Sorry for not mentioning a good summary. I just wanted to thank first to
all the people who gave their good
suggestions.Since Iam fully occupied with different subjects(OpenSSH not
yet tried) now,my idea was to give the
summary next week in detail.Again thanks to all the replies:
Most of them suggested me to use portable version of OpenSSH.I have to
install OpenSSL and zlib first.
Many thanks,
Kumar
----------------------------------------------------------------------------
-----------------------------------------------------------------
Paul Reilly wrote the following:
HOWTO
about
-------
http://www.openssh.com/portable.html
"openssh" is the SSH server optimised to run on OpenBSD os.
"openssh portable" is the same code, but configured so it will compile
cleanly on many different types of unix.
OpenSSH supports both SSH-1 and SSH-2 in a single daemon.
It also provides a sftp-server and sftp client
version
---------
version 2.3.0p1 installed (13 Feb 2001)
faqs / man
------------
General SSH FAQ:
http://www.ayahuasca.net/ssh/ssh-faq.html
OpenSSH FAQ :
http://www.openssh.com/faq.html
sshd man page :
http://www.openbsd.org/cgi-bin/man.cgi?query=sshd
install prerequisites
----------------------
* EGD - Entropy Gathering Daemon
http://www.lothar.com/tech/crypto
( creates entropy socket at /etc/entropy )
* openssl
http://openssl.org/
( installed in to /usr/local/openssl/ )
* zlib
http://sunsite.org.uk/packages/infozip/zlib/
( /local/lib/libz.a /local/include/zlib.h /local/include/zconf.h )
* tcp-wrappers
ftp://ftp.porcupine.org/pub/security/index.html
( /local/lib/libwrap.a /local/include/tcpd.h )
build
-------------
Set the CFLAGS etc so configure can find all the prerequisite files...
setenv CC "cc" (use cc, gcc doesn't work!)
setenv CFLAGS "-I/local/include"
setenv LDFLAGS "-L/local/lib"
./configure --prefix=/usr/local --sysconfdir=/usr/local/etc/ssh
--with-ssl-dir=/local/openssl/ --with-pid-dir=/var/run
--with-tcp-wrappers --disable-lastlog
--with-egd-pool=/etc/entropy
- this puts config files in /local/etc/ssh/
- compiles with tcp wrappers support
- doesn't look for a "lastlog" system file
Configure then reports the following:
----------------------------------------------------------------------------
----------------
OpenSSH configured has been configured with the following options.
User binaries: /usr/local/bin
User binaries: /usr/local/bin
System binaries: /usr/local/sbin
Configuration files: /usr/local/etc/ssh
Askpass program: /usr/local/libexec/ssh-askpass
Manual pages: /usr/local/man/manX
PID file: /var/run
Random number collection: EGD (/etc/entropy)
Manpage format: man
PAM support: no
KerberosIV support: no
AFS support: no
S/KEY support: no
TCP Wrappers support: yes
MD5 password support: no
IP address in $DISPLAY hack: no
Use IPv4 by default hack: no
Translate v4 in v6 hack: no
Host: alphaev6-dec-osf4.0f
Compiler: cc
Compiler flags: -I/usr/local/include -I. -I. -I.
-I/local/openssl/include
Linker flags: -L/local/lib -L. -L/local/openssl/lib -L/local/openssl
Libraries: -lz -lsecurity -ldb -lm -laud -lutil -lcrypto -lwrap
----------------------------------------------------------------------------
---------
make
make install
make install generates the host key:
---------------------------------------------------------------------------
Generating RSA keys: Key generation complete.
Your identification has been saved in /local/etc/ssh/ssh_host_key.
Your public key has been saved in /local/etc/ssh/ssh_host_key.pub.
The key fingerprint is:
ac:fd:d0:61:9b:49:74:37:87:31:67:c9:07:55:01:c1 root_at_web2.tcd.ie
Generating DSA parameter and key.
Your identification has been saved in /local/etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /local/etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
0a:92:37:9b:83:46:ef:61:c7:e5:8c:e3:2f:68:32:5e root_at_web2.tcd.ie
web2#
---------------------------------------------------------------------------
configuration
--------------
Configure the daemon via /local/etc/ssh/sshd_config
See man page for ref:
http://www.openbsd.org/cgi-bin/man.cgi?query=sshd
Files installed
-----------------
/usr/local/bin/ssh
/usr/local/bin/scp
/usr/local/bin/slogin
/usr/local/bin/ssh-add
/usr/local/bin/ssh-agent
/usr/local/bin/ssh-keygen
/usr/local/sbin/sshd
/usr/local/libexec/sftp-server
/usr/local/etc/ssh/ssh_host_key
/usr/local/etc/ssh/ssh_config
/usr/local/etc/ssh/sshd_config
/usr/local/etc/ssh/ssh_prng_cmds
/usr/local/etc/ssh/ssh_host_key.pub
/usr/local/etc/ssh/ssh_host_dsa_key
/usr/local/etc/ssh/ssh_host_dsa_key.pub
/usr/local/man/man1/ssh.1
/usr/local/man/man1/ssh-add.1
/usr/local/man/man1/ssh-agent.1
/usr/local/man/man1/ssh-keygen.1
/usr/local/man/man8/sshd.8
/usr/local/man/man8/sftp-server.8
----------------------------------------------------------------------------
-----
Sysadmin gave the following tip:
Not 2.5.2, but I've done 2.3.0p1 recently, and am planning to do 2.5.*p*
soon. And I have done 2.5.1p2 on Solaris and Linux, so I know that the
procedure is essentially the same (except they supposedly fixed SIA support
in the newer versions).
1) Make sure you have tcp_wrappers 7.6, zlib 1.1.3, prngd 0.9.3, openssl
0.9.6
built and installed.
2) ./configure --prefix=/usr/local/openssh-2.5.2p1 --sysconfdir=/etc/openssh
\
--with-cppflags="-I/usr/local/include" --with-ldflags="-L/usr/local/lib"
\
--with-egd-pool=/var/run/egd-pool --with-tcp-wrappers \
--with-ssl-dir=/usr/local/openssl
(Adjust path names to suit your needs; these aren't the ones I actually
used.)
3) make
4) (as root) make install
If you're upgrading from a previous ssh, you may have to convert host keys.
I have notes about that, but it's also well covered in the man pages.
Make sure you start from the "portable" OpenSSH version, not from the
original OpenBSD one. The portable version has a "p" towards the end of
the version number.
----------------------------------------------------------------------------
------
Few others mentioned the following :
You need to get the `portable' version for Tru64.
Follow the links from:
http://www.openssh.com/portable.html
----------------------------------------------------------------------------
---------
Received on Fri Mar 23 2001 - 06:46:46 NZST