[openssh.git] / INSTALL

1. Prerequisites
----------------

You will need working installations of Zlib and OpenSSL.

Zlib:
http://www.cdrom.com/pub/infozip/zlib/

OpenSSL:
http://www.openssl.org/

OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system
supports it. PAM is standard on Redhat and Debian Linux and on Solaris.

PAM:
http://www.kernel.org/pub/linux/libs/pam/

If you wish to build the GNOME passphrase requester, you will need the GNOME
libraries and headers.

GNOME:
http://www.gnome.org/

Alternatly Jim Knoble <jmknoble@pobox.com> has written an excellent X11
passphrase requester. This is maintained seperatly at:

http://www.pobox.com/~jmknoble/jmk/


If you are planning to use OpenSSH on a Unix which lacks a Kernel random
number generator (/dev/urandom), you will need to install the Entropy
Gathering Daemon (or similar). You will also need to specify the 
--with-egd-pool option to ./configure.

EGD:
http://www.lothar.com/tech/crypto/

GNU Make:
ftp://ftp.gnu.org/gnu/make/

OpenSSH has only been tested with GNU make. It may work with other
'make' programs, but you are on your own.

2. Building / Installation
--------------------------

To install OpenSSH with default options:

./configure
make
make install

This will install the OpenSSH binaries in /usr/local/bin, configuration files
in /usr/local/etc, the server in /usr/local/sbin, etc. To specify a different
installation prefix, use the --prefix option to configure:

./configure --prefix=/opt
make
make install

Will install OpenSSH in /opt/{bin,etc,lib,sbin}. You can also override 
specific paths, for example:

./configure --prefix=/opt --sysconfdir=/etc/ssh
make
make install

This will install the binaries in /opt/{bin,lib,sbin}, but will place the
configuration files in /etc/ssh.

If you are using PAM, you will need to manually install a PAM control
file as "/etc/pam.d/sshd" (or wherever your system prefers to keep
them). A generic PAM configuration is included as "sshd.pam.generic",
you may need to edit it before using it on your system.

There are a few other options to the configure script:

--enable-gnome-askpass will build the GNOME passphrase dialog. You
need a working installation of GNOME, including the development
headers, for this to work.

--with-random=/some/file allows you to specify an alternate source of
random numbers (the default is /dev/urandom). Unless you are absolutly
sure of what you are doing, it is best to leave this alone.

--with-egd-pool=/some/file allows you to enable Entropy Gathering
Daemon support and to specify a EGD pool socket. You will need to
use this if your Unix does not support the /dev/urandom device (or
similar). The file argument refers to the EGD pool file, not the 
EGD program itself. Please refer to the EGD documentation.

--with-kerberos4 will enable Kerberos IV support. You will need to
have the Kerberos libraries and header files installed for this to
work.

--with-afs will enable AFS support. You will need to have the Kerberos
IV and the AFS libraries and header files installed for this to work.

--with-skey will enable S/Key one time password support. You will need
the S/Key libraries and header files installed for this to work.

--with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow|deny)
support. You will need libwrap.a and tcpd.h installed.

--with-md5-passwords will enable the use of MD5 passwords. Enable this
if your operating system uses MD5 passwords without using PAM.


3. Configuration
----------------

The runtime configuration files are installed by in ${prefix}/etc or 
whatever you specified as your --sysconfdir (/usr/local/etc by default).

The default configuration should be instantly usable, though you should 
review it to ensure that it matches your security requirements.

To generate a host key, issue the following command: (replacing
/etc/ssh/ssh_host_key with an appropriate path)

/usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N ''

Replacing /etc/ssh with the correct path to the configuration directory.
(${prefix}/etc or whatever you specified with --sysconfdir during 
configuration)

If you have configured OpenSSH with EGD support, ensure that EGD is
running and has collected some Entropy.

For more information on configuration, please refer to the manual pages 
for sshd, ssh and ssh-agent.

4. Problems?
------------

If you experience problems compiling, installing or running OpenSSH. 
Please refer to the "reporting bugs" section of the webpage at
http://violet.ibs.com.au/openssh/
Commit	Line	Data
8bc7973f	1	1. Prerequisites
	2	----------------
	3
	4	You will need working installations of Zlib and OpenSSL.
	5
	6	Zlib:
	7	http://www.cdrom.com/pub/infozip/zlib/
	8
	9	OpenSSL:
	10	http://www.openssl.org/
	11
	12	OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system
	13	supports it. PAM is standard on Redhat and Debian Linux and on Solaris.
	14
	15	PAM:
	16	http://www.kernel.org/pub/linux/libs/pam/
	17
1a317551	18	If you wish to build the GNOME passphrase requester, you will need the GNOME
8bc7973f	19	libraries and headers.
	20
	21	GNOME:
	22	http://www.gnome.org/
	23
1a317551	24	Alternatly Jim Knoble <jmknoble@pobox.com> has written an excellent X11
	25	passphrase requester. This is maintained seperatly at:
	26
	27	http://www.pobox.com/~jmknoble/jmk/
	28
	29
8bc7973f	30	If you are planning to use OpenSSH on a Unix which lacks a Kernel random
	31	number generator (/dev/urandom), you will need to install the Entropy
	32	Gathering Daemon (or similar). You will also need to specify the
	33	--with-egd-pool option to ./configure.
	34
	35	EGD:
	36	http://www.lothar.com/tech/crypto/
	37
9c08d6ce	38	GNU Make:
	39	ftp://ftp.gnu.org/gnu/make/
	40
	41	OpenSSH has only been tested with GNU make. It may work with other
	42	'make' programs, but you are on your own.
8bc7973f	43
	44	2. Building / Installation
	45	--------------------------
	46
	47	To install OpenSSH with default options:
	48
	49	./configure
	50	make
	51	make install
	52
	53	This will install the OpenSSH binaries in /usr/local/bin, configuration files
	54	in /usr/local/etc, the server in /usr/local/sbin, etc. To specify a different
	55	installation prefix, use the --prefix option to configure:
	56
	57	./configure --prefix=/opt
	58	make
	59	make install
	60
	61	Will install OpenSSH in /opt/{bin,etc,lib,sbin}. You can also override
	62	specific paths, for example:
	63
	64	./configure --prefix=/opt --sysconfdir=/etc/ssh
	65	make
	66	make install
	67
	68	This will install the binaries in /opt/{bin,lib,sbin}, but will place the
	69	configuration files in /etc/ssh.
	70
4655fe80	71	If you are using PAM, you will need to manually install a PAM control
	72	file as "/etc/pam.d/sshd" (or wherever your system prefers to keep
	73	them). A generic PAM configuration is included as "sshd.pam.generic",
	74	you may need to edit it before using it on your system.
529c5440	75
8bc7973f	76	There are a few other options to the configure script:
8bc7973f	77
721c55f0	78	--enable-gnome-askpass will build the GNOME passphrase dialog. You
	79	need a working installation of GNOME, including the development
	80	headers, for this to work.
8bc7973f	81
721c55f0	82	--with-random=/some/file allows you to specify an alternate source of
721c55f0	83	random numbers (the default is /dev/urandom). Unless you are absolutly
8bc7973f	84	sure of what you are doing, it is best to leave this alone.
8bc7973f	85
721c55f0	86	--with-egd-pool=/some/file allows you to enable Entropy Gathering
	87	Daemon support and to specify a EGD pool socket. You will need to
	88	use this if your Unix does not support the /dev/urandom device (or
60d804c8	89	similar). The file argument refers to the EGD pool file, not the
60d804c8	90	EGD program itself. Please refer to the EGD documentation.
8bc7973f	91
721c55f0	92	--with-kerberos4 will enable Kerberos IV support. You will need to
	93	have the Kerberos libraries and header files installed for this to
	94	work.
	95
	96	--with-afs will enable AFS support. You will need to have the Kerberos
	97	IV and the AFS libraries and header files installed for this to work.
	98
	99	--with-skey will enable S/Key one time password support. You will need
	100	the S/Key libraries and header files installed for this to work.
	101
	102	--with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow\|deny)
	103	support. You will need libwrap.a and tcpd.h installed.
	104
	105	--with-md5-passwords will enable the use of MD5 passwords. Enable this
	106	if your operating system uses MD5 passwords without using PAM.
045672f9	107
8bc7973f	108
	109	3. Configuration
	110	----------------
	111
	112	The runtime configuration files are installed by in ${prefix}/etc or
	113	whatever you specified as your --sysconfdir (/usr/local/etc by default).
	114
	115	The default configuration should be instantly usable, though you should
	116	review it to ensure that it matches your security requirements.
	117
3e807d1e	118	To generate a host key, issue the following command: (replacing
	119	/etc/ssh/ssh_host_key with an appropriate path)
	120
	121	/usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N ''
	122
7303768f	123	Replacing /etc/ssh with the correct path to the configuration directory.
	124	(${prefix}/etc or whatever you specified with --sysconfdir during
	125	configuration)
	126
60d804c8	127	If you have configured OpenSSH with EGD support, ensure that EGD is
	128	running and has collected some Entropy.
	129
8bc7973f	130	For more information on configuration, please refer to the manual pages
	131	for sshd, ssh and ssh-agent.
	132
7303768f	133	4. Problems?
	134	------------
	135
	136	If you experience problems compiling, installing or running OpenSSH.
	137	Please refer to the "reporting bugs" section of the webpage at
	138	http://violet.ibs.com.au/openssh/
	139