The OpenSSH package contains ssh clients and the sshd daemon. This is useful for encrypting authentication and subsequent traffic over a network.
Download (HTTP): http://sunsite.ualberta.ca/pub/OpenBSD/OpenSSH/portable/openssh-4.6p1.tar.gz
Download (FTP): ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-4.6p1.tar.gz
Download MD5 sum: 6a7fa99f44d9e1b5b04d15256e1405bb
Download size: 967 KB
Estimated disk space required: 18 MB
Estimated build time: 0.5 SBU (additional 0.3 SBU to run the test suite)
Linux-PAM-0.99.7.1, TCP Wrapper-7.6, X Window System, MIT Kerberos V5-1.6 or Heimdal-0.7.2, JDK-1.5.0_11, Net-tools-1.60, Sysstat-7.0.4, OpenSC, and libsectok
User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/OpenSSH
OpenSSH runs as two processes when
connecting to other computers. The first process is a privileged
process and controls the issuance of privileges as necessary. The
second process communicates with the network. Additional
installation steps are necessary to set up the proper environment,
which are performed by issuing the following commands as the
root user:
install -v -m700 -d /var/lib/sshd &&
chown -v root:sys /var/lib/sshd &&
groupadd -g 50 sshd &&
useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd \
-s /bin/false -u 50 sshd
OpenSSH is very sensitive to changes in the linked OpenSSL libraries. If you recompile OpenSSL, OpenSSH may fail to startup. An alternative is to link against the static OpenSSL library. To link against the static library, execute the following command:
sed -i "s:-lcrypto:/usr/lib/libcrypto.a -ldl:g" configure
Install OpenSSH by running the following commands:
sed -i "s/lkrb5 -ldes/lkrb5/" configure &&
./configure --prefix=/usr --sysconfdir=/etc/ssh \
--libexecdir=/usr/lib/openssh --with-md5-passwords \
--with-privsep-path=/var/lib/sshd &&
make
If you linked tcp_wrappers into
the build using the --with-tcp-wrappers
parameter, ensure you add 127.0.0.1 to the sshd line in
/etc/hosts.allow if you have a
restrictive /etc/hosts.deny file, or
the test suite will fail. To run the test suite, issue:
make -k tests.
Now, as the root user:
make install &&
install -v -m755 -d /usr/share/doc/openssh-4.6p1 &&
install -v -m644 INSTALL LICENCE OVERVIEW README* WARNING.RNG \
/usr/share/doc/openssh-4.6p1
sed -i "s/lkrb5 -ldes/lkrb5/"
configure: This command fixes a build crash if you
used the --with-kerberos5 parameter and
you built the Heimdal package in
accordance with the BLFS instructions. The command is harmless in
all other instances.
--sysconfdir=/etc/ssh: This
prevents the configuration files from being installed in
/usr/etc.
--with-md5-passwords: This
is required if you made the changes recommended by the
shadowpasswd_plus LFS hint on your SSH server when you installed
the Shadow Password Suite or if you access a SSH server that
authenticates by user passwords encrypted with md5.
--libexecdir=/usr/lib/openssh: This
parameter changes the installation path of some programs to
/usr/lib/openssh instead of
/usr/libexec.
~/.ssh/*, /etc/ssh/ssh_config, and /etc/ssh/sshd_config
There are no required changes to any of these files. However, you
may wish to view the /etc/ssh/
files and make any changes appropriate for the security of your
system. One recommended change is that you disable root login via ssh. Execute the following
command as the root user to
disable root login via
ssh:
echo "PermitRootLogin no" >> /etc/ssh/sshd_config
Additional configuration information can be found in the man pages for sshd, ssh and ssh-agent.
To start the SSH server at system boot, install the /etc/rc.d/init.d/sshd init script included in
the blfs-bootscripts-20060910 package.
make install-sshd
Last updated on 2007-04-18 22:10:11 +0200