summaryrefslogtreecommitdiff
path: root/INSTALL
blob: ae2cf69362dc26602081988fc6aae3e30be6070c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
1. Prerequisites
----------------

You will need working installations of Zlib and OpenSSL.

Zlib:
http://www.cdrom.com/pub/infozip/zlib/

OpenSSL:
http://www.openssl.org/

OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system
supports it. PAM is standard on Redhat and Debian Linux and on Solaris.

PAM:
http://www.kernel.org/pub/linux/libs/pam/

If you wish to build the GNOME passphrase requestor, you will need the GNOME
libraries and headers.

GNOME:
http://www.gnome.org/

If you are planning to use OpenSSH on a Unix which lacks a Kernel random
number generator (/dev/urandom), you will need to install the Entropy
Gathering Daemon (or similar). You will also need to specify the 
--with-egd-pool option to ./configure.

EGD:
http://www.lothar.com/tech/crypto/


2. Building / Installation
--------------------------

To install OpenSSH with default options:

./configure
make
make install

This will install the OpenSSH binaries in /usr/local/bin, configuration files
in /usr/local/etc, the server in /usr/local/sbin, etc. To specify a different
installation prefix, use the --prefix option to configure:

./configure --prefix=/opt
make
make install

Will install OpenSSH in /opt/{bin,etc,lib,sbin}. You can also override 
specific paths, for example:

./configure --prefix=/opt --sysconfdir=/etc/ssh
make
make install

This will install the binaries in /opt/{bin,lib,sbin}, but will place the
configuration files in /etc/ssh.

If you are using PAM, you will need to manually install the sshd.pam
control file as "/etc/pam.d/sshd". This file is customised for Redhat
Linux, you may need to edit it before using it on your system.

There are a few other options to the configure script:

--enable-gnome-askpass will build the GNOME passphrase dialog. You
need a working installation of GNOME, including the development
headers, for this to work.

--with-random=/some/file allows you to specify an alternate source of
random numbers (the default is /dev/urandom). Unless you are absolutly
sure of what you are doing, it is best to leave this alone.

--with-egd-pool=/some/file allows you to enable Entropy Gathering
Daemon support and to specify a EGD pool socket. You will need to
use this if your Unix does not support the /dev/urandom device (or
similar).

--without-askpass will disable X11 password requestor support in
ssh-add

--with-kerberos4 will enable Kerberos IV support. You will need to
have the Kerberos libraries and header files installed for this to
work.

--with-afs will enable AFS support. You will need to have the Kerberos
IV and the AFS libraries and header files installed for this to work.

--with-skey will enable S/Key one time password support. You will need
the S/Key libraries and header files installed for this to work.

--with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow|deny)
support. You will need libwrap.a and tcpd.h installed.

--with-md5-passwords will enable the use of MD5 passwords. Enable this
if your operating system uses MD5 passwords without using PAM.


3. Configuration
----------------

The runtime configuration files are installed by in ${prefix}/etc or 
whatever you specified as your --sysconfdir (/usr/local/etc by default).

The default configuration should be instantly usable, though you should 
review it to ensure that it matches your security requirements.

To generate a host key, issue the following command: (replacing
/etc/ssh/ssh_host_key with an appropriate path)

/usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N ''

For more information on configuration, please refer to the manual pages 
for sshd, ssh and ssh-agent.