Here is the “patch-zz” file & the “distinfo” file that you'll need to patch the OpenSSH 5.0p1 server to allow you to specify a Umask for SFTP (and/or disable chmod/chown).

patch-zz

distinfo

Note: You need to remove the ”.txt” extension from these files.

Here are the basic steps:

 1. Get the latest PKGSRC
    ~> cvs -d anoncvs@anoncvs.us.netbsd.org:/cvsroot co pkgsrc
 2. ~> cd pkgsrc/security/openssh/
 3. Copy patch-zz to the "patches" directory
 4. Copy "distinfo" to the current directory
 5. > unset PKG_PATH
    OPTIONAL:  edit Makefile to disable UTMP/WTMP:
      CONFIGURE_ARGS+=        --disable-utmp --disable-wtmp
 6. > bmake
 7. > sudo/su/su -  (be root)
 8. > bmake install [or "bmake update" if already installed]
 9. Disable the Sun SSH SMF ** SEE WARNING BELOW
    > svcadm disable ssh
10. Create & Enable the OpenSSH SMF (or use an rc.d script) [see below for my examples]
11. Edit /opt/local/etc/ssh/sshd_config:
    # SFTP Overrides
    SftpPermitChmod no
    SftpPermitChown no
    SftpUmask 0002
12. Restart OpenSSH

** WARNING: SMF will try to kill the current SSHD process & all sub-processes when you disable it, so you need to have a way to automatically restart SSHD so you can log back in. I used a cron job that ran every 15 minutes and started the rc.d script. You could also start a separate SSHD process on a separate port & just leave it running until you have the new one set up on port 22.

Here are the files I used for SMF:

/opt/local/svc/method/opensshd

/opt/local/svc/manifest/opensshd.xml

Import the opensshd.xml file:

> cd /opt/local/svc/manifest
> svccfg import opensshd.xml