From 62995c1f1e802f378edbb747c84c12f51c75dd61 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 6 Apr 2007 12:21:47 +1000 Subject: - (dtucker) [INSTALL] Update the systems that have PAM as standard. Link to OpenPAM too. --- INSTALL | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'INSTALL') diff --git a/INSTALL b/INSTALL index af02c0b49..056966280 100644 --- a/INSTALL +++ b/INSTALL @@ -14,18 +14,21 @@ Blowfish) do not work correctly.) The remaining items are optional. -OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system -supports it. PAM is standard on Redhat and Debian Linux, Solaris and -HP-UX 11. +OpenSSH can utilise Pluggable Authentication Modules (PAM) if your +system supports it. PAM is standard most Linux distributions, Solaris, +HP-UX 11 and AIX >= 5.2. NB. If you operating system supports /dev/random, you should configure OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of /dev/random. If you don't you will have to rely on ssh-rand-helper, which is inferior to a good kernel-based solution. -PAM: +Linux PAM: http://www.kernel.org/pub/linux/libs/pam/ +OpenPAM: +http://www.openpam.org/ + If you wish to build the GNOME passphrase requester, you will need the GNOME libraries and headers. @@ -251,4 +254,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.77 2007/03/02 06:53:41 dtucker Exp $ +$Id: INSTALL,v 1.78 2007/04/06 02:21:48 dtucker Exp $ -- cgit v1.2.3 From 2a3868589b2c7a7893f08d254f1c8fd0b23098a5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 6 Apr 2007 12:25:08 +1000 Subject: - (dtucker) [INSTALL] prngd lives at sourceforge these days. --- ChangeLog | 3 ++- INSTALL | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'INSTALL') diff --git a/ChangeLog b/ChangeLog index 369391446..fbecc3dd1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 20070406 - (dtucker) [INSTALL] Update the systems that have PAM as standard. Link to OpenPAM too. + - (dtucker) [INSTALL] prngd lives at sourceforge these days. 20070326 - (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c @@ -2877,4 +2878,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4650 2007/04/06 02:21:47 dtucker Exp $ +$Id: ChangeLog,v 1.4651 2007/04/06 02:25:08 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 056966280..57379fe96 100644 --- a/INSTALL +++ b/INSTALL @@ -42,10 +42,10 @@ http://www.jmknoble.net/software/x11-ssh-askpass/ PRNGD: -If your system lacks Kernel based random collection, the use of Lutz +If your system lacks kernel-based random collection, the use of Lutz Jaenicke's PRNGd is recommended. -http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html +http://prngd.sourceforge.net/ EGD: @@ -254,4 +254,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.78 2007/04/06 02:21:48 dtucker Exp $ +$Id: INSTALL,v 1.79 2007/04/06 02:25:09 dtucker Exp $ -- cgit v1.2.3 From 637cc404c655ba935a28b03c813a949d45fa2d35 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 17 Aug 2007 21:40:22 +1000 Subject: typo --- INSTALL | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'INSTALL') diff --git a/INSTALL b/INSTALL index 57379fe96..2b8243240 100644 --- a/INSTALL +++ b/INSTALL @@ -75,7 +75,7 @@ Autoconf: If you modify configure.ac or configure doesn't exist (eg if you checked the code out of CVS yourself) then you will need autoconf-2.61 to rebuild the automatically generated files by running "autoreconf". Earlier -version may also work but this is not guaranteed. +versions may also work but this is not guaranteed. http://www.gnu.org/software/autoconf/ @@ -254,4 +254,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.79 2007/04/06 02:25:09 dtucker Exp $ +$Id: INSTALL,v 1.80 2007/08/17 11:40:22 dtucker Exp $ -- cgit v1.2.3 From 1a32953e487ceb311e38b603f270d7ddbd241a04 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 17 Aug 2007 22:03:09 +1000 Subject: - (dtucker) [INSTALL] Group the parts describing random options and PAM implementations together which is hopefully more coherent. --- ChangeLog | 4 +++- INSTALL | 49 +++++++++++++++++++++++++------------------------ 2 files changed, 28 insertions(+), 25 deletions(-) (limited to 'INSTALL') diff --git a/ChangeLog b/ChangeLog index 299813ced..93cff1ee5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (dtucker) [sshd.8] Many Linux variants use a single "!" to denote locked accounts and that's what the code looks for, so make man page and code agree. Pointed out by Roumen Petrov. + - (dtucker) [INSTALL] Group the parts describing random options and PAM + implementations together which is hopefully more coherent. 20070816 - (dtucker) [session.c] Call PAM cleanup functions for unauthenticated @@ -3178,4 +3180,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4732 2007/08/16 23:42:32 dtucker Exp $ +$Id: ChangeLog,v 1.4733 2007/08/17 12:03:09 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 2b8243240..5f888cd54 100644 --- a/INSTALL +++ b/INSTALL @@ -14,31 +14,11 @@ Blowfish) do not work correctly.) The remaining items are optional. -OpenSSH can utilise Pluggable Authentication Modules (PAM) if your -system supports it. PAM is standard most Linux distributions, Solaris, -HP-UX 11 and AIX >= 5.2. - NB. If you operating system supports /dev/random, you should configure OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of -/dev/random. If you don't you will have to rely on ssh-rand-helper, which -is inferior to a good kernel-based solution. - -Linux PAM: -http://www.kernel.org/pub/linux/libs/pam/ - -OpenPAM: -http://www.openpam.org/ - -If you wish to build the GNOME passphrase requester, you will need the GNOME -libraries and headers. - -GNOME: -http://www.gnome.org/ - -Alternatively, Jim Knoble has written an excellent X11 -passphrase requester. This is maintained separately at: - -http://www.jmknoble.net/software/x11-ssh-askpass/ +/dev/random, or failing that, either prngd or egd. If you don't have +any of these you will have to rely on ssh-rand-helper, which is inferior +to a good kernel-based solution or prngd. PRNGD: @@ -54,6 +34,27 @@ lacks /dev/random and don't want to use OpenSSH's internal entropy collection. http://www.lothar.com/tech/crypto/ +OpenSSH can utilise Pluggable Authentication Modules (PAM) if your +system supports it. PAM is standard most Linux distributions, Solaris, +HP-UX 11, AIX >= 5.2, FreeBSD and NetBSD. + +Information about the various PAM implementations are available: + +Solaris PAM: http://www.sun.com/software/solaris/pam/ +Linux PAM: http://www.kernel.org/pub/linux/libs/pam/ +OpenPAM: http://www.openpam.org/ + +If you wish to build the GNOME passphrase requester, you will need the GNOME +libraries and headers. + +GNOME: +http://www.gnome.org/ + +Alternatively, Jim Knoble has written an excellent X11 +passphrase requester. This is maintained separately at: + +http://www.jmknoble.net/software/x11-ssh-askpass/ + S/Key Libraries: If you wish to use --with-skey then you will need the library below @@ -254,4 +255,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.80 2007/08/17 11:40:22 dtucker Exp $ +$Id: INSTALL,v 1.81 2007/08/17 12:03:10 dtucker Exp $ -- cgit v1.2.3 From ea43c496500f2ceaf1a825acb7b717042b01e5c1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 17 Aug 2007 22:10:10 +1000 Subject: - (dtucker) [INSTALL] the pid file is sshd.pid not ssh.pid. --- ChangeLog | 3 ++- INSTALL | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'INSTALL') diff --git a/ChangeLog b/ChangeLog index 93cff1ee5..3af7ab113 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,7 @@ agree. Pointed out by Roumen Petrov. - (dtucker) [INSTALL] Group the parts describing random options and PAM implementations together which is hopefully more coherent. + - (dtucker) [INSTALL] the pid file is sshd.pid not ssh.pid. 20070816 - (dtucker) [session.c] Call PAM cleanup functions for unauthenticated @@ -3180,4 +3181,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4733 2007/08/17 12:03:09 dtucker Exp $ +$Id: ChangeLog,v 1.4734 2007/08/17 12:10:10 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 5f888cd54..0f289105d 100644 --- a/INSTALL +++ b/INSTALL @@ -184,7 +184,7 @@ $DISPLAY environment variable. Some broken systems need this. --with-default-path=PATH allows you to specify a default $PATH for sessions started by sshd. This replaces the standard path entirely. ---with-pid-dir=PATH specifies the directory in which the ssh.pid file is +--with-pid-dir=PATH specifies the directory in which the sshd.pid file is created. --with-xauth=PATH specifies the location of the xauth binary @@ -255,4 +255,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.81 2007/08/17 12:03:10 dtucker Exp $ +$Id: INSTALL,v 1.82 2007/08/17 12:10:11 dtucker Exp $ -- cgit v1.2.3 From 8ea84561c4eb5cd4a5c13f31054b02c6924b7261 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 17 Aug 2007 22:12:14 +1000 Subject: - (dtucker) [INSTALL] Give PAM its own heading. --- ChangeLog | 3 ++- INSTALL | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'INSTALL') diff --git a/ChangeLog b/ChangeLog index 3af7ab113..ea724b66c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ - (dtucker) [INSTALL] Group the parts describing random options and PAM implementations together which is hopefully more coherent. - (dtucker) [INSTALL] the pid file is sshd.pid not ssh.pid. + - (dtucker) [INSTALL] Give PAM its own heading. 20070816 - (dtucker) [session.c] Call PAM cleanup functions for unauthenticated @@ -3181,4 +3182,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4734 2007/08/17 12:10:10 dtucker Exp $ +$Id: ChangeLog,v 1.4735 2007/08/17 12:12:14 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 0f289105d..f9a498bcc 100644 --- a/INSTALL +++ b/INSTALL @@ -34,6 +34,8 @@ lacks /dev/random and don't want to use OpenSSH's internal entropy collection. http://www.lothar.com/tech/crypto/ +PAM: + OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system supports it. PAM is standard most Linux distributions, Solaris, HP-UX 11, AIX >= 5.2, FreeBSD and NetBSD. @@ -255,4 +257,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.82 2007/08/17 12:10:11 dtucker Exp $ +$Id: INSTALL,v 1.83 2007/08/17 12:12:14 dtucker Exp $ -- cgit v1.2.3 From fb206ded167f45dfe11abd6636afcfc78d9e3b3e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 17 Aug 2007 22:52:05 +1000 Subject: - (dtucker) [INSTALL] Link to tcpwrappers. --- ChangeLog | 3 ++- INSTALL | 13 +++++++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) (limited to 'INSTALL') diff --git a/ChangeLog b/ChangeLog index ea724b66c..e6409e49f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,7 @@ implementations together which is hopefully more coherent. - (dtucker) [INSTALL] the pid file is sshd.pid not ssh.pid. - (dtucker) [INSTALL] Give PAM its own heading. + - (dtucker) [INSTALL] Link to tcpwrappers. 20070816 - (dtucker) [session.c] Call PAM cleanup functions for unauthenticated @@ -3182,4 +3183,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4735 2007/08/17 12:12:14 dtucker Exp $ +$Id: ChangeLog,v 1.4736 2007/08/17 12:52:05 dtucker Exp $ diff --git a/INSTALL b/INSTALL index f9a498bcc..001ebb666 100644 --- a/INSTALL +++ b/INSTALL @@ -57,6 +57,15 @@ passphrase requester. This is maintained separately at: http://www.jmknoble.net/software/x11-ssh-askpass/ +TCP Wrappers: + +If you wish to use the TCP wrappers functionality you will need at least +tcpd.h and libwrap.a, either in the standard include and library paths, +or in the directory specified by --with-tcp-wrappers. Version 7.6 is +known to work. + +http://ftp.porcupine.org/pub/security/index.html + S/Key Libraries: If you wish to use --with-skey then you will need the library below @@ -168,7 +177,7 @@ Integration Architecture. The default for OSF1 machines is enable. need the S/Key libraries and header files installed for this to work. --with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow|deny) -support. You will need libwrap.a and tcpd.h installed. +support. --with-md5-passwords will enable the use of MD5 passwords. Enable this if your operating system uses MD5 passwords and the system crypt() does @@ -257,4 +266,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.83 2007/08/17 12:12:14 dtucker Exp $ +$Id: INSTALL,v 1.84 2007/08/17 12:52:05 dtucker Exp $ -- cgit v1.2.3