summaryrefslogtreecommitdiff
path: root/INSTALL
diff options
context:
space:
mode:
Diffstat (limited to 'INSTALL')
-rw-r--r--INSTALL22
1 files changed, 12 insertions, 10 deletions
diff --git a/INSTALL b/INSTALL
index f1f8f00f3..814768791 100644
--- a/INSTALL
+++ b/INSTALL
@@ -14,8 +14,9 @@ Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems):
14http://www.gzip.org/zlib/ 14http://www.gzip.org/zlib/
15 15
16libcrypto from either of: 16libcrypto from either of:
17 - LibreSSL (http://www.libressl.org/) 17 - LibreSSL (https://www.libressl.org/)
18 - OpenSSL 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g (http://www.openssl.org/) 18 - OpenSSL (https://www.openssl.org) with any of the following versions:
19 - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1
19 20
20LibreSSL/OpenSSL should be compiled as a position-independent library 21LibreSSL/OpenSSL should be compiled as a position-independent library
21(i.e. with -fPIC) otherwise OpenSSH will not be able to link with it. 22(i.e. with -fPIC) otherwise OpenSSH will not be able to link with it.
@@ -23,23 +24,28 @@ If you must use a non-position-independent libcrypto, then you may need
23to configure OpenSSH --without-pie. Note that due to a bug in EVP_CipherInit 24to configure OpenSSH --without-pie. Note that due to a bug in EVP_CipherInit
24OpenSSL 1.1 versions prior to 1.1.0g can't be used. 25OpenSSL 1.1 versions prior to 1.1.0g can't be used.
25 26
27To support Privilege Separation (which is now required) you will need
28to create the user, group and directory used by sshd for privilege
29separation. See README.privsep for details.
30
26The remaining items are optional. 31The remaining items are optional.
27 32
28NB. If you operating system supports /dev/random, you should configure 33NB. If you operating system supports /dev/random, you should configure
29libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's 34libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's
30direct support of /dev/random, or failing that, either prngd or egd 35direct support of /dev/random, or failing that, either prngd or egd.
31 36
32PRNGD: 37PRNGD:
33 38
34If your system lacks kernel-based random collection, the use of Lutz 39If your system lacks kernel-based random collection, the use of Lutz
35Jaenicke's PRNGd is recommended. 40Jaenicke's PRNGd is recommended. It requires that libcrypto be configured
41to support it.
36 42
37http://prngd.sourceforge.net/ 43http://prngd.sourceforge.net/
38 44
39EGD: 45EGD:
40 46
41If the kernel lacks /dev/random the Entropy Gathering Daemon (EGD) is 47The Entropy Gathering Daemon (EGD) suppports the same interface as prngd.
42supported only if libcrypto supports it. 48It also supported only if libcrypto is configured to support it.
43 49
44http://egd.sourceforge.net/ 50http://egd.sourceforge.net/
45 51
@@ -131,10 +137,6 @@ make install
131This will install the binaries in /opt/{bin,lib,sbin}, but will place the 137This will install the binaries in /opt/{bin,lib,sbin}, but will place the
132configuration files in /etc/ssh. 138configuration files in /etc/ssh.
133 139
134If you are using Privilege Separation (which is enabled by default)
135then you will also need to create the user, group and directory used by
136sshd for privilege separation. See README.privsep for details.
137
138If you are using PAM, you may need to manually install a PAM control 140If you are using PAM, you may need to manually install a PAM control
139file as "/etc/pam.d/sshd" (or wherever your system prefers to keep 141file as "/etc/pam.d/sshd" (or wherever your system prefers to keep
140them). Note that the service name used to start PAM is __progname, 142them). Note that the service name used to start PAM is __progname,
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-21 00:51:47 +0000