summaryrefslogtreecommitdiff
path: root/INSTALL
diff options
context:
space:
mode:
Diffstat (limited to 'INSTALL')
-rw-r--r--INSTALL44
1 files changed, 30 insertions, 14 deletions
diff --git a/INSTALL b/INSTALL
index 814768791..23bcf384c 100644
--- a/INSTALL
+++ b/INSTALL
@@ -7,28 +7,35 @@ options. Some notes about specific compilers:
7 - clang: -ftrapv and -sanitize=integer require the compiler-rt runtime 7 - clang: -ftrapv and -sanitize=integer require the compiler-rt runtime
8 (CC=clang LDFLAGS=--rtlib=compiler-rt ./configure) 8 (CC=clang LDFLAGS=--rtlib=compiler-rt ./configure)
9 9
10You will need working installations of Zlib and libcrypto (LibreSSL / 10To support Privilege Separation (which is now required) you will need
11OpenSSL) 11to create the user, group and directory used by sshd for privilege
12separation. See README.privsep for details.
13
12 14
15The remaining items are optional.
16
17A working installation of zlib:
13Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems): 18Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems):
14http://www.gzip.org/zlib/ 19http://www.gzip.org/zlib/
15 20
16libcrypto from either of: 21libcrypto from either of LibreSSL or OpenSSL. Building without libcrypto
22is supported but severely restricts the avilable ciphers and algorithms.
17 - LibreSSL (https://www.libressl.org/) 23 - LibreSSL (https://www.libressl.org/)
18 - OpenSSL (https://www.openssl.org) with any of the following versions: 24 - OpenSSL (https://www.openssl.org) with any of the following versions:
19 - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1 25 - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1
20 26
21LibreSSL/OpenSSL should be compiled as a position-independent library 27Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to
22(i.e. with -fPIC) otherwise OpenSSH will not be able to link with it. 281.1.0g can't be used.
23If you must use a non-position-independent libcrypto, then you may need
24to configure OpenSSH --without-pie. Note that due to a bug in EVP_CipherInit
25OpenSSL 1.1 versions prior to 1.1.0g can't be used.
26 29
27To support Privilege Separation (which is now required) you will need 30LibreSSL/OpenSSL should be compiled as a position-independent library
28to create the user, group and directory used by sshd for privilege 31(i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC"
29separation. See README.privsep for details. 32or LibreSSL as "CFLAGS=-fPIC ./configure") otherwise OpenSSH will not
33be able to link with it. If you must use a non-position-independent
34libcrypto, then you may need to configure OpenSSH --without-pie.
30 35
31The remaining items are optional. 36If you build either from source, running the OpenSSL self-test ("make
37tests") or the LibreSSL equivalent ("make check") and ensuring that all
38tests pass is strongly recommended.
32 39
33NB. If you operating system supports /dev/random, you should configure 40NB. If you operating system supports /dev/random, you should configure
34libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's 41libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's
@@ -53,7 +60,7 @@ PAM:
53 60
54OpenSSH can utilise Pluggable Authentication Modules (PAM) if your 61OpenSSH can utilise Pluggable Authentication Modules (PAM) if your
55system supports it. PAM is standard most Linux distributions, Solaris, 62system supports it. PAM is standard most Linux distributions, Solaris,
56HP-UX 11, AIX >= 5.2, FreeBSD and NetBSD. 63HP-UX 11, AIX >= 5.2, FreeBSD, NetBSD and Mac OS X.
57 64
58Information about the various PAM implementations are available: 65Information about the various PAM implementations are available:
59 66
@@ -110,6 +117,15 @@ If you are making significant changes to the code you may need to rebuild
110the dependency (.depend) file using "make depend", which requires the 117the dependency (.depend) file using "make depend", which requires the
111"makedepend" tool from the X11 distribution. 118"makedepend" tool from the X11 distribution.
112 119
120libfido2:
121
122libfido2 allows the use of hardware security keys over USB. libfido2
123in turn depends on libcbor.
124
125https://github.com/Yubico/libfido2
126https://github.com/pjk/libcbor
127
128
1132. Building / Installation 1292. Building / Installation
114-------------------------- 130--------------------------
115 131
@@ -236,7 +252,7 @@ to generate keys for all supported types.
236 252
237Replacing /etc/ssh with the correct path to the configuration directory. 253Replacing /etc/ssh with the correct path to the configuration directory.
238(${prefix}/etc or whatever you specified with --sysconfdir during 254(${prefix}/etc or whatever you specified with --sysconfdir during
239configuration) 255configuration).
240 256
241If you have configured OpenSSH with EGD support, ensure that EGD is 257If you have configured OpenSSH with EGD support, ensure that EGD is
242running and has collected some Entropy. 258running and has collected some Entropy.