HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: r-rspectra: Update to 0.16-0.
[jackhill/guix/guix.git] / gnu / packages / ssh.scm
CommitLineData
2fbf053b 1;;; GNU Guix --- Functional package management for GNU
a8b0556e 2;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
06ed5982 3;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
45f2ffb4 4;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
87007947 5;;; Copyright © 2015, 2016, 2018, 2019 Efraim Flashner <efraim@flashner.co.il>
af8f7eb4 6;;; Copyright © 2016, 2019 Leo Famulari <leo@famulari.name>
c777570b 7;;; Copyright © 2016 Nicolas Goaziou <mail@nicolasgoaziou.fr>
8caeb117 8;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
d6bbb7e5 9;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
c9a6a36f 10;;; Copyright © 2017 Stefan Reichör <stefan@xsteve.at>
227dbd84 11;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
47956fa0 12;;; Copyright © 2017 ng0 <ng0@n0.is>
ae72b8f5 13;;; Copyright © 2018 Manuel Graf <graf@init.at>
618631f3 14;;; Copyright © 2019 Gábor Boskovits <boskovits@gmail.com>
2fbf053b
AE		 15;;;
16;;; This file is part of GNU Guix.
17;;;
18;;; GNU Guix is free software; you can redistribute it and/or modify it
19;;; under the terms of the GNU General Public License as published by
20;;; the Free Software Foundation; either version 3 of the License, or (at
21;;; your option) any later version.
22;;;
23;;; GNU Guix is distributed in the hope that it will be useful, but
24;;; WITHOUT ANY WARRANTY; without even the implied warranty of
25;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26;;; GNU General Public License for more details.
27;;;
28;;; You should have received a copy of the GNU General Public License
29;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
30
31(define-module (gnu packages ssh)
2102ae2e
DC		 32 #:use-module (gnu packages)
33 #:use-module (gnu packages autotools)
34 #:use-module (gnu packages base)
35 #:autoload (gnu packages boost) (boost)
2fbf053b 36 #:use-module (gnu packages compression)
c9a6a36f 37 #:use-module (gnu packages crypto)
2102ae2e 38 #:use-module (gnu packages elf)
2fbf053b 39 #:use-module (gnu packages gnupg)
2102ae2e 40 #:use-module (gnu packages gperf)
fe0b8a78 41 #:use-module (gnu packages groff)
49d294e5 42 #:use-module (gnu packages guile)
618631f3 43 #:use-module (gnu packages libedit)
2102ae2e 44 #:use-module (gnu packages linux)
c9a6a36f 45 #:use-module (gnu packages logging)
2102ae2e
DC		 46 #:use-module (gnu packages m4)
47 #:use-module (gnu packages multiprecision)
87bf526b 48 #:use-module (gnu packages ncurses)
2102ae2e 49 #:use-module (gnu packages nettle)
89e34644 50 #:use-module (gnu packages kerberos)
2102ae2e
DC		 51 #:use-module (gnu packages perl)
52 #:use-module (gnu packages pkg-config)
c9a6a36f 53 #:use-module (gnu packages popt)
87bf526b 54 #:autoload (gnu packages protobuf) (protobuf)
ae72b8f5 55 #:use-module (gnu packages python)
44d10b1f 56 #:use-module (gnu packages python-xyz)
2102ae2e
DC		 57 #:use-module (gnu packages readline)
58 #:use-module (gnu packages texinfo)
cc2b77df 59 #:use-module (gnu packages tls)
2102ae2e
DC		 60 #:use-module (gnu packages xorg)
61 #:use-module (guix build-system cmake)
62 #:use-module (guix build-system gnu)
ae72b8f5 63 #:use-module (guix build-system python)
2fbf053b 64 #:use-module (guix download)
817efe8b 65 #:use-module (guix git-download)
2102ae2e 66 #:use-module ((guix licenses) #:prefix license:)
befbaebf 67 #:use-module (guix packages)
7e90eb98 68 #:use-module (guix utils)
befbaebf 69 #:use-module (srfi srfi-1))
1681cd4a
LC		 70
71(define-public libssh
eed00f93
LF		 72 (package
73 (name "libssh")
def91c13 74 (version "0.9.2")
eed00f93
LF		 75 (source (origin
76 (method git-fetch)
77 (uri (git-reference
d5401375 78 (url "https://git.libssh.org/projects/libssh.git")
12995856 79 (commit (string-append "libssh-" version))))
eed00f93
LF		 80 (sha256
81 (base32
def91c13 82 "14g4rvp91skn2hlsjyhkv58vhng65xrf34cfqffixa4al869hzgj"))
eed00f93
LF		 83 (file-name (git-file-name name version))))
84 (build-system cmake-build-system)
85 (outputs '("out" "debug"))
86 (arguments
87 '(#:configure-flags '("-DWITH_GCRYPT=ON")
deed349b 88
a8b0556e
LC		 89 #:phases (modify-phases %standard-phases
90 (add-before 'configure 'avoid-werror
91 (lambda _
92 ;; Avoid '-Werror'. Presumably this works fine with
93 ;; gcc@8 on x86_64 but leads to errors with our older
94 ;; compiler.
95 (substitute* "CompilerChecks.cmake"
96 (("-Werror=") "-W"))
97 #t)))
98
eed00f93
LF		 99 ;; TODO: Add 'CMockery' and '-DWITH_TESTING=ON' for the test suite.
100 #:tests? #f))
101 (inputs `(("zlib" ,zlib)
102 ("libgcrypt" ,libgcrypt)))
103 (synopsis "SSH client library")
104 (description
105 "libssh is a C library implementing the SSHv2 and SSHv1 protocol for client
106and server implementations. With libssh, you can remotely execute programs,
107transfer files, and use a secure and transparent tunnel for your remote
108applications.")
109 (home-page "https://www.libssh.org")
110 (license license:lgpl2.1+)))
2fbf053b
AE		 111
112(define-public libssh2
113 (package
114 (name "libssh2")
61f34ae5 115 (version "1.9.0")
2fbf053b
AE		 116 (source (origin
117 (method url-fetch)
118 (uri (string-append
78d80c5c 119 "https://www.libssh2.org/download/libssh2-"
2fbf053b 120 version ".tar.gz"))
78d80c5c
LF		 121 (sha256
122 (base32
61f34ae5 123 "1zfsz9nldakfz61d2j70pk29zlmj7w2vv46s9l3x2prhcgaqpyym"))))
2fbf053b 124 (build-system gnu-build-system)
e9c14f37
EB		 125 ;; The installed libssh2.pc file does not include paths to libgcrypt and
126 ;; zlib libraries, so we need to propagate the inputs.
127 (propagated-inputs `(("libgcrypt" ,libgcrypt)
128 ("zlib" ,zlib)))
61f34ae5 129 (arguments `(#:configure-flags `("--with-libgcrypt")))
35b9e423 130 (synopsis "Client-side C library implementing the SSH2 protocol")
2fbf053b
AE		 131 (description
132 "libssh2 is a library intended to allow software developers access to
35b9e423 133the SSH-2 protocol in an easy-to-use self-contained package. It can be built
2fbf053b
AE		 134into an application to perform many different tasks when communicating with
135a server that supports the SSH-2 protocol.")
136 (license license:bsd-3)
18e627be 137 (home-page "https://www.libssh2.org/")))
fe0b8a78
AE		 138
139(define-public openssh
140 (package
141 (name "openssh")
fa619007 142 (version "8.0p1")
fe0b8a78 143 (source (origin
644e5f17
TGR		 144 (method url-fetch)
145 (uri (string-append "mirror://openbsd/OpenSSH/portable/"
146 name "-" version ".tar.gz"))
147 (sha256
148 (base32
fa619007 149 "0s7xh4s0qcipnjh9ls5blxcpvhyd116z9dxn3q1yi64lwrwki55x"))))
fe0b8a78 150 (build-system gnu-build-system)
618631f3
GB		 151 (native-inputs `(("groff" ,groff)
152 ("pkg-config" ,pkg-config)))
153 (inputs `(("libedit" ,libedit)
154 ("openssl" ,openssl)
39012aab 155 ("pam" ,linux-pam)
040b6299 156 ("mit-krb5" ,mit-krb5)
683a4a34
LC		 157 ("zlib" ,zlib)
158 ("xauth" ,xauth))) ;for 'ssh -X' and 'ssh -Y'
fe0b8a78
AE		 159 (arguments
160 `(#:test-target "tests"
d3552450
LF		 161 ;; Otherwise, the test scripts try to use a nonexistent directory and
162 ;; fail.
163 #:make-flags '("REGRESSTMP=\"$${BUILDDIR}/regress\"")
040b6299 164 #:configure-flags `("--sysconfdir=/etc/ssh"
39012aab 165
040b6299 166 ;; Default value of 'PATH' used by sshd.
9af49832
LC		 167 "--with-default-path=/run/current-system/profile/bin"
168
040b6299
JD		 169 ;; configure needs to find krb5-config
170 ,(string-append "--with-kerberos5="
171 (assoc-ref %build-inputs "mit-krb5")
172 "/bin")
173
618631f3
GB		 174 ;; libedit needed for sftp completion
175 "--with-libedit"
176
39012aab
LC		 177 ;; Enable PAM support in sshd.
178 "--with-pam")
179
fe0b8a78 180 #:phases
a9ee11d5
RW		 181 (modify-phases %standard-phases
182 (add-after 'configure 'reset-/var/empty
183 (lambda* (#:key outputs #:allow-other-keys)
184 (let ((out (assoc-ref outputs "out")))
185 (substitute* "Makefile"
186 (("PRIVSEP_PATH=/var/empty")
187 (string-append "PRIVSEP_PATH=" out "/var/empty")))
188 #t)))
189 (add-before 'check 'patch-tests
190 (lambda _
191 ;; remove 't-exec' regress target which requires user 'sshd'
192 (substitute* "regress/Makefile"
193 (("^(REGRESS_TARGETS=.*) t-exec(.*)" all pre post)
194 (string-append pre post)))
195 #t))
196 (replace 'install
36f26211 197 (lambda* (#:key outputs (make-flags '()) #:allow-other-keys)
a9ee11d5 198 ;; install without host keys and system configuration files
27b6adb7
MW		 199 (apply invoke "make" "install-nosysconf" make-flags)
200 (install-file "contrib/ssh-copy-id"
201 (string-append (assoc-ref outputs "out")
202 "/bin/"))
203 (chmod (string-append (assoc-ref outputs "out")
204 "/bin/ssh-copy-id") #o555)
205 (install-file "contrib/ssh-copy-id.1"
206 (string-append (assoc-ref outputs "out")
207 "/share/man/man1/"))
208 #t)))))
35b9e423 209 (synopsis "Client and server for the secure shell (ssh) protocol")
fe0b8a78
AE		 210 (description
211 "The SSH2 protocol implemented in OpenSSH is standardised by the
212IETF secsh working group and is specified in several RFCs and drafts.
213It is composed of three layered components:
214
215The transport layer provides algorithm negotiation and a key exchange.
216The key exchange includes server authentication and results in a
217cryptographically secured connection: it provides integrity, confidentiality
218and optional compression.
219
220The user authentication layer uses the established connection and relies on
35b9e423
EB		 221the services provided by the transport layer. It provides several mechanisms
222for user authentication. These include traditional password authentication
fe0b8a78
AE		 223as well as public-key or host-based authentication mechanisms.
224
225The connection layer multiplexes many different concurrent channels over the
226authenticated connection and allows tunneling of login sessions and
35b9e423 227TCP-forwarding. It provides a flow control service for these channels.
fe0b8a78 228Additionally, various channel-specific options can be negotiated.")
166191b3 229 (license (license:non-copyleft "file://LICENSE"
fe0b8a78 230 "See LICENSE in the distribution."))
1121a5c6 231 (home-page "https://www.openssh.com/")))
fe0b8a78 232
49d294e5
LC		 233(define-public guile-ssh
234 (package
235 (name "guile-ssh")
64bcc76c 236 (version "0.11.3")
6634180f 237 (home-page "https://github.com/artyom-poptsov/guile-ssh")
49d294e5 238 (source (origin
e98c354d
LC		 239 (method git-fetch)
240 (uri (git-reference
241 (url home-page)
242 (commit (string-append "v" version))))
6634180f 243 (file-name (string-append name "-" version ".tar.gz"))
49d294e5
LC		 244 (sha256
245 (base32
e98c354d 246 "03bv3hwp2s8f0bqgfjaan9jx4dyab0abv27n2zn2g0izlidv0vl6"))
a8b0556e
LC		 247 (modules '((guix build utils)))
248 (snippet
249 '(begin
250 ;; libssh >= 0.8.0 no longer provides libssh_threads: see
251 ;; <https://github.com/artyom-poptsov/guile-ssh/issues/9>.
252 (substitute* "libguile-ssh/Makefile.am"
253 (("-lssh_threads") ""))
254
255 ;; This test would wrongfully pick DSS keys when running on
256 ;; libssh >= 0.8.0, which fails:
257 ;; <https://github.com/artyom-poptsov/guile-ssh/issues/10>.
258 (substitute* "tests/server.scm"
259 (("= %libssh-minor-version 7")
260 ">= %libssh-minor-version 7"))
7e90eb98
LC		 261
262 ;; Allow builds with Guile 3.0.
263 (substitute* "configure.ac"
264 (("^GUILE_PKG.*$")
265 "GUILE_PKG([3.0 2.2 2.0])\n"))
a8b0556e 266 #t))))
49d294e5 267 (build-system gnu-build-system)
74460d11 268 (outputs '("out" "debug"))
49d294e5 269 (arguments
c305ac30
LC		 270 '(;; It makes no sense to build libguile-ssh.a.
271 #:configure-flags '("--disable-static")
272
273 #:phases (modify-phases %standard-phases
92b72582 274 (add-before 'build 'fix-libguile-ssh-file-name
8a8f6590 275 (lambda* (#:key outputs #:allow-other-keys)
92b72582
LC		 276 ;; Build and install libguile-ssh.so so that we can use
277 ;; its absolute file name in .scm files, before we build
278 ;; the .go files.
e7c37ed5
TGR		 279 (let* ((out (assoc-ref outputs "out"))
280 (lib (string-append out "/lib")))
281 (invoke "make" "install"
282 "-C" "libguile-ssh"
283 "-j" (number->string
284 (parallel-job-count)))
285 (substitute* (find-files "." "\\.scm$")
286 (("\"libguile-ssh\"")
287 (string-append "\"" lib "/libguile-ssh\"")))
288 #t)))
d0002642
RJ		 289 (add-after 'install 'remove-bin-directory
290 (lambda* (#:key outputs #:allow-other-keys)
291 (let* ((out (assoc-ref outputs "out"))
292 (bin (string-append out "/bin"))
293 (examples (string-append
294 out "/share/guile-ssh/examples")))
295 (mkdir-p examples)
296 (rename-file (string-append bin "/ssshd.scm")
297 (string-append examples "/ssshd.scm"))
298 (rename-file (string-append bin "/sssh.scm")
299 (string-append examples "/sssh.scm"))
300 (delete-file-recursively bin)
301 #t))))
afde8da3
LC		 302 ;; Tests are not parallel-safe.
303 #:parallel-tests? #f))
49d294e5
LC		 304 (native-inputs `(("autoconf" ,autoconf)
305 ("automake" ,automake)
3246cc91 306 ("libtool" ,libtool)
00ee3a71 307 ("texinfo" ,texinfo)
49d294e5
LC		 308 ("pkg-config" ,pkg-config)
309 ("which" ,which)))
4d8806c3 310 (inputs `(("guile" ,guile-2.2)
6f9d5b2e 311 ("libssh" ,libssh)
44fd0994 312 ("libgcrypt" ,libgcrypt)))
49d294e5
LC		 313 (synopsis "Guile bindings to libssh")
314 (description
315 "Guile-SSH is a library that provides access to the SSH protocol for
316programs written in GNU Guile interpreter. It is a wrapper to the underlying
317libssh library.")
49d294e5 318 (license license:gpl3+)))
513e1950 319
4d8806c3 320(define-public guile2.0-ssh
75c260ba
LC		 321 (package
322 (inherit guile-ssh)
4d8806c3
LC		 323 (name "guile2.0-ssh")
324 (inputs `(("guile" ,guile-2.0)
75c260ba 325 ,@(alist-delete "guile" (package-inputs guile-ssh))))))
befbaebf 326
7e90eb98
LC		 327(define-public guile3.0-ssh
328 (package
329 (inherit guile-ssh)
330 (name "guile3.0-ssh")
331 (arguments
332 (substitute-keyword-arguments (package-arguments guile-ssh)
333 ((#:phases phases)
334 `(modify-phases ,phases
335 (add-before 'bootstrap 'delete-old-guile-m4
336 (lambda _
337 ;; The old 'guile.m4' that's shipped would fail to recognize
338 ;; Guile 2.9 as "3.0".
339 (delete-file "m4/guile.m4")
340 #t))
341 (add-before 'build 'adjust-for-guile3
342 (lambda _
343 ;; Adjust for things that are deprecated in 2.2 and removed in
344 ;; 3.0.
345 (substitute* "tests/common.scm"
346 (("define-module \\(tests common\\)")
347 "define-module (tests common)
348 #:use-module (ice-9 threads)\n"))
349 (substitute* "modules/ssh/tunnel.scm"
350 (("define-module \\(ssh tunnel\\)")
351 "define-module (ssh tunnel)
352 #:use-module (ice-9 threads)"))
353 (substitute* "modules/srfi/srfi-64.upstream.scm"
354 (("_IOLBF")
355 "'line"))
356 #t))))))
357 (inputs `(("guile" ,guile-next)
358 ,@(alist-delete "guile" (package-inputs guile-ssh))))))
359
513e1950
SHT		 360(define-public corkscrew
361 (package
362 (name "corkscrew")
363 (version "2.0")
364 (source
365 (origin
366 (method url-fetch)
040ae44a
TGR		 367 ;; The agroman.net domain name expired on 2017-03-23, and the original
368 ;; "http://www.agroman.net/corkscrew/corkscrew-2.0.tar.gz" now returns
369 ;; bogus HTML. Perhaps it will yet return. Until then, use a mirror.
370 (uri (string-append "https://downloads.openwrt.org/sources/"
371 "corkscrew-" version ".tar.gz"))
513e1950
SHT		 372 (sha256 (base32
373 "1gmhas4va6gd70i2x2mpxpwpgww6413mji29mg282jms3jscn3qd"))))
374 (build-system gnu-build-system)
375 (arguments
d2656332 376 `(#:phases
91c52629
EF		 377 (modify-phases %standard-phases
378 (replace 'configure
5b34f56c
TGR		 379 ;; Replace configure phase as the ./configure script does not like
380 ;; CONFIG_SHELL and SHELL passed as parameters
381 (lambda* (#:key outputs build target #:allow-other-keys)
382 (let* ((out (assoc-ref outputs "out"))
383 (bash (which "bash"))
91c52629
EF		 384 ;; Set --build and --host flags as the provided config.guess
385 ;; is not able to detect them
5b34f56c 386 (flags `(,(string-append "--prefix=" out)
91c52629
EF		 387 ,(string-append "--build=" build)
388 ,(string-append "--host=" (or target build)))))
389 (setenv "CONFIG_SHELL" bash)
5b34f56c 390 (apply invoke bash "./configure" flags))))
81d95a12
TGR		 391 (add-after 'install 'install-documentation
392 (lambda* (#:key outputs #:allow-other-keys)
393 (let* ((out (assoc-ref outputs "out"))
d2656332 394 (doc (string-append out "/share/doc/" ,name "-" ,version)))
81d95a12
TGR		 395 (install-file "README" doc)
396 #t))))))
513e1950 397 (home-page "http://www.agroman.net/corkscrew")
10c95711 398 (synopsis "SSH tunneling through HTTP(S) proxies")
513e1950 399 (description
10c95711
TGR		 400 "Corkscrew tunnels SSH connections through most HTTP and HTTPS proxies.
401Proxy authentication is only supported through the plain-text HTTP basic
402authentication scheme.")
513e1950 403 (license license:gpl2+)))
87bf526b
LC		 404
405(define-public mosh
406 (package
407 (name "mosh")
4b8b245b 408 (version "1.3.2")
87bf526b
LC		 409 (source (origin
410 (method url-fetch)
c3671282 411 (uri (string-append "https://mosh.org/mosh-" version ".tar.gz"))
87bf526b
LC		 412 (sha256
413 (base32
4b8b245b 414 "05hjhlp6lk8yjcy59zywpf0r6s0h0b9zxq0lw66dh9x8vxrhaq6s"))))
87bf526b
LC		 415 (build-system gnu-build-system)
416 (arguments
11379192
EF		 417 '(#:phases
418 (modify-phases %standard-phases
419 (add-after 'install 'wrap
420 (lambda* (#:key outputs #:allow-other-keys)
421 ;; Make sure 'mosh' can find 'mosh-client' and
422 ;; 'mosh-server'.
423 (let* ((out (assoc-ref outputs "out"))
424 (bin (string-append out "/bin")))
425 (wrap-program (string-append bin "/mosh")
426 `("PATH" ":" prefix (,bin)))))))))
87bf526b
LC		 427 (native-inputs
428 `(("pkg-config" ,pkg-config)))
429 (inputs
430 `(("openssl" ,openssl)
431 ("perl" ,perl)
432 ("perl-io-tty" ,perl-io-tty)
433 ("zlib" ,zlib)
434 ("ncurses" ,ncurses)
435 ("protobuf" ,protobuf)
436 ("boost-headers" ,boost)))
c3671282 437 (home-page "https://mosh.org/")
87bf526b
LC		 438 (synopsis "Remote shell tolerant to intermittent connectivity")
439 (description
440 "Remote terminal application that allows roaming, supports intermittent
441connectivity, and provides intelligent local echo and line editing of user
442keystrokes. Mosh is a replacement for SSH. It's more robust and responsive,
443especially over Wi-Fi, cellular, and long-distance links.")
444 (license license:gpl3+)))
8c6cfd55 445
c9a6a36f
SR		 446(define-public et
447 (package
448 (name "et")
449 (version "3.1.0")
450 (source
451 (origin
1be06dda
TGR		 452 (method git-fetch)
453 (uri (git-reference
454 (url "https://github.com/MisterTea/EternalTCP.git")
455 (commit (string-append "et-v" version))))
fc32bc45 456 (file-name (git-file-name name version))
c9a6a36f 457 (sha256
1be06dda 458 (base32 "1m5caxckn2ihwp9s2pbyh5amxlpwr7yc54q8s0kb10fr52w2vfnm"))))
c9a6a36f
SR		 459 (build-system cmake-build-system)
460 (arguments `(#:tests? #f))
461 (native-inputs
462 `(("pkg-config" ,pkg-config)))
463 (inputs `(("glog" ,glog)
464 ("gflags" ,gflags)
465 ("libsodium" ,libsodium)
466 ("protobuf" ,protobuf)))
467 (synopsis "Remote shell that automatically reconnects")
468 (description
469 "Eternal Terminal (ET) is a remote shell that automatically reconnects
470without interrupting the session. Unlike SSH sessions, ET sessions will
839ee8d5
TGR		 471survive even network outages and IP changes. ET uses a custom protocol over
472TCP, not the SSH protocol.")
c9a6a36f
SR		 473 (home-page "https://mistertea.github.io/EternalTCP/")
474 (license license:asl2.0)))
475
8c6cfd55
JD		 476(define-public dropbear
477 (package
478 (name "dropbear")
cf9ab49e 479 (version "2019.78")
e190d12e
TGR		 480 (source
481 (origin
482 (method url-fetch)
483 (uri (string-append
484 "https://matt.ucc.asn.au/dropbear/releases/"
485 "dropbear-" version ".tar.bz2"))
486 (sha256
cf9ab49e 487 (base32 "19242qlr40pbqfqd0gg6h8qpj38q6lgv03ja6sahj9vj2abnanaj"))))
8c6cfd55 488 (build-system gnu-build-system)
e190d12e 489 (arguments `(#:tests? #f)) ; there is no "make check" or anything similar
d5612439
LF		 490 ;; TODO: Investigate unbundling libtommath and libtomcrypt or at least
491 ;; cherry-picking important bug fixes from them. See <bugs.gnu.org/24674>
492 ;; for more information.
8c6cfd55
JD		 493 (inputs `(("zlib" ,zlib)))
494 (synopsis "Small SSH server and client")
495 (description "Dropbear is a relatively small SSH server and
35b9e423
EB		 496client. It runs on a variety of POSIX-based platforms. Dropbear is
497particularly useful for embedded systems, such as wireless routers.")
8c6cfd55
JD		 498 (home-page "https://matt.ucc.asn.au/dropbear/dropbear.html")
499 (license (license:x11-style "" "See file LICENSE."))))
2102ae2e
DC		 500
501(define-public liboop
502 (package
503 (name "liboop")
506737f1 504 (version "1.0.1")
2102ae2e
DC		 505 (source
506 (origin
507 (method url-fetch)
506737f1
TGR		 508 (uri (string-append "http://ftp.lysator.liu.se/pub/liboop/"
509 name "-" version ".tar.gz"))
2102ae2e
DC		 510 (sha256
511 (base32
506737f1 512 "1q0p1l72pq9k3bi7a366j2rishv7dzzkg3i6r2npsfg7cnnidbsn"))))
2102ae2e
DC		 513 (build-system gnu-build-system)
514 (home-page "http://www.lysator.liu.se/liboop/")
515 (synopsis "Event loop library")
516 (description "Liboop is a low-level event loop management library for
517POSIX-based operating systems. It supports the development of modular,
518multiplexed applications which may respond to events from several sources. It
519replaces the \"select() loop\" and allows the registration of event handlers
520for file and network I/O, timers and signals. Since processes use these
521mechanisms for almost all external communication, liboop can be used as the
522basis for almost any application.")
523 (license license:lgpl2.1+)))
524
525(define-public lsh
526 (package
527 (name "lsh")
528 (version "2.1")
529 (source (origin
530 (method url-fetch)
531 (uri (string-append "mirror://gnu/lsh/lsh-"
532 version ".tar.gz"))
533 (sha256
534 (base32
535 "1qqjy9zfzgny0rkb27c8c7dfsylvb6n0ld8h3an2r83pmaqr9gwb"))
536 (modules '((guix build utils)))
537 (snippet
538 '(begin
539 (substitute* "src/testsuite/functions.sh"
540 (("localhost")
541 ;; Avoid host name lookups since they don't work in
542 ;; chroot builds.
543 "127.0.0.1")
544 (("set -e")
545 ;; Make tests more verbose.
546 "set -e\nset -x"))
547
548 (substitute* (find-files "src/testsuite" "-test$")
549 (("localhost") "127.0.0.1"))
550
551 (substitute* "src/testsuite/login-auth-test"
6cbee49d
MW		 552 (("/bin/cat") "cat"))
553 #t))))
2102ae2e
DC		 554 (build-system gnu-build-system)
555 (native-inputs
556 `(("m4" ,m4)
557 ("guile" ,guile-2.0)
558 ("gperf" ,gperf)
559 ("psmisc" ,psmisc))) ; for `killall'
560 (inputs
561 `(("nettle" ,nettle-2)
562 ("linux-pam" ,linux-pam)
563
564 ;; 'rl.c' uses the 'CPPFunction' type, which is no longer in
565 ;; Readline 6.3.
566 ("readline" ,readline-6.2)
567
568 ("liboop" ,liboop)
569 ("zlib" ,zlib)
570 ("gmp" ,gmp)
571
572 ;; The server (lshd) invokes xauth when X11 forwarding is requested.
573 ;; This adds 24 MiB (or 27%) to the closure of lsh.
574 ("xauth" ,xauth)))
575 (arguments
576 '(;; Skip the `configure' test that checks whether /dev/ptmx &
577 ;; co. work as expected, because it relies on impurities (for
578 ;; instance, /dev/pts may be unavailable in chroots.)
d5c969ce
LC		 579 #:configure-flags '("lsh_cv_sys_unix98_ptys=yes"
580
581 ;; Use glibc's argp rather than the bundled one.
582 "--with-system-argp"
583
584 ;; 'lsh_argp.h' checks HAVE_ARGP_PARSE but nothing
585 ;; defines it.
586 "CPPFLAGS=-DHAVE_ARGP_PARSE")
2102ae2e
DC		 587
588 ;; FIXME: Tests won't run in a chroot, presumably because
589 ;; /etc/profile is missing, and thus clients get an empty $PATH
590 ;; and nothing works.
591 #:tests? #f
592
593 #:phases
594 (modify-phases %standard-phases
595 (add-before 'configure 'pre-configure
596 (lambda* (#:key inputs #:allow-other-keys)
597 (let* ((nettle (assoc-ref inputs "nettle"))
598 (sexp-conv (string-append nettle "/bin/sexp-conv")))
d5c969ce
LC		 599 ;; Remove argp from the list of sub-directories; we don't want
600 ;; to build it, really.
601 (substitute* "src/Makefile.in"
602 (("^SUBDIRS = argp")
603 "SUBDIRS ="))
604
2102ae2e
DC		 605 ;; Make sure 'lsh' and 'lshd' pick 'sexp-conv' in the right place
606 ;; by default.
607 (substitute* "src/environ.h.in"
608 (("^#define PATH_SEXP_CONV.*")
609 (string-append "#define PATH_SEXP_CONV \""
610 sexp-conv "\"\n")))
611
612 ;; Same for the 'lsh-authorize' script.
613 (substitute* "src/lsh-authorize"
614 (("=sexp-conv")
615 (string-append "=" sexp-conv)))
616
617 ;; Tell lshd where 'xauth' lives. Another option would be to
618 ;; hardcode "/run/current-system/profile/bin/xauth", thereby
619 ;; reducing the closure size, but that wouldn't work on foreign
620 ;; distros.
621 (with-fluids ((%default-port-encoding "ISO-8859-1"))
622 (substitute* "src/server_x11.c"
623 (("define XAUTH_PROGRAM.*")
624 (string-append "define XAUTH_PROGRAM \""
625 (assoc-ref inputs "xauth")
626 "/bin/xauth\"\n")))))
627
628 ;; Tests rely on $USER being set.
629 (setenv "USER" "guix"))))))
630 (home-page "http://www.lysator.liu.se/~nisse/lsh/")
631 (synopsis "GNU implementation of the Secure Shell (ssh) protocols")
632 (description
633 "GNU lsh is a free implementation of the SSH version 2 protocol. It is
634used to create a secure line of communication between two computers,
635providing shell access to the server system from the client. It provides
636both the server daemon and the client application, as well as tools for
637manipulating key files.")
638 (license license:gpl2+)))
c777570b
NG		 639
640(define-public sshpass
641 (package
642 (name "sshpass")
643 (version "1.06")
644 (synopsis "Non-interactive password authentication with SSH")
645 (home-page "https://sourceforge.net/projects/sshpass/")
646 (source
647 (origin
648 (method url-fetch)
649 (uri (string-append "mirror://sourceforge/sshpass/sshpass/"
650 version "/sshpass-" version ".tar.gz"))
651 (sha256
652 (base32
653 "0q7fblaczb7kwbsz0gdy9267z0sllzgmf0c7z5c9mf88wv74ycn6"))))
654 (build-system gnu-build-system)
655 (description "sshpass is a tool for non-interactivly performing password
656authentication with SSH's so-called @dfn{interactive keyboard password
657authentication}.")
658 (license license:gpl2+)))
8caeb117
CAW		 659
660(define-public autossh
661 (package
662 (name "autossh")
d6bbb7e5 663 (version "1.4g")
8caeb117
CAW		 664 (source
665 (origin
666 (method url-fetch)
667 (uri (string-append
26045af9 668 "https://www.harding.motd.ca/autossh/autossh-"
8caeb117
CAW		 669 version ".tgz"))
670 (sha256
d6bbb7e5 671 (base32 "0xqjw8df68f4kzkns5gcah61s5wk0m44qdk2z1d6388w6viwxhsz"))))
8caeb117
CAW		 672 (build-system gnu-build-system)
673 (arguments `(#:tests? #f)) ; There is no "make check" or anything similar
674 (inputs `(("openssh" ,openssh)))
675 (synopsis "Automatically restart SSH sessions and tunnels")
676 (description "autossh is a program to start a copy of @command{ssh} and
677monitor it, restarting it as necessary should it die or stop passing traffic.")
26045af9 678 (home-page "https://www.harding.motd.ca/autossh/")
8caeb117
CAW		 679 (license
680 ;; Why point to a source file? Well, all the individual files have a
681 ;; copy of this license in their headers, but there's no separate file
682 ;; with that information.
683 (license:non-copyleft "file://autossh.c"))))
227dbd84
RW		 684
685(define-public pdsh
686 (package
687 (name "pdsh")
b982fb1c 688 (version "2.33")
227dbd84
RW		 689 (source
690 (origin
691 (method url-fetch)
b982fb1c 692 (uri (string-append "https://github.com/chaos/pdsh/"
693 "releases/download/pdsh-" version
694 "/pdsh-" version ".tar.gz"))
695 (file-name (string-append name "-" version ".tar.gz"))
227dbd84 696 (sha256
b982fb1c 697 (base32 "0bwlkl9inj66iwvafg00pi3sk9n673phdi0kcc59y9nn55s0hs3k"))))
227dbd84
RW		 698 (build-system gnu-build-system)
699 (arguments
700 `(#:configure-flags
701 (list "--with-ssh")
702 #:phases
703 (modify-phases %standard-phases
704 (add-after 'unpack 'patch-/bin/sh
705 (lambda _
b982fb1c 706 (substitute* '("tests/t0006-pdcp.sh"
707 "tests/t0004-module-loading.sh"
708 "tests/t2001-ssh.sh"
709 "tests/t1003-slurm.sh"
710 "tests/t6036-long-output-lines.sh"
711 "tests/aggregate-results.sh"
712 "tests/t2000-exec.sh"
713 "tests/t0002-internal.sh"
714 "tests/t1002-dshgroup.sh"
715 "tests/t5000-dshbak.sh"
716 "tests/t0001-basic.sh"
717 "tests/t0005-rcmd_type-and-user.sh"
227dbd84 718 "tests/test-lib.sh"
b982fb1c 719 "tests/t2002-mrsh.sh"
720 "tests/t0003-wcoll.sh"
227dbd84
RW		 721 "tests/test-modules/pcptest.c")
722 (("/bin/sh") (which "bash")))
b982fb1c 723 #t))
724 (add-after 'unpack 'patch-tests
725 (lambda _
726 (substitute* "tests/t6036-long-output-lines.sh"
727 (("which") (which "which")))
227dbd84
RW		 728 #t)))))
729 (inputs
730 `(("openssh" ,openssh)
731 ("mit-krb5" ,mit-krb5)
732 ("perl" ,perl)))
b982fb1c 733 (native-inputs
734 `(("which" ,which)))
735 (home-page "https://github.com/chaos/pdsh")
227dbd84
RW		 736 (synopsis "Parallel distributed shell")
737 (description "Pdsh is a an efficient, multithreaded remote shell client
738which executes commands on multiple remote hosts in parallel. Pdsh implements
739dynamically loadable modules for extended functionality such as new remote
740shell services and remote host selection.")
741 (license license:gpl2+)))
ae72b8f5
MG		 742
743(define-public clustershell
744 (package
745 (name "clustershell")
40f24301 746 (version "1.8.2")
ae72b8f5
MG		 747 (source
748 (origin
749 (method url-fetch)
40f24301
EF		 750 (uri (string-append "https://github.com/cea-hpc/clustershell/releases"
751 "/download/v" version
752 "/ClusterShell-" version ".tar.gz"))
ae72b8f5 753 (sha256
40f24301 754 (base32 "1gz2g85wpk35n1fp31q753w01y3p8abm7dnbas28q4yjyvikqw75"))))
ae72b8f5
MG		 755 (build-system python-build-system)
756 (inputs `(("openssh" ,openssh)))
757 (propagated-inputs `(("python-pyyaml" ,python-pyyaml)))
758 (arguments
759 `(#:phases (modify-phases %standard-phases
760 (add-before 'build 'record-openssh-file-name
761 (lambda* (#:key inputs #:allow-other-keys)
762 (let ((ssh (assoc-ref inputs "openssh")))
763 (substitute* "lib/ClusterShell/Worker/Ssh.py"
764 (("info\\(\"ssh_path\"\\) or \"ssh\"")
765 (string-append "info(\"ssh_path\") or \""
766 ssh "/bin/ssh\"")))
767 #t))))))
768 (home-page "https://cea-hpc.github.io/clustershell/")
769 (synopsis "Scalable event-driven Python framework for cluster administration")
770 (description
771 "ClusterShell is an event-driven Python framework, designed to run local
772or distant commands in parallel on server farms or on large GNU/Linux
773clusters. It will take care of common issues encountered on HPC clusters,
774such as operating on groups of nodes, running distributed commands using
775optimized execution algorithms, as well as gathering results and merging
776identical outputs, or retrieving return codes. ClusterShell takes advantage
777of existing remote shell facilities such as SSH.")
778 (license license:lgpl2.1+)))
87007947
EF		 779
780(define-public endlessh
781 (package
782 (name "endlessh")
783 (version "1.0")
784 (source
785 (origin
786 (method url-fetch)
787 (uri (string-append "https://github.com/skeeto/endlessh/releases/"
788 "download/" version "/endlessh-" version ".tar.xz"))
789 (sha256
790 (base32
791 "0hhsr65hzrcb7ylskmxyr92svzndhks8hqzn8hvg7f7j89rkvq5k"))))
792 (build-system gnu-build-system)
793 (arguments
794 '(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
795 "CC=gcc")
796 #:tests? #f ; no test target
797 #:phases
798 (modify-phases %standard-phases
799 (delete 'configure)))) ; no configure script
800 (home-page "https://github.com/skeeto/endlessh")
801 (synopsis "SSH tarpit that slowly sends an endless banner")
802 (description
803 "Endlessh is an SSH tarpit that very slowly sends an endless, random SSH
804banner. It keeps SSH clients locked up for hours or even days at a time. The
805purpose is to put your real SSH server on another port and then let the script
806kiddies get stuck in this tarpit instead of bothering a real server.
807
808Since the tarpit is in the banner before any cryptographic exchange occurs, this
809program doesn't depend on any cryptographic libraries. It's a simple,
810single-threaded, standalone C program. It uses @code{poll()} to trap multiple
811clients at a time.")
812 (license license:unlicense)))
jackhill's copy of GNU Guix: https://guix.gnu.org/