diff options
author | Damien Miller <djm@mindrot.org> | 2019-04-05 11:29:31 -0700 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-04-05 11:29:31 -0700 |
commit | 5d3127d9274519b25ed10e320f45045ba8d7f3be (patch) | |
tree | 82f74c058325ee6401649f28adcb09d57a78b576 /README | |
parent | 9444d82678cb7781820da4d1c23b3c2b9fb1e12f (diff) |
Revert "rewrite README"
This reverts commit 9444d82678cb7781820da4d1c23b3c2b9fb1e12f.
Diffstat (limited to 'README')
-rw-r--r-- | README | 106 |
1 files changed, 47 insertions, 59 deletions
@@ -1,74 +1,62 @@ | |||
1 | # Portable OpenSSH | 1 | See https://www.openssh.com/releasenotes.html#8.0p1 for the release notes. |
2 | 2 | ||
3 | OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ``ssh`` and server ``sshd``, file transfer utilities ``scp`` and ``sftp`` as well as tools for key generation (``ssh-keygen``), run-time key storage (``ssh-agent``) and a number of supporting programs. | 3 | Please read https://www.openssh.com/report.html for bug reporting |
4 | instructions and note that we do not use Github for bug reporting or | ||
5 | patch/pull-request management. | ||
4 | 6 | ||
5 | This is a port of OpenBSD's [OpenSSH](https://openssh.com) to most Unix-like operating systems, including Linux, OS X and Cygwin. Portable OpenSSH polyfills OpenBSD APIs that are not available elsewhere, adds sshd sandboxing for more operating systems and includes support for OS-native authentication and auditing (e.g. using PAM). | 7 | This is the port of OpenBSD's excellent OpenSSH[0] to Linux and other |
8 | Unices. | ||
6 | 9 | ||
7 | ## Documentation | 10 | OpenSSH is based on the last free version of Tatu Ylonen's sample |
11 | implementation with all patent-encumbered algorithms removed (to | ||
12 | external libraries), all known security bugs fixed, new features | ||
13 | reintroduced and many other clean-ups. OpenSSH has been created by | ||
14 | Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, | ||
15 | and Dug Song. It has a homepage at https://www.openssh.com/ | ||
8 | 16 | ||
9 | The official documentation for OpenSSH are the man pages for each tool: | 17 | This port consists of the re-introduction of autoconf support, PAM |
18 | support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library | ||
19 | functions that are (regrettably) absent from other unices. This port | ||
20 | has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X, | ||
21 | FreeBSD, NetBSD, OpenBSD, OpenServer, Solaris and UnixWare. | ||
10 | 22 | ||
11 | * [ssh(1)](https://man.openbsd.org/ssh.1) | 23 | This version actively tracks changes in the OpenBSD CVS repository. |
12 | * [sshd(8)](https://man.openbsd.org/sshd.8) | ||
13 | * [ssh-keygen(1)](https://man.openbsd.org/ssh-keygen.1) | ||
14 | * [ssh-agent(1)](https://man.openbsd.org/ssh-agent.1) | ||
15 | * [scp(1)](https://man.openbsd.org/scp.1) | ||
16 | * [sftp(1)](https://man.openbsd.org/sftp.1) | ||
17 | * [ssh-keyscan(8)](https://man.openbsd.org/ssh-keyscan.8) | ||
18 | * [sftp-server(8)](https://man.openbsd.org/sftp-server.8) | ||
19 | 24 | ||
20 | ## Stable Releases | 25 | The PAM support is now more functional than the popular packages of |
26 | commercial ssh-1.2.x. It checks "account" and "session" modules for | ||
27 | all logins, not just when using password authentication. | ||
21 | 28 | ||
22 | Stable release tarballs are available from a number of [download mirrors](https://www.openssh.com/portable.html#downloads). We recommend the use of a stable release for most users. Please read the [release notes](https://www.openssh.com/releasenotes.html) for details of recent changes and potential incompatibilities. | 29 | OpenSSH depends on Zlib[3], OpenSSL[4], and optionally PAM[5] and |
30 | libedit[6] | ||
23 | 31 | ||
24 | ## Building Portable OpenSSH | 32 | There is now several mailing lists for this port of OpenSSH. Please |
33 | refer to https://www.openssh.com/list.html for details on how to join. | ||
25 | 34 | ||
26 | ### Dependencies | 35 | Please send bug reports and patches to the mailing list |
36 | openssh-unix-dev@mindrot.org. The list is open to posting by unsubscribed | ||
37 | users. Code contribution are welcomed, but please follow the OpenBSD | ||
38 | style guidelines[7]. | ||
27 | 39 | ||
28 | Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers, as well as [zlib](https://www.zlib.net/) and ``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) to build. Certain platforms and build-time options may require additional dependencies. | 40 | Please refer to the INSTALL document for information on how to install |
41 | OpenSSH on your system. | ||
29 | 42 | ||
30 | ### Building a release | 43 | Damien Miller <djm@mindrot.org> |
31 | 44 | ||
32 | Releases include a pre-built copy of the ``configure`` script and may be built using: | 45 | Miscellania - |
33 | 46 | ||
34 | ``` | 47 | This version of OpenSSH is based upon code retrieved from the OpenBSD |
35 | tar zxvf openssh-X.Y.tar.gz | 48 | CVS repository which in turn was based on the last free sample |
36 | cd openssh | 49 | implementation released by Tatu Ylonen. |
37 | ./configure # [options] | ||
38 | make && make tests | ||
39 | ``` | ||
40 | 50 | ||
41 | See the [Build-time Customisation](#build-time-customisation) section below for configure options. If you plan on installing OpenSSH to your system, then you will usually want to specify destination paths. | 51 | References - |
42 | |||
43 | ### Building from git | ||
44 | 52 | ||
45 | If building from git, you'll need [autoconf](https://www.gnu.org/software/autoconf/) installed to build the ``configure`` script. The following commands will check out and build portable OpenSSH from git: | 53 | [0] https://www.openssh.com/ |
46 | 54 | [1] http://www.lothar.com/tech/crypto/ | |
47 | ``` | 55 | [2] http://prngd.sourceforge.net/ |
48 | git clone https://github.com/openssh/openssh-portable # or https://anongit.mindrot.org/openssh.git | 56 | [3] https://www.zlib.net/ |
49 | cd openssh-portable | 57 | [4] https://www.openssl.org/ |
50 | autoreconf | 58 | [5] https://www.openpam.org |
51 | ./configure | 59 | https://www.kernel.org/pub/linux/libs/pam/ |
52 | make && make tests | 60 | (PAM also is standard on Solaris and HP-UX 11) |
53 | ``` | 61 | [6] https://thrysoee.dk/editline/ (portable version) |
54 | 62 | [7] https://man.openbsd.org/style.9 | |
55 | ### Build-time Customisation | ||
56 | |||
57 | There are many build-time customisation options available. All Autoconf destination path flags (e.g. ``--prefix``) are supported (and are usually required if you want to install OpenSSH). | ||
58 | |||
59 | For a full list of available flags, run ``configure --help`` but a few of the more frequently-used ones are described below. Some of these flags will require additional libraries and/or headers be installed. | ||
60 | |||
61 | Flag | Meaning | ||
62 | --- | --- | ||
63 | ``--with-pam`` | Enable [PAM](https://en.wikipedia.org/wiki/Pluggable_authentication_module) support. [OpenPAM](https://www.openpam.org/), [Linux PAM](http://www.linux-pam.org/) and Solaris PAM are supported. | ||
64 | ``--with-libedit`` | Enable [libedit](https://www.thrysoee.dk/editline/) support for sftp. | ||
65 | ``--with-kerberos5`` | Enable Kerberos/GSSAPI support. Both [Heimdal](https://www.h5l.org/) and [MIT](https://web.mit.edu/kerberos/) Kerberos implementations are supported. | ||
66 | ``--with-selinux`` | Enable [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) support. | ||
67 | |||
68 | ## Development | ||
69 | |||
70 | Portable OpenSSH development is discussed on the [openssh-unix-dev mailing list](https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev) ([archive mirror](https://marc.info/?l=openssh-unix-dev)). Bugs and feature requests are tracked on our [Bugzilla](https://bugzilla.mindrot.org/). | ||
71 | |||
72 | ## Reporting bugs | ||
73 | |||
74 | _Non-security_ bugs may be reported to the developers via [Bugzilla](https://bugzilla.mindrot.org/) or via the mailing list above. Security bugs should be reported to [openssh@openssh.com](mailto:openssh.openssh.com). | ||