X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/acc3d05ebe23862b769334c5cca606978b703f19..77fa2ab46721bcc01b898b7df0aa85c170931c06:/openssh/INSTALL diff --git a/openssh/INSTALL b/openssh/INSTALL index 835f8be..777bdfe 100644 --- a/openssh/INSTALL +++ b/openssh/INSTALL @@ -3,24 +3,20 @@ You will need working installations of Zlib and OpenSSL. -Zlib 1.1.4 or greater: +Zlib: http://www.gzip.org/zlib/ -OpenSSL 0.9.6 or greater: +OpenSSL 0.9.5a or greater: http://www.openssl.org/ -(OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1 -Blowfish) do not work correctly.) +RPMs of OpenSSL are available at http://violet.ibs.com.au/openssh/files/support. +For Red Hat Linux 6.2, they have been released as errata. RHL7 includes +these. OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system supports it. PAM is standard on Redhat and Debian Linux, Solaris and HP-UX 11. -NB. If you operating system supports /dev/random, you should configure -OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of -/dev/random. If you don't you will have to rely on ssh-rand-helper, which -is inferior to a good kernel-based solution. - PAM: http://www.kernel.org/pub/linux/libs/pam/ @@ -33,7 +29,7 @@ http://www.gnome.org/ Alternatively, Jim Knoble has written an excellent X11 passphrase requester. This is maintained separately at: -http://www.jmknoble.net/software/x11-ssh-askpass/ +http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html PRNGD: @@ -49,6 +45,18 @@ lacks /dev/random and don't want to use OpenSSH's internal entropy collection. http://www.lothar.com/tech/crypto/ +GNU Make: +ftp://ftp.gnu.org/gnu/make/ + +OpenSSH has only been tested with GNU make. It may work with other +'make' programs, but you are on your own. + +PCRE (PERL-compatible Regular Expression library): +ftp://ftp.cus.cam.ac.uk/pub/software/programing/pcre/ + +Most platforms do not require this. However older Unices may not have a +posix regex library. PCRE provides a POSIX interface. + S/Key Libraries: http://www.sparc.spb.su/solaris/skey/ @@ -101,8 +109,20 @@ name). There are a few other options to the configure script: ---with-pam enables PAM support. If PAM support is compiled in, it must -also be enabled in sshd_config (refer to the UsePAM directive). +--with-rsh=PATH allows you to specify the path to your rsh program. +Normally ./configure will search the current $PATH for 'rsh'. You +may need to specify this option if rsh is not in your path or has a +different name. + +--with-pam enables PAM support. + +--enable-gnome-askpass will build the GNOME passphrase dialog. You +need a working installation of GNOME, including the development +headers, for this to work. + +--with-random=/some/file allows you to specify an alternate source of +random numbers (the default is /dev/urandom). Unless you are absolutely +sure of what you are doing, it is best to leave this alone. --with-prngd-socket=/some/file allows you to enable EGD or PRNGD support and to specify a PRNGd socket. Use this if your Unix lacks @@ -120,9 +140,19 @@ it if lastlog is installed in a different place. --without-lastlog will disable lastlog support entirely. ---with-osfsia, --without-osfsia will enable or disable OSF1's Security +--with-sia, --without-sia will enable or disable OSF1's Security Integration Architecture. The default for OSF1 machines is enable. +--with-kerberos4=PATH will enable Kerberos IV support. You will need +to have the Kerberos libraries and header files installed for this +to work. Use the optional PATH argument to specify the root of your +Kerberos installation. + +--with-afs=PATH will enable AFS support. You will need to have the +Kerberos IV and the AFS libraries and header files installed for this +to work. Use the optional PATH argument to specify the root of your +AFS installation. AFS requires Kerberos support to be enabled. + --with-skey=PATH will enable S/Key one time password support. You will need the S/Key libraries and header files installed for this to work. @@ -148,16 +178,18 @@ created. --with-xauth=PATH specifies the location of the xauth binary +--with-ipv4-default instructs OpenSSH to use IPv4 by default for new +connections. Normally OpenSSH will try attempt to lookup both IPv6 and +IPv4 addresses. On Linux/glibc-2.1.2 this causes long delays in name +resolution. If this option is specified, you can still attempt to +connect to IPv6 addresses using the command line option '-6'. + --with-ssl-dir=DIR allows you to specify where your OpenSSL libraries are installed. --with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to real (AF_INET) IPv4 addresses. Works around some quirks on Linux. ---with-opensc=DIR ---with-sectok=DIR allows for OpenSC or sectok smartcard libraries to -be used with OpenSSH. See 'README.smartcard' for more details. - If you need to pass special options to the compiler or linker, you can specify these as environment variables before running ./configure. For example: