;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2015, 2016, 2018, 2019 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2018, 2019, 2020, 2021 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016, 2019 Leo Famulari <leo@famulari.name>
-;;; Copyright © 2016 Nicolas Goaziou <mail@nicolasgoaziou.fr>
+;;; Copyright © 2016, 2021 Nicolas Goaziou <mail@nicolasgoaziou.fr>
;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
-;;; Copyright © 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017–2021 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Stefan Reichör <stefan@xsteve.at>
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2017 ng0 <ng0@n0.is>
+;;; Copyright © 2017 Nikita <nikita@n0.is>
;;; Copyright © 2018 Manuel Graf <graf@init.at>
;;; Copyright © 2019 Gábor Boskovits <boskovits@gmail.com>
;;; Copyright © 2019, 2020 Mathieu Othacehe <m.othacehe@gmail.com>
;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2020 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
#:use-module (gnu packages gperf)
#:use-module (gnu packages groff)
#:use-module (gnu packages guile)
- #:use-module (gnu packages libedit)
#:use-module (gnu packages hurd)
+ #:use-module (gnu packages libedit)
#:use-module (gnu packages linux)
#:use-module (gnu packages logging)
#:use-module (gnu packages m4)
#:use-module (gnu packages popt)
#:use-module (gnu packages protobuf)
#:use-module (gnu packages python)
+ #:use-module (gnu packages python-crypto)
+ #:use-module (gnu packages python-web)
#:use-module (gnu packages python-xyz)
#:use-module (gnu packages readline)
#:use-module (gnu packages texinfo)
#:use-module (guix utils)
#:use-module (srfi srfi-1))
+(define-public hss
+ (package
+ (name "hss")
+ (version "1.8")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/six-ddc/hss")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1rpysj65j9ls30bf2c5k5hykzzjfknrihs58imp178bx1wqzw4jl"))))
+ (inputs
+ `(("readline" ,readline)))
+ (arguments
+ `(#:make-flags
+ (list ,(string-append "CC=" (cc-for-target))
+ (string-append "INSTALL_BIN=" (assoc-ref %outputs "out") "/bin"))
+ #:tests? #f ; no tests
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'patch-file-names
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (substitute* "Makefile"
+ (("/usr/local/opt/readline")
+ (assoc-ref inputs "readline")))
+ #t))
+ (delete 'configure)))) ; no configure script
+ (build-system gnu-build-system)
+ (home-page "https://github.com/six-ddc/hss/")
+ (synopsis "Interactive SSH client for multiple servers")
+ (description
+ "@command{hss} is an interactive SSH client for multiple servers. Commands
+are executed on all servers in parallel. Execution on one server does not need
+to wait for that on another server to finish before starting. One can run a
+command on hundreds of servers at the same time, with almost the same experience
+as a local Bash shell.
+
+It supports:
+@itemize @bullet
+@item interactive input: based on GNU readline.
+@item history: responding to the @kbd{C-r} key.
+@item auto-completion: @key{TAB}-completion from remote servers for commands and
+file names.
+@end itemize\n")
+ (license license:expat)))
+
(define-public libssh
(package
(name "libssh")
- (version "0.9.4")
+ (version "0.9.5")
(source (origin
(method git-fetch)
(uri (git-reference
(commit (string-append "libssh-" version))))
(sha256
(base32
- "0qr4vi3k1wv69c95d9j26fiv78pzyksaq8ccd76b8nxar5z1fbj6"))
+ "1b2klflmn0mdkcyjl4dqfg116bf9nhmqm4qla5cqa9xis89a5bn6"))
(file-name (git-file-name name version))))
(build-system cmake-build-system)
(outputs '("out" "debug"))
version ".tar.gz"))
(sha256
(base32
- "1zfsz9nldakfz61d2j70pk29zlmj7w2vv46s9l3x2prhcgaqpyym"))))
+ "1zfsz9nldakfz61d2j70pk29zlmj7w2vv46s9l3x2prhcgaqpyym"))
+ (patches (search-patches "libssh2-CVE-2019-17498.patch"))))
(build-system gnu-build-system)
;; The installed libssh2.pc file does not include paths to libgcrypt and
;; zlib libraries, so we need to propagate the inputs.
(define-public openssh
(package
(name "openssh")
- (version "8.2p1")
+ (version "8.6p1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://openbsd/OpenSSH/portable/"
(patches (search-patches "openssh-hurd.patch"))
(sha256
(base32
- "0wg6ckzvvklbzznijxkk28fb8dnwyjd0w30ra0afwv6gwr8m34j3"))))
+ "1bnpivgk98h2f9afpp88jv6g9ps83vnpxd031n2jqxi12vdf9rn3"))))
(build-system gnu-build-system)
(native-inputs `(("groff" ,groff)
("pkg-config" ,pkg-config)))
(inputs `(("libedit" ,libedit)
("openssl" ,openssl)
- ("pam" ,linux-pam)
+ ,@(if (hurd-target?)
+ '()
+ `(("pam" ,linux-pam)))
("mit-krb5" ,mit-krb5)
("zlib" ,zlib)
- ,@(if (hurd-target?)
- '()
- `(("xauth" ,xauth))))) ; for 'ssh -X' and 'ssh -Y'
+ ("xauth" ,xauth))) ; for 'ssh -X' and 'ssh -Y'
(arguments
`(#:test-target "tests"
;; Otherwise, the test scripts try to use a nonexistent directory and
"--with-libedit"
;; Enable PAM support in sshd.
- "--with-pam"
+ ,,@(if (hurd-target?)
+ '()
+ '("--with-pam"))
;; "make install" runs "install -s" by default,
;; which doesn't work for cross-compiled binaries
"See LICENSE in the distribution."))
(home-page "https://www.openssh.com/")))
+;; OpenSSH without X support. This allows to use OpenSSH without dragging X
+;; libraries to the closure.
+(define-public openssh-sans-x
+ (package
+ (inherit openssh)
+ (name "openssh-sans-x")
+ (inputs (alist-delete "xauth" (package-inputs openssh)))
+ (synopsis "OpenSSH client and server without X11 support")))
+
(define-public guile-ssh
(package
(name "guile-ssh")
- (version "0.12.0")
+ (version "0.13.1")
(home-page "https://github.com/artyom-poptsov/guile-ssh")
(source (origin
(method git-fetch)
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
- "054hd9rzfhb48gc1hw3rphhp0cnnd4bs5qmidy5ygsyvy9ravlad"))
+ "1xpxkvgj7wgcl450djkcrmrf957mcy2f36hfs5g6kpla1gax2d1g"))
(modules '((guix build utils)))))
(build-system gnu-build-system)
(outputs '("out" "debug"))
(rename-file (string-append bin "/sssh.scm")
(string-append examples "/sssh.scm"))
(delete-file-recursively bin)
- #t))))
- ;; Tests are not parallel-safe.
- #:parallel-tests? #f))
+ #t))))))
(native-inputs `(("autoconf" ,autoconf)
("automake" ,automake)
("libtool" ,libtool)
(deprecated-package "guile3.0-ssh" guile-ssh))
(define-public corkscrew
- (package
- (name "corkscrew")
- (version "2.0")
- (source
- (origin
- (method url-fetch)
- ;; The agroman.net domain name expired on 2017-03-23, and the original
- ;; "http://www.agroman.net/corkscrew/corkscrew-2.0.tar.gz" now returns
- ;; bogus HTML. Perhaps it will yet return. Until then, use a mirror.
- (uri (string-append "https://downloads.openwrt.org/sources/"
- "corkscrew-" version ".tar.gz"))
- (sha256 (base32
- "1gmhas4va6gd70i2x2mpxpwpgww6413mji29mg282jms3jscn3qd"))))
- (build-system gnu-build-system)
- (arguments
- `(#:phases
- (modify-phases %standard-phases
- (replace 'configure
- ;; Replace configure phase as the ./configure script does not like
- ;; CONFIG_SHELL and SHELL passed as parameters
- (lambda* (#:key outputs build target #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (bash (which "bash"))
- ;; Set --build and --host flags as the provided config.guess
- ;; is not able to detect them
- (flags `(,(string-append "--prefix=" out)
- ,(string-append "--build=" build)
- ,(string-append "--host=" (or target build)))))
- (setenv "CONFIG_SHELL" bash)
- (apply invoke bash "./configure" flags))))
- (add-after 'install 'install-documentation
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (doc (string-append out "/share/doc/" ,name "-" ,version)))
- (install-file "README" doc)
- #t))))))
- (home-page "http://www.agroman.net/corkscrew")
- (synopsis "SSH tunneling through HTTP(S) proxies")
- (description
- "Corkscrew tunnels SSH connections through most HTTP and HTTPS proxies.
-Proxy authentication is only supported through the plain-text HTTP basic
-authentication scheme.")
- (license license:gpl2+)))
+ ;; The last 2.0 release hails from 2009. Use a fork (submitted upstream as
+ ;; <https://github.com/patpadgett/corkscrew/pull/5>) that adds now-essential
+ ;; IPv6 and TLS support.
+ (let ((revision "0")
+ (commit "268b71e88ee51fddceab96d665b327394f1feb12"))
+ (package
+ (name "corkscrew")
+ (version (git-version "2.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/rtgill82/corkscrew")
+ (commit commit)))
+ (sha256
+ (base32 "1rylbimlfig3ii4bqr4r058lkc43pqkxnxqpqdpm31blh3xs0dcw"))
+ (file-name (git-file-name name version))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:configure-flags
+ (list "--enable-ssl")
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'update-metadata
+ (lambda _
+ (substitute* "configure.ac"
+ ;; Our version differs significantly.
+ (("2.0") (string-append ,version " (Guix)")))
+ (substitute* "corkscrew.c"
+ ;; This domain's since been squat.
+ (("\\(agroman@agroman\\.net\\)")
+ (format #f "<~a>" ,(package-home-page this-package))))))
+ (add-after 'install 'install-documentation
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (doc (string-append out "/share/doc/" ,name "-" ,version)))
+ (install-file "README.md" doc)
+ #t))))))
+ (native-inputs
+ `(("autoconf" ,autoconf)
+ ("automake" ,automake)
+ ("pkg-config" ,pkg-config)))
+ (inputs
+ `(("openssl" ,openssl)))
+ (home-page "https://github.com/patpadgett/corkscrew")
+ (synopsis "SSH tunneling through HTTP(S) proxies")
+ (description
+ "Corkscrew tunnels SSH connections through most HTTP and HTTPS proxies.
+It supports proxy authentication through the HTTP basic authentication scheme
+with optional @acronym{TLS, Transport-Level Security} to protect credentials.")
+ (license license:gpl2+))))
(define-public mosh
(package
(arguments
'(#:phases
(modify-phases %standard-phases
+ (add-after 'unpack 'patch-FHS-file-names
+ (lambda _
+ (substitute* "scripts/mosh.pl"
+ (("/bin/sh")
+ (which "sh")))
+ #t))
(add-after 'install 'wrap
(lambda* (#:key outputs #:allow-other-keys)
;; Make sure 'mosh' can find 'mosh-client' and
responsive, especially over Wi-Fi, cellular, and long-distance links.")
(license license:gpl3+)))
-(define-public et
- (package
- (name "et")
- (version "3.1.0")
- (source
- (origin
- (method git-fetch)
- (uri (git-reference
- (url "https://github.com/MisterTea/EternalTCP.git")
- (commit (string-append "et-v" version))))
- (file-name (git-file-name name version))
- (sha256
- (base32 "1m5caxckn2ihwp9s2pbyh5amxlpwr7yc54q8s0kb10fr52w2vfnm"))))
- (build-system cmake-build-system)
- (arguments `(#:tests? #f))
- (native-inputs
- `(("pkg-config" ,pkg-config)))
- (inputs `(("glog" ,glog)
- ("gflags" ,gflags)
- ("libsodium" ,libsodium)
- ("protobuf" ,protobuf)))
- (synopsis "Remote shell that automatically reconnects")
- (description
- "Eternal Terminal (ET) is a remote shell that automatically reconnects
-without interrupting the session. Unlike SSH sessions, ET sessions will
-survive even network outages and IP changes. ET uses a custom protocol over
-TCP, not the SSH protocol.")
- (home-page "https://eternalterminal.dev/")
- (license license:asl2.0)))
-
(define-public dropbear
(package
(name "dropbear")
- (version "2019.78")
+ (version "2020.81")
(source
(origin
(method url-fetch)
"https://matt.ucc.asn.au/dropbear/releases/"
"dropbear-" version ".tar.bz2"))
(sha256
- (base32 "19242qlr40pbqfqd0gg6h8qpj38q6lgv03ja6sahj9vj2abnanaj"))))
+ (base32 "0fy5ma4cfc2pk25mcccc67b2mf1rnb2c06ilb7ddnxbpnc85s8s8"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ (delete-file-recursively "libtommath")
+ (delete-file-recursively "libtomcrypt")
+ (substitute* "configure"
+ (("-ltomcrypt") "-ltomcrypt -ltommath"))
+ #t))))
(build-system gnu-build-system)
- (arguments `(#:tests? #f)) ; there is no "make check" or anything similar
- ;; TODO: Investigate unbundling libtommath and libtomcrypt or at least
- ;; cherry-picking important bug fixes from them. See <bugs.gnu.org/24674>
- ;; for more information.
- (inputs `(("zlib" ,zlib)))
+ (arguments
+ `(#:configure-flags '("--disable-bundled-libtom")
+ #:tests? #f)) ; there is no "make check" or anything similar
+ (inputs
+ `(("libtomcrypt" ,libtomcrypt)
+ ("libtommath" ,libtommath)
+ ("zlib" ,zlib)))
(synopsis "Small SSH server and client")
(description "Dropbear is a relatively small SSH server and
client. It runs on a variety of POSIX-based platforms. Dropbear is
(substitute* "src/testsuite/login-auth-test"
(("/bin/cat") "cat"))
- #t))))
+ #t))
+ (patches (search-patches "lsh-fix-x11-forwarding.patch"))))
(build-system gnu-build-system)
(native-inputs
- `(("m4" ,m4)
+ `(("autoconf" ,autoconf)
+ ("automake" ,automake)
+ ("m4" ,m4)
("guile" ,guile-2.0)
("gperf" ,gperf)
("psmisc" ,psmisc))) ; for `killall'
;; The server (lshd) invokes xauth when X11 forwarding is requested.
;; This adds 24 MiB (or 27%) to the closure of lsh.
- ("xauth" ,xauth)))
+ ("xauth" ,xauth)
+ ("libxau" ,libxau))) ;also required for x11-forwarding
(arguments
'(;; Skip the `configure' test that checks whether /dev/ptmx &
;; co. work as expected, because it relies on impurities (for
;; 'lsh_argp.h' checks HAVE_ARGP_PARSE but nothing
;; defines it.
"CPPFLAGS=-DHAVE_ARGP_PARSE")
-
- ;; FIXME: Tests won't run in a chroot, presumably because
- ;; /etc/profile is missing, and thus clients get an empty $PATH
- ;; and nothing works.
- #:tests? #f
-
#:phases
(modify-phases %standard-phases
+ (add-after 'unpack 'disable-failing-tests
+ (lambda _
+ ;; FIXME: Most tests won't run in a chroot, presumably because
+ ;; /etc/profile is missing, and thus clients get an empty $PATH
+ ;; and nothing works. Run only the subset that passes.
+ (delete-file "configure") ;force rebootstrap
+ (substitute* "src/testsuite/Makefile.am"
+ (("seed-test \\\\") ;prevent trailing slash
+ "seed-test")
+ (("^\t(lsh|daemon|tcpip|socks|lshg|lcp|rapid7|lshd).*test.*")
+ ""))
+ #t))
(add-before 'configure 'pre-configure
(lambda* (#:key inputs #:allow-other-keys)
(let* ((nettle (assoc-ref inputs "nettle"))
(define-public sshpass
(package
(name "sshpass")
- (version "1.06")
- (synopsis "Non-interactive password authentication with SSH")
- (home-page "https://sourceforge.net/projects/sshpass/")
+ (version "1.09")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/sshpass/sshpass/"
version "/sshpass-" version ".tar.gz"))
(sha256
- (base32
- "0q7fblaczb7kwbsz0gdy9267z0sllzgmf0c7z5c9mf88wv74ycn6"))))
+ (base32 "1dwzqknpswa8vjlbwsx9rcq1j2a7px9h9i2anh09pzkz0mg6wx3i"))))
(build-system gnu-build-system)
- (description "sshpass is a tool for non-interactivly performing password
+ (home-page "https://sourceforge.net/projects/sshpass/")
+ (synopsis "Non-interactive password authentication with SSH")
+ (description "sshpass is a tool for non-interactively performing password
authentication with SSH's so-called @dfn{interactive keyboard password
authentication}.")
(license license:gpl2+)))
shell services and remote host selection.")
(license license:gpl2+)))
+(define-public python-asyncssh
+ (package
+ (name "python-asyncssh")
+ (version "2.5.0")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (pypi-uri "asyncssh" version))
+ (sha256
+ (base32
+ "02xpzir9rmw7b7k07m3f912h6jvy9yzan9yn3ckrmqx2ffpy4r8b"))))
+ (build-system python-build-system)
+ (propagated-inputs
+ `(("python-cryptography" ,python-cryptography)
+ ("python-pyopenssl" ,python-pyopenssl)
+ ("python-gssapi" ,python-gssapi)
+ ("python-bcrypt" ,python-bcrypt)))
+ (native-inputs
+ `(("openssh" ,openssh)
+ ("openssl" ,openssl)))
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'disable-tests
+ (lambda* _
+ (substitute* "tests/test_agent.py"
+ ;; TODO Test fails for unknown reason
+ (("(.+)async def test_confirm" all indent)
+ (string-append indent "@unittest.skip('disabled by guix')\n"
+ indent "async def test_confirm")))
+ #t)))))
+ (home-page "https://asyncssh.readthedocs.io/")
+ (synopsis "Asynchronous SSHv2 client and server library for Python")
+ (description
+ "AsyncSSH is a Python package which provides an asynchronous client and
+server implementation of the SSHv2 protocol on top of the Python 3.6+ asyncio
+framework.")
+ (license license:epl2.0)))
+
(define-public clustershell
(package
(name "clustershell")
(origin
(method git-fetch)
(uri (git-reference
- (url "https://github.com/skeeto/endlessh.git")
+ (url "https://github.com/skeeto/endlessh")
(commit version)))
(file-name (git-file-name name version))
(sha256
single-threaded, standalone C program. It uses @code{poll()} to trap multiple
clients at a time.")
(license license:unlicense)))
+
+(define-public webssh
+ (package
+ (name "webssh")
+ (version "1.5.3")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/huashengdun/webssh")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1bcy9flrzbvams5p77swwiygv54ac58ia7hpic1bvg30b3wpvv7b"))))
+ (build-system python-build-system)
+ (propagated-inputs
+ `(("python-paramiko" ,python-paramiko)
+ ("python-tornado" ,python-tornado)))
+ (home-page "https://webssh.huashengdun.org/")
+ (synopsis "Web application to be used as an SSH client")
+ (description "This package provides a web application to be used as an SSH
+client.
+
+Features:
+@itemize @bullet
+@item SSH password authentication supported, including empty password.
+@item SSH public-key authentication supported, including DSA RSA ECDSA
+Ed25519 keys.
+@item Encrypted keys supported.
+@item Two-Factor Authentication (time-based one-time password) supported.
+@item Fullscreen terminal supported.
+@item Terminal window resizable.
+@item Auto detect the ssh server's default encoding.
+@item Modern browsers are supported.
+@end itemize")
+ (license license:expat)))