You will need working installations of Zlib and OpenSSL.
Zlib:
-http://www.cdrom.com/pub/infozip/zlib/
+http://www.freesoftware.com/pub/infozip/zlib/
-OpenSSL:
+OpenSSL 0.9.5a or greater:
http://www.openssl.org/
+RPMs of OpenSSL are available at http://violet.ibs.com.au/openssh/files/support
+
OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system
supports it. PAM is standard on Redhat and Debian Linux and on Solaris.
http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html
-If you are planning to use OpenSSH on a Unix which lacks a Kernel random
-number generator (/dev/urandom), you will need to install the Entropy
-Gathering Daemon (or similar). You will also need to specify the
---with-egd-pool option to ./configure.
+The Entropy Gathering Daemon (EGD) is supported if you have a system which
+lacks /dev/random and don't want to use OpenSSH's internal entropy collection.
EGD:
http://www.lothar.com/tech/crypto/
OpenSSH has only been tested with GNU make. It may work with other
'make' programs, but you are on your own.
+pcre (POSIX Regular Expression library):
+ftp://ftp.cus.cam.ac.uk/pub/software/programs/pcre/
+
+Most platforms do not required this. However older 4.3 BSD do not
+have a posix regex library.
+
+
2. Building / Installation
--------------------------
prefers to keep them). A generic PAM configuration is included as
"contrib/sshd.pam.generic", you may need to edit it before using it on
your system. If you are using a recent version of Redhat Linux, the
-config file in contrib/redhat/sshd.pam should be more useful.
+config file in contrib/redhat/sshd.pam should be more useful.
+Failure to install a valid PAM file may result in an inability to
+use password authentication.
There are a few other options to the configure script:
headers, for this to work.
--with-random=/some/file allows you to specify an alternate source of
-random numbers (the default is /dev/urandom). Unless you are absolutly
+random numbers (the default is /dev/urandom). Unless you are absolutely
sure of what you are doing, it is best to leave this alone.
--with-egd-pool=/some/file allows you to enable Entropy Gathering
-Daemon support and to specify a EGD pool socket. You will need to
-use this if your Unix does not support the /dev/urandom device (or
-similar). The file argument refers to the EGD pool file, not the
-EGD program itself. Please refer to the EGD documentation.
+Daemon support and to specify a EGD pool socket. Use this if your
+Unix lacks /dev/random and you don't want to use OpenSSH's builtin
+entropy collection support.
--with-lastlog=FILE will specify the location of the lastlog file.
./configure searches a few locations for lastlog, but may not find
real (AF_INET) IPv4 addresses. Works around some quirks on Linux.
If you need to pass special options to the compiler or linker, you
-can specify these as enviornment variables before running ./configure.
+can specify these as environment variables before running ./configure.
For example:
-CFLAGS="-O -m486" LFLAGS="-s" LIBS="-lrubbish" LD="/usr/foo/ld" ./configure
+CFLAGS="-O -m486" LDFLAGS="-s" LIBS="-lrubbish" LD="/usr/foo/ld" ./configure
3. Configuration
----------------
review it to ensure that it matches your security requirements.
To generate a host key, run "make host-key". Alternately you can do so
-manually using the following command:
+manually using the following commands:
-/usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N ''
+ ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N ""
+ ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N ""
Replacing /etc/ssh with the correct path to the configuration directory.
(${prefix}/etc or whatever you specified with --sysconfdir during
If you experience problems compiling, installing or running OpenSSH.
Please refer to the "reporting bugs" section of the webpage at
-http://violet.ibs.com.au/openssh/
+http://www.openssh.com/