocol")
2fbf053b
AE		 178 (description
179 "libssh2 is a library intended to allow software developers access to
35b9e423 180the SSH-2 protocol in an easy-to-use self-contained package. It can be built
2fbf053b
AE		 181into an application to perform many different tasks when communicating with
182a server that supports the SSH-2 protocol.")
183 (license license:bsd-3)
18e627be 184 (home-page "https://www.libssh2.org/")))
fe0b8a78
AE		 185
186(define-public openssh
187 (package
188 (name "openssh")
9b0171fe 189 (version "8.9p1")
fe0b8a78 190 (source (origin
644e5f17
TGR		 191 (method url-fetch)
192 (uri (string-append "mirror://openbsd/OpenSSH/portable/"
21f5de6d 193 "openssh-" version ".tar.gz"))
4d3c142e
AA		 194 (patches (search-patches "openssh-hurd.patch"
195 "openssh-trust-guix-store-directory.patch"))
644e5f17
TGR		 196 (sha256
197 (base32
9b0171fe 198 "1ry5prcax0134v6srkgznpl9ch5snkgq7yvjqvd8c5mbnxa7cjgx"))))
fe0b8a78 199 (build-system gnu-build-system)
8394619b 200 (native-inputs (list groff pkg-config))
618631f3
GB		 201 (inputs `(("libedit" ,libedit)
202 ("openssl" ,openssl)
da4483f3 203 ,@(if (hurd-target?)
9478a252
LC		 204 '()
205 `(("pam" ,linux-pam)
206 ("libfido2" ,libfido2))) ;fails to build on GNU/Hurd
040b6299 207 ("mit-krb5" ,mit-krb5)
683a4a34 208 ("zlib" ,zlib)
4a697466 209 ("xauth" ,xauth))) ; for 'ssh -X' and 'ssh -Y'
fe0b8a78
AE		 210 (arguments
211 `(#:test-target "tests"
d3552450
LF		 212 ;; Otherwise, the test scripts try to use a nonexistent directory and
213 ;; fail.
214 #:make-flags '("REGRESSTMP=\"$${BUILDDIR}/regress\"")
040b6299 215 #:configure-flags `("--sysconfdir=/etc/ssh"
39012aab 216
040b6299 217 ;; Default value of 'PATH' used by sshd.
9af49832
LC		 218 "--with-default-path=/run/current-system/profile/bin"
219
6db6bcf7 220 ;; configure needs to find krb5-config.
040b6299
JD		 221 ,(string-append "--with-kerberos5="
222 (assoc-ref %build-inputs "mit-krb5")
223 "/bin")
224
6db6bcf7 225 ;; libedit is needed for sftp completion.
618631f3
GB		 226 "--with-libedit"
227
39012aab 228 ;; Enable PAM support in sshd.
da4483f3
EF		 229 ,,@(if (hurd-target?)
230 '()
9478a252
LC		 231 '("--with-pam"
232
233 ;; Support creation and use of ecdsa-sk,
234 ;; ed25519-sk keys.
235 "--with-security-key-builtin"))
236
3d8c7783 237
8cc099b4 238
3d8c7783
MO		 239 ;; "make install" runs "install -s" by default,
240 ;; which doesn't work for cross-compiled binaries
241 ;; because it invokes 'strip' instead of
242 ;; 'TRIPLET-strip'. Work around this.
243 ,,@(if (%current-target-system)
244 '("--disable-strip")
245 '()))
39012aab 246
fe0b8a78 247 #:phases
a9ee11d5
RW		 248 (modify-phases %standard-phases
249 (add-after 'configure 'reset-/var/empty
250 (lambda* (#:key outputs #:allow-other-keys)
251 (let ((out (assoc-ref outputs "out")))
252 (substitute* "Makefile"
253 (("PRIVSEP_PATH=/var/empty")
3235a54c 254 (string-append "PRIVSEP_PATH=" out "/var/empty"))))))
4d3c142e
AA		 255 (add-after 'configure 'set-store-location
256 (lambda* _
257 (substitute* "misc.c"
258 (("@STORE_DIRECTORY@")
259 (string-append "\"" (%store-directory) "\"")))))
a9ee11d5
RW		 260 (add-before 'check 'patch-tests
261 (lambda _
6db6bcf7
TGR		 262 (substitute* "regress/test-exec.sh"
263 (("/bin/sh") (which "sh")))
264
265 ;; Remove 't-exec' regress target which requires user 'sshd'.
266 (substitute* (list "Makefile"
267 "regress/Makefile")
268 (("^(tests:.*) t-exec(.*)" all pre post)
3235a54c 269 (string-append pre post)))))
a9ee11d5 270 (replace 'install
ec7bcdc3
TGR		 271 (lambda* (#:key outputs (make-flags '()) #:allow-other-keys)
272 (let ((out (assoc-ref outputs "out")))
273 ;; Install without host keys and system configuration files.
a03562b4
TGR		 274 ;; This will install /var/empty to the store, which is needed
275 ;; by the system openssh-service-type.
ec7bcdc3 276 (apply invoke "make" "install-nosysconf" make-flags)
ec7bcdc3
TGR		 277 (with-directory-excursion "contrib"
278 (chmod "ssh-copy-id" #o555)
279 (install-file "ssh-copy-id"
280 (string-append out "/bin/"))
281 (install-file "ssh-copy-id.1"
282 (string-append out "/share/man/man1/")))))))))
35b9e423 283 (synopsis "Client and server for the secure shell (ssh) protocol")
fe0b8a78
AE		 284 (description
285 "The SSH2 protocol implemented in OpenSSH is standardised by the
286IETF secsh working group and is specified in several RFCs and drafts.
287It is composed of three layered components:
288
289The transport layer provides algorithm negotiation and a key exchange.
290The key exchange includes server authentication and results in a
291cryptographically secured connection: it provides integrity, confidentiality
292and optional compression.
293
294The user authentication layer uses the established connection and relies on
35b9e423
EB		 295the services provided by the transport layer. It provides several mechanisms
296for user authentication. These include traditional password authentication
fe0b8a78
AE		 297as well as public-key or host-based authentication mechanisms.
298
299The connection layer multiplexes many different concurrent channels over the
300authenticated connection and allows tunneling of login sessions and
35b9e423 301TCP-forwarding. It provides a flow control service for these channels.
fe0b8a78 302Additionally, various channel-specific options can be negotiated.")
166191b3 303 (license (license:non-copyleft "file://LICENSE"
fe0b8a78 304 "See LICENSE in the distribution."))
22010dd4
EF		 305 (properties
306 '((release-monitoring-url . "https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/")))
1121a5c6 307 (home-page "https://www.openssh.com/")))
fe0b8a78 308
65c8512f
MO		 309;; OpenSSH without X support. This allows to use OpenSSH without dragging X
310;; libraries to the closure.
311(define-public openssh-sans-x
312 (package
313 (inherit openssh)
314 (name "openssh-sans-x")
315 (inputs (alist-delete "xauth" (package-inputs openssh)))
316 (synopsis "OpenSSH client and server without X11 support")))
317
49d294e5 318(define-public guile-ssh
096f442d
LC		 319 (package
320 (name "guile-ssh")
eabc6af9 321 (version "0.15.1")
096f442d
LC		 322 (home-page "https://github.com/artyom-poptsov/guile-ssh")
323 (source (origin
324 (method git-fetch)
325 (uri (git-reference
326 (url home-page)
327 (commit (string-append "v" version))))
3299530c 328 (file-name (git-file-name name version))
096f442d
LC		 329 (sha256
330 (base32
eabc6af9 331 "0zzn5hsf97b35gixyg4z14sspl15qwnp52y4h89wra4y31l7467q"))))
096f442d
LC		 332 (build-system gnu-build-system)
333 (outputs '("out" "debug"))
334 (arguments
335 `(;; It makes no sense to build libguile-ssh.a.
336 #:configure-flags '("--disable-static")
337
338 #:phases (modify-phases %standard-phases
3ac13666
LC		 339 (add-before 'bootstrap 'support-cross-compilation
340 (lambda _
341 ;; Support cross-compilation:
342 ;; <https://github.com/artyom-poptsov/guile-ssh/issues/30>.
343 (substitute* "libguile-ssh/Makefile.am"
344 (("\\$\\(guile_snarf\\)")
345 "CPP=\"$(CPP)\" $(guile_snarf)"))))
096f442d
LC		 346 (add-before 'build 'fix-libguile-ssh-file-name
347 (lambda* (#:key outputs #:allow-other-keys)
348 ;; Build and install libguile-ssh.so so that we can use
349 ;; its absolute file name in .scm files, before we build
350 ;; the .go files.
351 (let* ((out (assoc-ref outputs "out"))
352 (lib (string-append out "/lib")))
353 (invoke "make" "install"
354 "-C" "libguile-ssh"
355 "-j" (number->string
356 (parallel-job-count)))
357 (substitute* (find-files "." "\\.scm$")
358 (("\"libguile-ssh\"")
359 (string-append "\"" lib "/libguile-ssh\"")))
360 #t)))
361 ,@(if (%current-target-system)
362 '()
363 '((add-before 'check 'fix-guile-path
364 (lambda* (#:key inputs #:allow-other-keys)
365 (let ((guile (assoc-ref inputs "guile")))
366 (substitute* "tests/common.scm"
367 (("/usr/bin/guile")
368 (string-append guile "/bin/guile")))
369 #t)))))
370 (add-after 'install 'remove-bin-directory
371 (lambda* (#:key outputs #:allow-other-keys)
372 (let* ((out (assoc-ref outputs "out"))
373 (bin (string-append out "/bin"))
374 (examples (string-append
375 out "/share/guile-ssh/examples")))
376 (mkdir-p examples)
377 (rename-file (string-append bin "/ssshd.scm")
378 (string-append examples "/ssshd.scm"))
379 (rename-file (string-append bin "/sssh.scm")
380 (string-append examples "/sssh.scm"))
381 (delete-file-recursively bin)
382 #t))))))
8394619b
LC		 383 (native-inputs (list autoconf
384 automake
385 libtool
386 texinfo
387 pkg-config
388 which
389 guile-3.0)) ;needed when cross-compiling.
390 (inputs (list guile-3.0 libssh libgcrypt))
096f442d
LC		 391 (synopsis "Guile bindings to libssh")
392 (description
393 "Guile-SSH is a library that provides access to the SSH protocol for
394programs written in GNU Guile interpreter. It is a wrapper to the underlying
395libssh library.")
396 (license license:gpl3+)))
513e1950 397
b6bee63b 398(define-public guile2.2-ssh
7e90eb98
LC		 399 (package
400 (inherit guile-ssh)
b6bee63b 401 (name "guile2.2-ssh")
bbb219bd 402 (native-inputs
8394619b
LC		 403 (modify-inputs (package-native-inputs guile-ssh)
404 (delete "guile")
405 (prepend guile-2.2 ;needed when cross-compiling.
406 )))
407 (inputs (modify-inputs (package-inputs guile-ssh)
408 (replace "guile" guile-2.2)))))
7e90eb98 409
513e1950 410(define-public corkscrew
b692a1bb
TGR		 411 ;; The last 2.0 release hails from 2009. Use a fork (submitted upstream as
412 ;; <https://github.com/patpadgett/corkscrew/pull/5>) that adds now-essential
413 ;; IPv6 and TLS support.
414 (let ((revision "0")
415 (commit "268b71e88ee51fddceab96d665b327394f1feb12"))
416 (package
417 (name "corkscrew")
418 (version (git-version "2.0" revision commit))
419 (source
420 (origin
421 (method git-fetch)
422 (uri (git-reference
423 (url "https://github.com/rtgill82/corkscrew")
424 (commit commit)))
425 (sha256
426 (base32 "1rylbimlfig3ii4bqr4r058lkc43pqkxnxqpqdpm31blh3xs0dcw"))
427 (file-name (git-file-name name version))))
428 (build-system gnu-build-system)
429 (arguments
430 `(#:configure-flags
431 (list "--enable-ssl")
432 #:phases
433 (modify-phases %standard-phases
434 (add-after 'unpack 'update-metadata
435 (lambda _
436 (substitute* "configure.ac"
437 ;; Our version differs significantly.
438 (("2.0") (string-append ,version " (Guix)")))
439 (substitute* "corkscrew.c"
440 ;; This domain's since been squat.
441 (("\\(agroman@agroman\\.net\\)")
442 (format #f "<~a>" ,(package-home-page this-package))))))
443 (add-after 'install 'install-documentation
444 (lambda* (#:key outputs #:allow-other-keys)
445 (let* ((out (assoc-ref outputs "out"))
446 (doc (string-append out "/share/doc/" ,name "-" ,version)))
447 (install-file "README.md" doc)
448 #t))))))
449 (native-inputs
8394619b 450 (list autoconf automake pkg-config))
b692a1bb 451 (inputs
8394619b 452 (list openssl))
b692a1bb
TGR		 453 (home-page "https://github.com/patpadgett/corkscrew")
454 (synopsis "SSH tunneling through HTTP(S) proxies")
455 (description
456 "Corkscrew tunnels SSH connections through most HTTP and HTTPS proxies.
457It supports proxy authentication through the HTTP basic authentication scheme
458with optional @acronym{TLS, Transport-Level Security} to protect credentials.")
459 (license license:gpl2+))))
87bf526b
LC		 460
461(define-public mosh
462 (package
463 (name "mosh")
4b8b245b 464 (version "1.3.2")
87bf526b
LC		 465 (source (origin
466 (method url-fetch)
c3671282 467 (uri (string-append "https://mosh.org/mosh-" version ".tar.gz"))
87bf526b
LC		 468 (sha256
469 (base32
4b8b245b 470 "05hjhlp6lk8yjcy59zywpf0r6s0h0b9zxq0lw66dh9x8vxrhaq6s"))))
87bf526b
LC		 471 (build-system gnu-build-system)
472 (arguments
11379192
EF		 473 '(#:phases
474 (modify-phases %standard-phases
2b504cc3
TGR		 475 (add-after 'unpack 'patch-FHS-file-names
476 (lambda _
477 (substitute* "scripts/mosh.pl"
478 (("/bin/sh")
479 (which "sh")))
480 #t))
11379192
EF		 481 (add-after 'install 'wrap
482 (lambda* (#:key outputs #:allow-other-keys)
483 ;; Make sure 'mosh' can find 'mosh-client' and
484 ;; 'mosh-server'.
485 (let* ((out (assoc-ref outputs "out"))
486 (bin (string-append out "/bin")))
487 (wrap-program (string-append bin "/mosh")
488 `("PATH" ":" prefix (,bin)))))))))
87bf526b 489 (native-inputs
8394619b 490 (list pkg-config))
87bf526b
LC		 491 (inputs
492 `(("openssl" ,openssl)
493 ("perl" ,perl)
494 ("perl-io-tty" ,perl-io-tty)
495 ("zlib" ,zlib)
496 ("ncurses" ,ncurses)
497 ("protobuf" ,protobuf)
498 ("boost-headers" ,boost)))
c3671282 499 (home-page "https://mosh.org/")
87bf526b
LC		 500 (synopsis "Remote shell tolerant to intermittent connectivity")
501 (description
2ca12aee
TGR		 502 "Mosh is a remote terminal application that allows client roaming, supports
503intermittent connectivity, and provides intelligent local echo and line editing
504of user keystrokes. It's a replacement for SSH that's more robust and
505responsive, especially over Wi-Fi, cellular, and long-distance links.")
87bf526b 506 (license license:gpl3+)))
8c6cfd55
JD		 507
508(define-public dropbear
509 (package
510 (name "dropbear")
bf9c98b1 511 (version "2022.82")
e190d12e
TGR		 512 (source
513 (origin
514 (method url-fetch)
515 (uri (string-append
516 "https://matt.ucc.asn.au/dropbear/releases/"
517 "dropbear-" version ".tar.bz2"))
518 (sha256
bf9c98b1 519 (base32 "1lbmmmm8f56p24c6jq74rg2kw6kl3w4i5h10vnxjigq2phmqs0rs"))
f72ff06e
EF		 520 (modules '((guix build utils)))
521 (snippet
522 '(begin
523 (delete-file-recursively "libtommath")
524 (delete-file-recursively "libtomcrypt")
525 (substitute* "configure"
bf9c98b1 526 (("-ltomcrypt") "-ltomcrypt -ltommath"))))))
8c6cfd55 527 (build-system gnu-build-system)
f72ff06e 528 (arguments
bf9c98b1
MC		 529 (list
530 #:configure-flags #~(list "--disable-bundled-libtom")
531 ;; The test suite runs an instance of dropbear, which requires a
532 ;; resolver ("Error resolving: Servname not supported for ai_socktype").
6fc33d91
MC		 533 #:tests? #f
534 #:phases #~(modify-phases %standard-phases
535 (add-after 'unpack 'enable-x11-forwarding
536 (lambda _
537 ;; The following patch was retrieved from:
538 ;; https://github.com/mkj/dropbear/commit/
539 ;; 0292aacdf0aa57d03f2a3ab7e53cf650e6f29389.
540 (substitute* "svr-x11fwd.c"
541 (("DROPBEAR_CHANNEL_PRIO_INTERACTIVE")
542 "DROPBEAR_PRIO_LOWDELAY"))
543 (substitute* "default_options.h"
544 (("#define DROPBEAR_X11FWD 0")
545 "#define DROPBEAR_X11FWD 1")))))))
bf9c98b1 546 (inputs (list libtomcrypt libtommath zlib))
8c6cfd55
JD		 547 (synopsis "Small SSH server and client")
548 (description "Dropbear is a relatively small SSH server and
35b9e423
EB		 549client. It runs on a variety of POSIX-based platforms. Dropbear is
550particularly useful for embedded systems, such as wireless routers.")
8c6cfd55
JD		 551 (home-page "https://matt.ucc.asn.au/dropbear/dropbear.html")
552 (license (license:x11-style "" "See file LICENSE."))))
2102ae2e
DC		 553
554(define-public liboop
555 (package
556 (name "liboop")
506737f1 557 (version "1.0.1")
2102ae2e
DC		 558 (source
559 (origin
560 (method url-fetch)
506737f1
TGR		 561 (uri (string-append "http://ftp.lysator.liu.se/pub/liboop/"
562 name "-" version ".tar.gz"))
2102ae2e
DC		 563 (sha256
564 (base32
506737f1 565 "1q0p1l72pq9k3bi7a366j2rishv7dzzkg3i6r2npsfg7cnnidbsn"))))
2102ae2e 566 (build-system gnu-build-system)
359b137c 567 (home-page "https://www.lysator.liu.se/liboop/")
2102ae2e
DC		 568 (synopsis "Event loop library")
569 (description "Liboop is a low-level event loop management library for
570POSIX-based operating systems. It supports the development of modular,
571multiplexed applications which may respond to events from several sources. It
572replaces the \"select() loop\" and allows the registration of event handlers
573for file and network I/O, timers and signals. Since processes use these
574mechanisms for almost all external communication, liboop can be used as the
575basis for almost any application.")
576 (license license:lgpl2.1+)))
577
578(define-public lsh
579 (package
580 (name "lsh")
581 (version "2.1")
582 (source (origin
583 (method url-fetch)
584 (uri (string-append "mirror://gnu/lsh/lsh-"
585 version ".tar.gz"))
586 (sha256
587 (base32
588 "1qqjy9zfzgny0rkb27c8c7dfsylvb6n0ld8h3an2r83pmaqr9gwb"))
589 (modules '((guix build utils)))
590 (snippet
591 '(begin
592 (substitute* "src/testsuite/functions.sh"
593 (("localhost")
594 ;; Avoid host name lookups since they don't work in
595 ;; chroot builds.
596 "127.0.0.1")
597 (("set -e")
598 ;; Make tests more verbose.
599 "set -e\nset -x"))
600
601 (substitute* (find-files "src/testsuite" "-test$")
602 (("localhost") "127.0.0.1"))
603
604 (substitute* "src/testsuite/login-auth-test"
1cdd6b09 605 (("/bin/cat") "cat"))))
0ec195ff 606 (patches (search-patches "lsh-fix-x11-forwarding.patch"))))
2102ae2e
DC		 607 (build-system gnu-build-system)
608 (native-inputs
8394619b
LC		 609 (list autoconf
610 automake
611 m4
612 guile-2.0
613 gperf
614 psmisc)) ; for `killall'
2102ae2e 615 (inputs
8394619b
LC		 616 (list nettle-2
617 linux-pam
618 ;; 'rl.c' uses the 'CPPFunction' type, which is no longer in
619 ;; Readline 6.3.
620 readline-6.2
621 liboop
622 zlib
623 gmp
624 ;; The server (lshd) invokes xauth when X11 forwarding is requested.
625 ;; This adds 24 MiB (or 27%) to the closure of lsh.
626 xauth
627 libxau)) ;also required for x11-forwarding
2102ae2e
DC		 628 (arguments
629 '(;; Skip the `configure' test that checks whether /dev/ptmx &
630 ;; co. work as expected, because it relies on impurities (for
631 ;; instance, /dev/pts may be unavailable in chroots.)
d5c969ce
LC		 632 #:configure-flags '("lsh_cv_sys_unix98_ptys=yes"
633
634 ;; Use glibc's argp rather than the bundled one.
635 "--with-system-argp"
636
637 ;; 'lsh_argp.h' checks HAVE_ARGP_PARSE but nothing
638 ;; defines it.
1cdd6b09
TGR		 639 "CPPFLAGS=-DHAVE_ARGP_PARSE"
640
641 ;; Fix the build of lsh@2.1 with GCC 10.
33ce3f1c 642 "CFLAGS=-O2 -g -fcommon")
2102ae2e
DC		 643 #:phases
644 (modify-phases %standard-phases
3e34f899
MC		 645 (add-after 'unpack 'disable-failing-tests
646 (lambda _
647 ;; FIXME: Most tests won't run in a chroot, presumably because
648 ;; /etc/profile is missing, and thus clients get an empty $PATH
649 ;; and nothing works. Run only the subset that passes.
650 (delete-file "configure") ;force rebootstrap
651 (substitute* "src/testsuite/Makefile.am"
652 (("seed-test \\\\") ;prevent trailing slash
653 "seed-test")
654 (("^\t(lsh|daemon|tcpip|socks|lshg|lcp|rapid7|lshd).*test.*")
1cdd6b09 655 ""))))
2102ae2e
DC		 656 (add-before 'configure 'pre-configure
657 (lambda* (#:key inputs #:allow-other-keys)
658 (let* ((nettle (assoc-ref inputs "nettle"))
659 (sexp-conv (string-append nettle "/bin/sexp-conv")))
d5c969ce
LC		 660 ;; Remove argp from the list of sub-directories; we don't want
661 ;; to build it, really.
662 (substitute* "src/Makefile.in"
663 (("^SUBDIRS = argp")
664 "SUBDIRS ="))
665
2102ae2e
DC		 666 ;; Make sure 'lsh' and 'lshd' pick 'sexp-conv' in the right place
667 ;; by default.
668 (substitute* "src/environ.h.in"
669 (("^#define PATH_SEXP_CONV.*")
670 (string-append "#define PATH_SEXP_CONV \""
671 sexp-conv "\"\n")))
672
673 ;; Same for the 'lsh-authorize' script.
674 (substitute* "src/lsh-authorize"
675 (("=sexp-conv")
676 (string-append "=" sexp-conv)))
677
678 ;; Tell lshd where 'xauth' lives. Another option would be to
679 ;; hardcode "/run/current-system/profile/bin/xauth", thereby
680 ;; reducing the closure size, but that wouldn't work on foreign
681 ;; distros.
682 (with-fluids ((%default-port-encoding "ISO-8859-1"))
683 (substitute* "src/server_x11.c"
684 (("define XAUTH_PROGRAM.*")
685 (string-append "define XAUTH_PROGRAM \""
686 (assoc-ref inputs "xauth")
687 "/bin/xauth\"\n")))))
688
689 ;; Tests rely on $USER being set.
690 (setenv "USER" "guix"))))))
21de4160 691 (home-page "https://www.lysator.liu.se/~nisse/lsh/")
2102ae2e
DC		 692 (synopsis "GNU implementation of the Secure Shell (ssh) protocols")
693 (description
694 "GNU lsh is a free implementation of the SSH version 2 protocol. It is
695used to create a secure line of communication between two computers,
696providing shell access to the server system from the client. It provides
697both the server daemon and the client application, as well as tools for
698manipulating key files.")
699 (license license:gpl2+)))
c777570b
NG		 700
701(define-public sshpass
702 (package
703 (name "sshpass")
f43a652d 704 (version "1.09")
c777570b
NG		 705 (source
706 (origin
707 (method url-fetch)
708 (uri (string-append "mirror://sourceforge/sshpass/sshpass/"
709 version "/sshpass-" version ".tar.gz"))
710 (sha256
f43a652d 711 (base32 "1dwzqknpswa8vjlbwsx9rcq1j2a7px9h9i2anh09pzkz0mg6wx3i"))))
c777570b 712 (build-system gnu-build-system)
f43a652d
NG		 713 (home-page "https://sourceforge.net/projects/sshpass/")
714 (synopsis "Non-interactive password authentication with SSH")
7230f6d5 715 (description "sshpass is a tool for non-interactively performing password
c777570b
NG		 716authentication with SSH's so-called @dfn{interactive keyboard password
717authentication}.")
718 (license license:gpl2+)))
8caeb117
CAW		 719
720(define-public autossh
721 (package
722 (name "autossh")
d6bbb7e5 723 (version "1.4g")
8caeb117
CAW		 724 (source
725 (origin
726 (method url-fetch)
727 (uri (string-append
26045af9 728 "https://www.harding.motd.ca/autossh/autossh-"
8caeb117
CAW		 729 version ".tgz"))
730 (sha256
d6bbb7e5 731 (base32 "0xqjw8df68f4kzkns5gcah61s5wk0m44qdk2z1d6388w6viwxhsz"))))
8caeb117
CAW		 732 (build-system gnu-build-system)
733 (arguments `(#:tests? #f)) ; There is no "make check" or anything similar
8394619b 734 (inputs (list openssh))
8caeb117
CAW		 735 (synopsis "Automatically restart SSH sessions and tunnels")
736 (description "autossh is a program to start a copy of @command{ssh} and
737monitor it, restarting it as necessary should it die or stop passing traffic.")
26045af9 738 (home-page "https://www.harding.motd.ca/autossh/")
8caeb117
CAW		 739 (license
740 ;; Why point to a source file? Well, all the individual files have a
741 ;; copy of this license in their headers, but there's no separate file
742 ;; with that information.
743 (license:non-copyleft "file://autossh.c"))))
227dbd84
RW		 744
745(define-public pdsh
746 (package
747 (name "pdsh")
91815e8d 748 (version "2.34")
227dbd84
RW		 749 (source
750 (origin
751 (method url-fetch)
b982fb1c 752 (uri (string-append "https://github.com/chaos/pdsh/"
753 "releases/download/pdsh-" version
754 "/pdsh-" version ".tar.gz"))
227dbd84 755 (sha256
91815e8d 756 (base32 "1s91hmhrz7rfb6h3l5k97s393rcm1ww3svp8dx5z8vkkc933wyxl"))))
227dbd84
RW		 757 (build-system gnu-build-system)
758 (arguments
759 `(#:configure-flags
760 (list "--with-ssh")
761 #:phases
762 (modify-phases %standard-phases
763 (add-after 'unpack 'patch-/bin/sh
764 (lambda _
b982fb1c 765 (substitute* '("tests/t0006-pdcp.sh"
766 "tests/t0004-module-loading.sh"
767 "tests/t2001-ssh.sh"
768 "tests/t1003-slurm.sh"
769 "tests/t6036-long-output-lines.sh"
770 "tests/aggregate-results.sh"
771 "tests/t2000-exec.sh"
772 "tests/t0002-internal.sh"
773 "tests/t1002-dshgroup.sh"
774 "tests/t5000-dshbak.sh"
775 "tests/t0001-basic.sh"
776 "tests/t0005-rcmd_type-and-user.sh"
227dbd84 777 "tests/test-lib.sh"
b982fb1c 778 "tests/t2002-mrsh.sh"
779 "tests/t0003-wcoll.sh"
227dbd84
RW		 780 "tests/test-modules/pcptest.c")
781 (("/bin/sh") (which "bash")))
b982fb1c 782 #t))
783 (add-after 'unpack 'patch-tests
784 (lambda _
785 (substitute* "tests/t6036-long-output-lines.sh"
786 (("which") (which "which")))
227dbd84
RW		 787 #t)))))
788 (inputs
8394619b 789 (list openssh mit-krb5 perl))
b982fb1c 790 (native-inputs
8394619b 791 (list which))
b982fb1c 792 (home-page "https://github.com/chaos/pdsh")
227dbd84
RW		 793 (synopsis "Parallel distributed shell")
794 (description "Pdsh is a an efficient, multithreaded remote shell client
795which executes commands on multiple remote hosts in parallel. Pdsh implements
796dynamically loadable modules for extended functionality such as new remote
797shell services and remote host selection.")
798 (license license:gpl2+)))
ae72b8f5 799
48dec2e0
LDB		 800(define-public python-asyncssh
801 (package
802 (name "python-asyncssh")
97ebfc8f 803 (version "2.11.0")
48dec2e0
LDB		 804 (source
805 (origin
806 (method url-fetch)
807 (uri (pypi-uri "asyncssh" version))
808 (sha256
809 (base32
97ebfc8f 810 "0mkvyv2fmbdfnfdh7g2im0gxnp8hwxv5g1xdazfsipd9ggknrhsr"))))
48dec2e0
LDB		 811 (build-system python-build-system)
812 (propagated-inputs
8394619b 813 (list python-cryptography python-pyopenssl python-gssapi
97ebfc8f 814 python-bcrypt python-typing-extensions))
48dec2e0 815 (native-inputs
97ebfc8f
LDB		 816 (list openssh openssl python-fido2 python-aiofiles netcat
817 python-pytest))
48dec2e0
LDB		 818 (arguments
819 `(#:phases
820 (modify-phases %standard-phases
821 (add-after 'unpack 'disable-tests
822 (lambda* _
97ebfc8f
LDB		 823 (substitute* "tests/test_connection.py"
824 ;; nc is always available.
825 (("which nc") "true"))
48dec2e0
LDB		 826 (substitute* "tests/test_agent.py"
827 ;; TODO Test fails for unknown reason
828 (("(.+)async def test_confirm" all indent)
829 (string-append indent "@unittest.skip('disabled by guix')\n"
97ebfc8f
LDB		 830 indent "async def test_confirm")))))
831 (replace 'check
832 (lambda* (#:key tests? inputs outputs #:allow-other-keys)
833 (when tests?
834 (invoke "pytest" "-vv")))))))
48dec2e0
LDB		 835 (home-page "https://asyncssh.readthedocs.io/")
836 (synopsis "Asynchronous SSHv2 client and server library for Python")
837 (description
838 "AsyncSSH is a Python package which provides an asynchronous client and
839server implementation of the SSHv2 protocol on top of the Python 3.6+ asyncio
840framework.")
841 (license license:epl2.0)))
842
ae72b8f5
MG		 843(define-public clustershell
844 (package
845 (name "clustershell")
f43a7838 846 (version "1.8.4")
ae72b8f5
MG		 847 (source
848 (origin
511a8f8d
TGR		 849 (method git-fetch)
850 (uri (git-reference
851 (url "https://github.com/cea-hpc/clustershell")
852 (commit (string-append "v" version))))
853 (file-name (git-file-name name version))
ae72b8f5 854 (sha256
f43a7838 855 (base32 "11b87vyamcw4rvgxz74jxwkr9ly0h9ldp2wqsi5wc19p0r06la5j"))))
ae72b8f5 856 (build-system python-build-system)
8394619b
LC		 857 (inputs (list openssh))
858 (propagated-inputs (list python-pyyaml))
ae72b8f5
MG		 859 (arguments
860 `(#:phases (modify-phases %standard-phases
861 (add-before 'build 'record-openssh-file-name
862 (lambda* (#:key inputs #:allow-other-keys)
863 (let ((ssh (assoc-ref inputs "openssh")))
864 (substitute* "lib/ClusterShell/Worker/Ssh.py"
865 (("info\\(\"ssh_path\"\\) or \"ssh\"")
866 (string-append "info(\"ssh_path\") or \""
f43a7838 867 ssh "/bin/ssh\"")))))))))
ae72b8f5
MG		 868 (home-page "https://cea-hpc.github.io/clustershell/")
869 (synopsis "Scalable event-driven Python framework for cluster administration")
870 (description
871 "ClusterShell is an event-driven Python framework, designed to run local
872or distant commands in parallel on server farms or on large GNU/Linux
873clusters. It will take care of common issues encountered on HPC clusters,
874such as operating on groups of nodes, running distributed commands using
875optimized execution algorithms, as well as gathering results and merging
876identical outputs, or retrieving return codes. ClusterShell takes advantage
877of existing remote shell facilities such as SSH.")
878 (license license:lgpl2.1+)))
87007947
EF		 879
880(define-public endlessh
881 (package
882 (name "endlessh")
63b148f7 883 (version "1.1")
87007947
EF		 884 (source
885 (origin
63b148f7
TGR		 886 (method git-fetch)
887 (uri (git-reference
b0e7b699 888 (url "https://github.com/skeeto/endlessh")
63b148f7
TGR		 889 (commit version)))
890 (file-name (git-file-name name version))
87007947 891 (sha256
63b148f7 892 (base32 "0ziwr8j1frsp3dajr8h5glkm1dn5cci404kazz5w1jfrp0736x68"))))
87007947
EF		 893 (build-system gnu-build-system)
894 (arguments
9c44af6b
MD		 895 `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
896 ,(string-append "CC=" (cc-for-target)))
63b148f7 897 #:tests? #f ; no test target
87007947
EF		 898 #:phases
899 (modify-phases %standard-phases
63b148f7 900 (delete 'configure)))) ; no configure script
87007947
EF		 901 (home-page "https://github.com/skeeto/endlessh")
902 (synopsis "SSH tarpit that slowly sends an endless banner")
903 (description
904 "Endlessh is an SSH tarpit that very slowly sends an endless, random SSH
905banner. It keeps SSH clients locked up for hours or even days at a time. The
906purpose is to put your real SSH server on another port and then let the script
907kiddies get stuck in this tarpit instead of bothering a real server.
908
909Since the tarpit is in the banner before any cryptographic exchange occurs, this
910program doesn't depend on any cryptographic libraries. It's a simple,
911single-threaded, standalone C program. It uses @code{poll()} to trap multiple
912clients at a time.")
913 (license license:unlicense)))
3876ed32
OP		 914
915(define-public webssh
916 (package
917 (name "webssh")
5fb3be0e 918 (version "1.5.3")
3876ed32
OP		 919 (source (origin
920 (method git-fetch)
921 (uri (git-reference
922 (url "https://github.com/huashengdun/webssh")
923 (commit (string-append "v" version))))
924 (file-name (git-file-name name version))
925 (sha256
926 (base32
5fb3be0e 927 "1bcy9flrzbvams5p77swwiygv54ac58ia7hpic1bvg30b3wpvv7b"))))
3876ed32
OP		 928 (build-system python-build-system)
929 (propagated-inputs
8394619b 930 (list python-paramiko python-tornado))
3876ed32
OP		 931 (home-page "https://webssh.huashengdun.org/")
932 (synopsis "Web application to be used as an SSH client")
933 (description "This package provides a web application to be used as an SSH
934client.
935
936Features:
937@itemize @bullet
938@item SSH password authentication supported, including empty password.
939@item SSH public-key authentication supported, including DSA RSA ECDSA
940Ed25519 keys.
941@item Encrypted keys supported.
942@item Two-Factor Authentication (time-based one-time password) supported.
943@item Fullscreen terminal supported.
944@item Terminal window resizable.
945@item Auto detect the ssh server's default encoding.
946@item Modern browsers are supported.
947@end itemize")
948 (license license:expat)))
jackhill's copy of GNU Guix: https://guix.gnu.org/