diff options
Diffstat (limited to 'INSTALL')
-rw-r--r-- | INSTALL | 83 |
1 files changed, 33 insertions, 50 deletions
@@ -3,22 +3,22 @@ | |||
3 | 3 | ||
4 | You will need working installations of Zlib and OpenSSL. | 4 | You will need working installations of Zlib and OpenSSL. |
5 | 5 | ||
6 | Zlib: | 6 | Zlib 1.1.4 or greater: |
7 | http://www.gzip.org/zlib/ | 7 | http://www.gzip.org/zlib/ |
8 | 8 | ||
9 | OpenSSL 0.9.6 or greater: | 9 | OpenSSL 0.9.6 or greater: |
10 | http://www.openssl.org/ | 10 | http://www.openssl.org/ |
11 | 11 | ||
12 | (OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1 | 12 | (OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1 |
13 | Blowfish) do not work correctly.) | 13 | Blowfish) do not work correctly.) |
14 | 14 | ||
15 | OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system | 15 | OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system |
16 | supports it. PAM is standard on Redhat and Debian Linux, Solaris and | 16 | supports it. PAM is standard on Redhat and Debian Linux, Solaris and |
17 | HP-UX 11. | 17 | HP-UX 11. |
18 | 18 | ||
19 | NB. If you operating system supports /dev/random, you should configure | 19 | NB. If you operating system supports /dev/random, you should configure |
20 | OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of | 20 | OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of |
21 | /dev/random. If you don't you will have to rely on ssh-rand-helper, which | 21 | /dev/random. If you don't you will have to rely on ssh-rand-helper, which |
22 | is inferior to a good kernel-based solution. | 22 | is inferior to a good kernel-based solution. |
23 | 23 | ||
24 | PAM: | 24 | PAM: |
@@ -33,11 +33,11 @@ http://www.gnome.org/ | |||
33 | Alternatively, Jim Knoble <jmknoble@jmknoble.cx> has written an excellent X11 | 33 | Alternatively, Jim Knoble <jmknoble@jmknoble.cx> has written an excellent X11 |
34 | passphrase requester. This is maintained separately at: | 34 | passphrase requester. This is maintained separately at: |
35 | 35 | ||
36 | http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html | 36 | http://www.jmknoble.net/software/x11-ssh-askpass/ |
37 | 37 | ||
38 | PRNGD: | 38 | PRNGD: |
39 | 39 | ||
40 | If your system lacks Kernel based random collection, the use of Lutz | 40 | If your system lacks Kernel based random collection, the use of Lutz |
41 | Jaenicke's PRNGd is recommended. | 41 | Jaenicke's PRNGd is recommended. |
42 | 42 | ||
43 | http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html | 43 | http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html |
@@ -54,7 +54,7 @@ http://www.sparc.spb.su/solaris/skey/ | |||
54 | 54 | ||
55 | If you wish to use --with-skey then you will need the above library | 55 | If you wish to use --with-skey then you will need the above library |
56 | installed. No other current S/Key library is currently known to be | 56 | installed. No other current S/Key library is currently known to be |
57 | supported. | 57 | supported. |
58 | 58 | ||
59 | 2. Building / Installation | 59 | 2. Building / Installation |
60 | -------------------------- | 60 | -------------------------- |
@@ -73,7 +73,7 @@ installation prefix, use the --prefix option to configure: | |||
73 | make | 73 | make |
74 | make install | 74 | make install |
75 | 75 | ||
76 | Will install OpenSSH in /opt/{bin,etc,lib,sbin}. You can also override | 76 | Will install OpenSSH in /opt/{bin,etc,lib,sbin}. You can also override |
77 | specific paths, for example: | 77 | specific paths, for example: |
78 | 78 | ||
79 | ./configure --prefix=/opt --sysconfdir=/etc/ssh | 79 | ./configure --prefix=/opt --sysconfdir=/etc/ssh |
@@ -101,56 +101,45 @@ name). | |||
101 | 101 | ||
102 | There are a few other options to the configure script: | 102 | There are a few other options to the configure script: |
103 | 103 | ||
104 | --with-pam enables PAM support. | 104 | --with-pam enables PAM support. If PAM support is compiled in, it must |
105 | also be enabled in sshd_config (refer to the UsePAM directive). | ||
105 | 106 | ||
106 | --enable-gnome-askpass will build the GNOME passphrase dialog. You | 107 | --with-prngd-socket=/some/file allows you to enable EGD or PRNGD |
107 | need a working installation of GNOME, including the development | 108 | support and to specify a PRNGd socket. Use this if your Unix lacks |
108 | headers, for this to work. | 109 | /dev/random and you don't want to use OpenSSH's builtin entropy |
109 | |||
110 | --with-prngd-socket=/some/file allows you to enable EGD or PRNGD | ||
111 | support and to specify a PRNGd socket. Use this if your Unix lacks | ||
112 | /dev/random and you don't want to use OpenSSH's builtin entropy | ||
113 | collection support. | 110 | collection support. |
114 | 111 | ||
115 | --with-prngd-port=portnum allows you to enable EGD or PRNGD support | 112 | --with-prngd-port=portnum allows you to enable EGD or PRNGD support |
116 | and to specify a EGD localhost TCP port. Use this if your Unix lacks | 113 | and to specify a EGD localhost TCP port. Use this if your Unix lacks |
117 | /dev/random and you don't want to use OpenSSH's builtin entropy | 114 | /dev/random and you don't want to use OpenSSH's builtin entropy |
118 | collection support. | 115 | collection support. |
119 | 116 | ||
120 | --with-lastlog=FILE will specify the location of the lastlog file. | 117 | --with-lastlog=FILE will specify the location of the lastlog file. |
121 | ./configure searches a few locations for lastlog, but may not find | 118 | ./configure searches a few locations for lastlog, but may not find |
122 | it if lastlog is installed in a different place. | 119 | it if lastlog is installed in a different place. |
123 | 120 | ||
124 | --without-lastlog will disable lastlog support entirely. | 121 | --without-lastlog will disable lastlog support entirely. |
125 | 122 | ||
126 | --with-osfsia, --without-osfsia will enable or disable OSF1's Security | 123 | --with-osfsia, --without-osfsia will enable or disable OSF1's Security |
127 | Integration Architecture. The default for OSF1 machines is enable. | 124 | Integration Architecture. The default for OSF1 machines is enable. |
128 | 125 | ||
129 | --with-kerberos4=PATH will enable Kerberos IV support. You will need | 126 | --with-skey=PATH will enable S/Key one time password support. You will |
130 | to have the Kerberos libraries and header files installed for this | ||
131 | to work. Use the optional PATH argument to specify the root of your | ||
132 | Kerberos installation. | ||
133 | |||
134 | --with-afs=PATH will enable AFS support. You will need to have the | ||
135 | Kerberos IV and the AFS libraries and header files installed for this | ||
136 | to work. Use the optional PATH argument to specify the root of your | ||
137 | AFS installation. AFS requires Kerberos support to be enabled. | ||
138 | |||
139 | --with-skey=PATH will enable S/Key one time password support. You will | ||
140 | need the S/Key libraries and header files installed for this to work. | 127 | need the S/Key libraries and header files installed for this to work. |
141 | 128 | ||
142 | --with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow|deny) | 129 | --with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow|deny) |
143 | support. You will need libwrap.a and tcpd.h installed. | 130 | support. You will need libwrap.a and tcpd.h installed. |
144 | 131 | ||
145 | --with-md5-passwords will enable the use of MD5 passwords. Enable this | 132 | --with-md5-passwords will enable the use of MD5 passwords. Enable this |
146 | if your operating system uses MD5 passwords without using PAM. | 133 | if your operating system uses MD5 passwords and the system crypt() does |
134 | not support them directly (see the crypt(3/3c) man page). If enabled, the | ||
135 | resulting binary will support both MD5 and traditional crypt passwords. | ||
147 | 136 | ||
148 | --with-utmpx enables utmpx support. utmpx support is automatic for | 137 | --with-utmpx enables utmpx support. utmpx support is automatic for |
149 | some platforms. | 138 | some platforms. |
150 | 139 | ||
151 | --without-shadow disables shadow password support. | 140 | --without-shadow disables shadow password support. |
152 | 141 | ||
153 | --with-ipaddr-display forces the use of a numeric IP address in the | 142 | --with-ipaddr-display forces the use of a numeric IP address in the |
154 | $DISPLAY environment variable. Some broken systems need this. | 143 | $DISPLAY environment variable. Some broken systems need this. |
155 | 144 | ||
156 | --with-default-path=PATH allows you to specify a default $PATH for sessions | 145 | --with-default-path=PATH allows you to specify a default $PATH for sessions |
@@ -161,12 +150,6 @@ created. | |||
161 | 150 | ||
162 | --with-xauth=PATH specifies the location of the xauth binary | 151 | --with-xauth=PATH specifies the location of the xauth binary |
163 | 152 | ||
164 | --with-ipv4-default instructs OpenSSH to use IPv4 by default for new | ||
165 | connections. Normally OpenSSH will try attempt to lookup both IPv6 and | ||
166 | IPv4 addresses. On Linux/glibc-2.1.2 this causes long delays in name | ||
167 | resolution. If this option is specified, you can still attempt to | ||
168 | connect to IPv6 addresses using the command line option '-6'. | ||
169 | |||
170 | --with-ssl-dir=DIR allows you to specify where your OpenSSL libraries | 153 | --with-ssl-dir=DIR allows you to specify where your OpenSSL libraries |
171 | are installed. | 154 | are installed. |
172 | 155 | ||
@@ -186,35 +169,35 @@ CFLAGS="-O -m486" LDFLAGS="-s" LIBS="-lrubbish" LD="/usr/foo/ld" ./configure | |||
186 | 3. Configuration | 169 | 3. Configuration |
187 | ---------------- | 170 | ---------------- |
188 | 171 | ||
189 | The runtime configuration files are installed by in ${prefix}/etc or | 172 | The runtime configuration files are installed by in ${prefix}/etc or |
190 | whatever you specified as your --sysconfdir (/usr/local/etc by default). | 173 | whatever you specified as your --sysconfdir (/usr/local/etc by default). |
191 | 174 | ||
192 | The default configuration should be instantly usable, though you should | 175 | The default configuration should be instantly usable, though you should |
193 | review it to ensure that it matches your security requirements. | 176 | review it to ensure that it matches your security requirements. |
194 | 177 | ||
195 | To generate a host key, run "make host-key". Alternately you can do so | 178 | To generate a host key, run "make host-key". Alternately you can do so |
196 | manually using the following commands: | 179 | manually using the following commands: |
197 | 180 | ||
198 | ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N "" | 181 | ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N "" |
199 | ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N "" | 182 | ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N "" |
200 | ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N "" | 183 | ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N "" |
201 | 184 | ||
202 | Replacing /etc/ssh with the correct path to the configuration directory. | 185 | Replacing /etc/ssh with the correct path to the configuration directory. |
203 | (${prefix}/etc or whatever you specified with --sysconfdir during | 186 | (${prefix}/etc or whatever you specified with --sysconfdir during |
204 | configuration) | 187 | configuration) |
205 | 188 | ||
206 | If you have configured OpenSSH with EGD support, ensure that EGD is | 189 | If you have configured OpenSSH with EGD support, ensure that EGD is |
207 | running and has collected some Entropy. | 190 | running and has collected some Entropy. |
208 | 191 | ||
209 | For more information on configuration, please refer to the manual pages | 192 | For more information on configuration, please refer to the manual pages |
210 | for sshd, ssh and ssh-agent. | 193 | for sshd, ssh and ssh-agent. |
211 | 194 | ||
212 | 4. Problems? | 195 | 4. Problems? |
213 | ------------ | 196 | ------------ |
214 | 197 | ||
215 | If you experience problems compiling, installing or running OpenSSH. | 198 | If you experience problems compiling, installing or running OpenSSH. |
216 | Please refer to the "reporting bugs" section of the webpage at | 199 | Please refer to the "reporting bugs" section of the webpage at |
217 | http://www.openssh.com/ | 200 | http://www.openssh.com/ |
218 | 201 | ||
219 | 202 | ||
220 | $Id: INSTALL,v 1.56 2003/05/24 01:41:16 dtucker Exp $ | 203 | $Id: INSTALL,v 1.63 2003/11/21 12:48:55 djm Exp $ |