X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/60d804c8e83f42d23c34f58c36b63de9a6a1b196..5a64a938fa83bf2ee6cdc0b7ef1a20eaffc1480c:/INSTALL diff --git a/INSTALL b/INSTALL index 967ce6d2..c1a7eb16 100644 --- a/INSTALL +++ b/INSTALL @@ -4,27 +4,33 @@ You will need working installations of Zlib and OpenSSL. Zlib: -http://www.cdrom.com/pub/infozip/zlib/ +http://www.freesoftware.com/pub/infozip/zlib/ -OpenSSL: +OpenSSL 0.9.5a or greater: http://www.openssl.org/ +RPMs of OpenSSL are available at http://violet.ibs.com.au/openssh/files/support + OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system -supports it. PAM is standard on Redhat and Debian Linux and on Solaris. +supports it. PAM is standard on Redhat and Debian Linux, Solaris and +HP-UX 11. PAM: http://www.kernel.org/pub/linux/libs/pam/ -If you wish to build the GNOME passphrase requestor, you will need the GNOME +If you wish to build the GNOME passphrase requester, you will need the GNOME libraries and headers. GNOME: http://www.gnome.org/ -If you are planning to use OpenSSH on a Unix which lacks a Kernel random -number generator (/dev/urandom), you will need to install the Entropy -Gathering Daemon (or similar). You will also need to specify the ---with-egd-pool option to ./configure. +Alternatively, Jim Knoble has written an excellent X11 +passphrase requester. This is maintained separately at: + +http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html + +The Entropy Gathering Daemon (EGD) is supported if you have a system which +lacks /dev/random and don't want to use OpenSSH's internal entropy collection. EGD: http://www.lothar.com/tech/crypto/ @@ -35,6 +41,19 @@ ftp://ftp.gnu.org/gnu/make/ OpenSSH has only been tested with GNU make. It may work with other 'make' programs, but you are on your own. +pcre (POSIX Regular Expression library): +ftp://ftp.cus.cam.ac.uk/pub/software/programs/pcre/ + +Most platforms do not required this. However older 4.3 BSD do not +have a posix regex library. + +S/Key Libraries: +http://www.sparc.spb.su/solaris/skey/ + +If you wish to use --with-skey then you will need the above library +installed. No other current S/Key library is currently known to be +supported. + 2. Building / Installation -------------------------- @@ -62,36 +81,58 @@ make install This will install the binaries in /opt/{bin,lib,sbin}, but will place the configuration files in /etc/ssh. -If you are using PAM, you will need to manually install a PAM control -file as "/etc/pam.d/sshd" (or wherever your system prefers to keep -them). A generic PAM configuration is included as "sshd.pam.generic", -you may need to edit it before using it on your system. +If you are using PAM, you may need to manually install a PAM +control file as "/etc/pam.d/sshd" (or wherever your system +prefers to keep them). A generic PAM configuration is included as +"contrib/sshd.pam.generic", you may need to edit it before using it on +your system. If you are using a recent version of Redhat Linux, the +config file in contrib/redhat/sshd.pam should be more useful. +Failure to install a valid PAM file may result in an inability to +use password authentication. On HP-UX 11, the standard /etc/pam.conf +configuration will work with sshd (sshd will match the OTHER service +name). There are a few other options to the configure script: +--with-rsh=PATH allows you to specify the path to your rsh program. +Normally ./configure will search the current $PATH for 'rsh'. You +may need to specify this option if rsh is not in your path or has a +different name. + +--without-pam will disable PAM support. PAM is automatically detected +and switched on if found. + --enable-gnome-askpass will build the GNOME passphrase dialog. You need a working installation of GNOME, including the development headers, for this to work. --with-random=/some/file allows you to specify an alternate source of -random numbers (the default is /dev/urandom). Unless you are absolutly +random numbers (the default is /dev/urandom). Unless you are absolutely sure of what you are doing, it is best to leave this alone. --with-egd-pool=/some/file allows you to enable Entropy Gathering -Daemon support and to specify a EGD pool socket. You will need to -use this if your Unix does not support the /dev/urandom device (or -similar). The file argument refers to the EGD pool file, not the -EGD program itself. Please refer to the EGD documentation. +Daemon support and to specify a EGD pool socket. Use this if your +Unix lacks /dev/random and you don't want to use OpenSSH's builtin +entropy collection support. + +--with-lastlog=FILE will specify the location of the lastlog file. +./configure searches a few locations for lastlog, but may not find +it if lastlog is installed in a different place. + +--without-lastlog will disable lastlog support entirely. ---with-kerberos4 will enable Kerberos IV support. You will need to -have the Kerberos libraries and header files installed for this to -work. +--with-kerberos4=PATH will enable Kerberos IV support. You will need +to have the Kerberos libraries and header files installed for this +to work. Use the optional PATH argument to specify the root of your +Kerberos installation. ---with-afs will enable AFS support. You will need to have the Kerberos -IV and the AFS libraries and header files installed for this to work. +--with-afs=PATH will enable AFS support. You will need to have the +Kerberos IV and the AFS libraries and header files installed for this +to work. Use the optional PATH argument to specify the root of your +AFS installation. AFS requires Kerberos support to be enabled. ---with-skey will enable S/Key one time password support. You will need -the S/Key libraries and header files installed for this to work. +--with-skey=PATH will enable S/Key one time password support. You will +need the S/Key libraries and header files installed for this to work. --with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow|deny) support. You will need libwrap.a and tcpd.h installed. @@ -99,6 +140,39 @@ support. You will need libwrap.a and tcpd.h installed. --with-md5-passwords will enable the use of MD5 passwords. Enable this if your operating system uses MD5 passwords without using PAM. +--with-utmpx enables utmpx support. utmpx support is automatic for +some platforms. + +--without-shadow disables shadow password support. + +--with-ipaddr-display forces the use of a numeric IP address in the +$DISPLAY environment variable. Some broken systems need this. + +--with-default-path=PATH allows you to specify a default $PATH for sessions +started by sshd. This replaces the standard path entirely. + +--with-pid-dir=PATH specifies the directory in which the ssh.pid file is +created. + +--with-xauth=PATH specifies the location of the xauth binary + +--with-ipv4-default instructs OpenSSH to use IPv4 by default for new +connections. Normally OpenSSH will try attempt to lookup both IPv6 and +IPv4 addresses. On Linux/glibc-2.1.2 this causes long delays in name +resolution. If this option is specified, you can still attempt to +connect to IPv6 addresses using the command line option '-6'. + +--with-ssl-dir=DIR allows you to specify where your OpenSSL libraries +are installed. + +--with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to +real (AF_INET) IPv4 addresses. Works around some quirks on Linux. + +If you need to pass special options to the compiler or linker, you +can specify these as environment variables before running ./configure. +For example: + +CFLAGS="-O -m486" LDFLAGS="-s" LIBS="-lrubbish" LD="/usr/foo/ld" ./configure 3. Configuration ---------------- @@ -109,10 +183,11 @@ whatever you specified as your --sysconfdir (/usr/local/etc by default). The default configuration should be instantly usable, though you should review it to ensure that it matches your security requirements. -To generate a host key, issue the following command: (replacing -/etc/ssh/ssh_host_key with an appropriate path) +To generate a host key, run "make host-key". Alternately you can do so +manually using the following commands: -/usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' + ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N "" + ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N "" Replacing /etc/ssh with the correct path to the configuration directory. (${prefix}/etc or whatever you specified with --sysconfdir during @@ -129,5 +204,5 @@ for sshd, ssh and ssh-agent. If you experience problems compiling, installing or running OpenSSH. Please refer to the "reporting bugs" section of the webpage at -http://violet.ibs.com.au/openssh/ +http://www.openssh.com/