openssh Build Instructions
Where possible, I'm currently using:
mkencap -bv package.ep sudo mkencap -bvI package.ep
See here for recent .ep files. The following information is just slightly more than historical.
Prereqs
Linux: must have /etc/pam.d/sshd installed:
#%PAM-1.0 auth required /lib/security/pam_unix.so shadow nodelay auth required /lib/security/pam_nologin.so account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_unix.so shadow nullok use_authtok session required /lib/security/pam_unix.so session required /lib/security/pam_limits.so
Build steps
Actually, most things are currently using v3.7.1p2, and their build information is in /usr/local/encap/openssh-3.7.1p2/openssh-3.7.1p2.ep.
Linux
./configure --prefix=/usr/local/encap/openssh-3.6.1p2 --with-privsep-path=/usr/local/var/empty --with-pam --with-privsep-user=nobody
Followed the same general tricks as the file servers, except I also linked to the standard config files. Look in the README file in the old encap.
Solaris
./configure --prefix=/usr/local/encap/openssh-3.5p1 --with-pam --with-privsep-path=/Common/shared/ssh/privsep --with-prngd-socket=/dev/entropy --with-mantype=man
File servers (more stand-alone)
./configure --prefix=/usr/local/encap/openssh-3.5p1s --with-privsep-path=/usr/local/var/empty --with-privsep-user=nobody --with-pam --with-prngd-socket=/dev/entropy --with-mantype=man
IRIX
./configure --prefix=/usr/local/encap/openssh-3.5p1 --with-prngd-socket=/dev/entropy
AIX
./configure --prefix=/usr/local/encap/openssh-3.5p1 --with-privsep-path=/Common/shared/ssh/privsep --with-prngd-socket=/dev/entropy
For post-install (as root)
cd /usr/local/encap/openssh-3.5p1s chmod a+s bin/ssh mkdir var var/empty cd etc; rm *key* for i in _dsa_key _rsa_key _key do ln -s /etc/ssh_host$i . ln -s /etc/ssh_host$i.pub . done [make a preinstall script to make /etc/ssh*] cd ../..; gtar -czf /tmp/openssh_server.tgz openssh-3.5p1s
Then copy this to the file servers. You probably want to remove it from the regular trees if possible.
More Post-Install Steps
VERSION=3.5p1 cd /usr/local/encap/openssh-VERSION/etc for i in ssh_conjig sshd_config do mv $i $i.bak ln -s /Common/shared/ssh/$i . done ln -s /Common/shared/ssh/ssh_known_hosts* .
Notes
- The
/Common/shared/ssh
bit wasn't all that good. I like the/usr/local/var/empty
method much more, it keeps things more self-contained.