OpenSSL 0.9.5a or greater:
http://www.openssl.org/
-RPMs of OpenSSL are available in the support/ directory of the OpenSSH
-mirror site. OpenSSH requires OpenSSL version 0.9.5 or later.
+RPMs of OpenSSL are available at http://violet.ibs.com.au/openssh/files/support
OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system
-supports it. PAM is standard on Redhat and Debian Linux and on Solaris.
+supports it. PAM is standard on Redhat and Debian Linux, Solaris and
+HP-UX 11.
PAM:
http://www.kernel.org/pub/linux/libs/pam/
OpenSSH has only been tested with GNU make. It may work with other
'make' programs, but you are on your own.
+pcre (POSIX Regular Expression library):
+ftp://ftp.cus.cam.ac.uk/pub/software/programs/pcre/
+
+Most platforms do not required this. However older 4.3 BSD do not
+have a posix regex library.
+
+S/Key Libraries:
+http://www.sparc.spb.su/solaris/skey/
+
+If you wish to use --with-skey then you will need the above library
+installed. No other current S/Key library is currently known to be
+supported.
+
2. Building / Installation
--------------------------
This will install the binaries in /opt/{bin,lib,sbin}, but will place the
configuration files in /etc/ssh.
-If you are using PAM, you will need to manually install a PAM
+If you are using PAM, you may need to manually install a PAM
control file as "/etc/pam.d/sshd" (or wherever your system
prefers to keep them). A generic PAM configuration is included as
"contrib/sshd.pam.generic", you may need to edit it before using it on
your system. If you are using a recent version of Redhat Linux, the
-config file in contrib/redhat/sshd.pam should be more useful.
+config file in contrib/redhat/sshd.pam should be more useful.
+Failure to install a valid PAM file may result in an inability to
+use password authentication. On HP-UX 11, the standard /etc/pam.conf
+configuration will work with sshd (sshd will match the OTHER service
+name).
There are a few other options to the configure script:
to work. Use the optional PATH argument to specify the root of your
AFS installation. AFS requires Kerberos support to be enabled.
---with-skey will enable S/Key one time password support. You will need
-the S/Key libraries and header files installed for this to work.
+--with-skey=PATH will enable S/Key one time password support. You will
+need the S/Key libraries and header files installed for this to work.
--with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow|deny)
support. You will need libwrap.a and tcpd.h installed.
can specify these as environment variables before running ./configure.
For example:
-CFLAGS="-O -m486" LFLAGS="-s" LIBS="-lrubbish" LD="/usr/foo/ld" ./configure
+CFLAGS="-O -m486" LDFLAGS="-s" LIBS="-lrubbish" LD="/usr/foo/ld" ./configure
3. Configuration
----------------
review it to ensure that it matches your security requirements.
To generate a host key, run "make host-key". Alternately you can do so
-manually using the following command:
+manually using the following commands:
-/usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N ''
+ ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N ""
+ ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N ""
Replacing /etc/ssh with the correct path to the configuration directory.
(${prefix}/etc or whatever you specified with --sysconfdir during