You will need working installations of Zlib and OpenSSL.
Zlib:
-http://www.cdrom.com/pub/infozip/zlib/
+http://www.freesoftware.com/pub/infozip/zlib/
-OpenSSL:
+OpenSSL 0.9.5a or greater:
http://www.openssl.org/
-RPMs of OpenSSL are available in the support/ directory of the OpenSSH
-mirror site. OpenSSH requires OpenSSL version 0.9.5 or later.
+RPMs of OpenSSL are available at http://violet.ibs.com.au/openssh/files/support
OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system
-supports it. PAM is standard on Redhat and Debian Linux and on Solaris.
+supports it. PAM is standard on Redhat and Debian Linux, Solaris and
+HP-UX 11.
PAM:
http://www.kernel.org/pub/linux/libs/pam/
http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html
-If you are planning to use OpenSSH on a Unix which lacks a Kernel random
-number generator (/dev/urandom), you will need to install the Entropy
-Gathering Daemon (or similar). You will also need to specify the
---with-egd-pool option to ./configure.
+The Entropy Gathering Daemon (EGD) is supported if you have a system which
+lacks /dev/random and don't want to use OpenSSH's internal entropy collection.
EGD:
http://www.lothar.com/tech/crypto/
OpenSSH has only been tested with GNU make. It may work with other
'make' programs, but you are on your own.
+pcre (POSIX Regular Expression library):
+ftp://ftp.cus.cam.ac.uk/pub/software/programs/pcre/
+
+Most platforms do not required this. However older 4.3 BSD do not
+have a posix regex library.
+
+S/Key Libraries:
+http://www.sparc.spb.su/solaris/skey/
+
+If you wish to use --with-skey then you will need the above library
+installed. No other current S/Key library is currently known to be
+supported.
+
2. Building / Installation
--------------------------
This will install the binaries in /opt/{bin,lib,sbin}, but will place the
configuration files in /etc/ssh.
-If you are using PAM, you will need to manually install a PAM
+If you are using PAM, you may need to manually install a PAM
control file as "/etc/pam.d/sshd" (or wherever your system
prefers to keep them). A generic PAM configuration is included as
"contrib/sshd.pam.generic", you may need to edit it before using it on
your system. If you are using a recent version of Redhat Linux, the
-config file in contrib/redhat/sshd.pam should be more useful.
+config file in contrib/redhat/sshd.pam should be more useful.
+Failure to install a valid PAM file may result in an inability to
+use password authentication. On HP-UX 11, the standard /etc/pam.conf
+configuration will work with sshd (sshd will match the OTHER service
+name).
There are a few other options to the configure script:
headers, for this to work.
--with-random=/some/file allows you to specify an alternate source of
-random numbers (the default is /dev/urandom). Unless you are absolutly
+random numbers (the default is /dev/urandom). Unless you are absolutely
sure of what you are doing, it is best to leave this alone.
--with-egd-pool=/some/file allows you to enable Entropy Gathering
-Daemon support and to specify a EGD pool socket. You will need to
-use this if your Unix does not support the /dev/urandom device (or
-similar). The file argument refers to the EGD pool file, not the
-EGD program itself. Please refer to the EGD documentation.
+Daemon support and to specify a EGD pool socket. Use this if your
+Unix lacks /dev/random and you don't want to use OpenSSH's builtin
+entropy collection support.
--with-lastlog=FILE will specify the location of the lastlog file.
./configure searches a few locations for lastlog, but may not find
to work. Use the optional PATH argument to specify the root of your
AFS installation. AFS requires Kerberos support to be enabled.
---with-skey will enable S/Key one time password support. You will need
-the S/Key libraries and header files installed for this to work.
+--with-skey=PATH will enable S/Key one time password support. You will
+need the S/Key libraries and header files installed for this to work.
--with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow|deny)
support. You will need libwrap.a and tcpd.h installed.
real (AF_INET) IPv4 addresses. Works around some quirks on Linux.
If you need to pass special options to the compiler or linker, you
-can specify these as enviornment variables before running ./configure.
+can specify these as environment variables before running ./configure.
For example:
-CFLAGS="-O -m486" LFLAGS="-s" LIBS="-lrubbish" LD="/usr/foo/ld" ./configure
+CFLAGS="-O -m486" LDFLAGS="-s" LIBS="-lrubbish" LD="/usr/foo/ld" ./configure
3. Configuration
----------------
review it to ensure that it matches your security requirements.
To generate a host key, run "make host-key". Alternately you can do so
-manually using the following command:
+manually using the following commands:
-/usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N ''
+ ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N ""
+ ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N ""
Replacing /etc/ssh with the correct path to the configuration directory.
(${prefix}/etc or whatever you specified with --sysconfdir during
If you experience problems compiling, installing or running OpenSSH.
Please refer to the "reporting bugs" section of the webpage at
-http://violet.ibs.com.au/openssh/
+http://www.openssh.com/
andersk / openssh.git / blobdiff