[0931098] | 1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
[6732c094] | 2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
---|
| 3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
---|
[0931098] | 4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
| 5 | %general-entities;
|
---|
| 6 |
|
---|
[3a373116] | 7 | <!ENTITY openssh-download-http
|
---|
[c6b192c] | 8 | "https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
|
---|
[3a373116] | 9 | <!ENTITY openssh-download-ftp
|
---|
[a93f2f1] | 10 | " "> <!-- at the moment, unable to connect via ftp: ken
|
---|
| 11 | "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz"> -->
|
---|
[9556a94] | 12 | <!ENTITY openssh-md5sum "8ce5f390958baeeab635aafd0ef41453">
|
---|
[a934691] | 13 | <!ENTITY openssh-size "1.7 MB">
|
---|
[9556a94] | 14 | <!ENTITY openssh-buildsize "48 MB (add 34 MB for tests)">
|
---|
[8558044] | 15 | <!ENTITY openssh-time "0.3 SBU (Using parallelism=4;
|
---|
[7c017a3] | 16 | running the tests takes 20+ minutes,
|
---|
[6c6990c] | 17 | irrespective of processor speed)">
|
---|
[0931098] | 18 | ]>
|
---|
| 19 |
|
---|
[1708d1e9] | 20 | <sect1 id="openssh" xreflabel="OpenSSH-&openssh-version;">
|
---|
[e4e0d060] | 21 | <?dbhtml filename="openssh.html"?>
|
---|
| 22 |
|
---|
| 23 | <sect1info>
|
---|
| 24 | <date>$Date$</date>
|
---|
| 25 | </sect1info>
|
---|
| 26 |
|
---|
| 27 | <title>OpenSSH-&openssh-version;</title>
|
---|
| 28 |
|
---|
[0978e07] | 29 | <indexterm zone="openssh">
|
---|
| 30 | <primary sortas="a-OpenSSH">OpenSSH</primary>
|
---|
| 31 | </indexterm>
|
---|
| 32 |
|
---|
| 33 | <sect2 role="package">
|
---|
| 34 | <title>Introduction to OpenSSH</title>
|
---|
| 35 |
|
---|
[8ba08b56] | 36 | <para>
|
---|
| 37 | The <application>OpenSSH</application> package contains
|
---|
[45db70f] | 38 | <command>ssh</command> clients and the <command>sshd</command> daemon.
|
---|
| 39 | This is useful for encrypting authentication and subsequent traffic over
|
---|
| 40 | a network. The <command>ssh</command> and <command>scp</command> commands
|
---|
| 41 | are secure implementations of <command>telnet</command> and
|
---|
| 42 | <command>rcp</command> respectively.
|
---|
[8ba08b56] | 43 | </para>
|
---|
[6b5cc24] | 44 |
|
---|
[b21f9be] | 45 | &lfs111_checked;
|
---|
[6b5cc24] | 46 |
|
---|
[e4e0d060] | 47 | <bridgehead renderas="sect3">Package Information</bridgehead>
|
---|
| 48 | <itemizedlist spacing="compact">
|
---|
| 49 | <listitem>
|
---|
[3a373116] | 50 | <para>
|
---|
| 51 | Download (HTTP): <ulink url="&openssh-download-http;"/>
|
---|
| 52 | </para>
|
---|
[e4e0d060] | 53 | </listitem>
|
---|
| 54 | <listitem>
|
---|
[3a373116] | 55 | <para>
|
---|
| 56 | Download (FTP): <ulink url="&openssh-download-ftp;"/>
|
---|
| 57 | </para>
|
---|
[e4e0d060] | 58 | </listitem>
|
---|
| 59 | <listitem>
|
---|
[3a373116] | 60 | <para>
|
---|
| 61 | Download MD5 sum: &openssh-md5sum;
|
---|
| 62 | </para>
|
---|
[e4e0d060] | 63 | </listitem>
|
---|
| 64 | <listitem>
|
---|
[3a373116] | 65 | <para>
|
---|
| 66 | Download size: &openssh-size;
|
---|
| 67 | </para>
|
---|
[e4e0d060] | 68 | </listitem>
|
---|
| 69 | <listitem>
|
---|
[3a373116] | 70 | <para>
|
---|
| 71 | Estimated disk space required: &openssh-buildsize;
|
---|
| 72 | </para>
|
---|
[e4e0d060] | 73 | </listitem>
|
---|
| 74 | <listitem>
|
---|
[3a373116] | 75 | <para>
|
---|
| 76 | Estimated build time: &openssh-time;
|
---|
| 77 | </para>
|
---|
[e4e0d060] | 78 | </listitem>
|
---|
| 79 | </itemizedlist>
|
---|
[479274d] | 80 | <!--
|
---|
[3806235] | 81 | <bridgehead renderas="sect3">Additional Downloads</bridgehead>
|
---|
| 82 | <itemizedlist spacing="compact">
|
---|
| 83 | <listitem>
|
---|
| 84 | <para>
|
---|
| 85 | Required patch:
|
---|
[f2cb3164] | 86 | <ulink url="&patch-root;/openssh-&openssh-version;-glibc_2.31_fix-1.patch"/>
|
---|
[3806235] | 87 | </para>
|
---|
| 88 | </listitem>
|
---|
| 89 | </itemizedlist>
|
---|
[479274d] | 90 | -->
|
---|
[e4e0d060] | 91 | <bridgehead renderas="sect3">OpenSSH Dependencies</bridgehead>
|
---|
[31427bc] | 92 |
|
---|
[e4e0d060] | 93 | <bridgehead renderas="sect4">Optional</bridgehead>
|
---|
[3a373116] | 94 | <para role="optional">
|
---|
[d38746e] | 95 | <xref linkend="gdb"/> (for tests),
|
---|
[3a373116] | 96 | <xref linkend="linux-pam"/>,
|
---|
| 97 | <xref linkend="x-window-system"/>,
|
---|
| 98 | <xref linkend="mitkrb"/>,
|
---|
[ba0004e] | 99 | <ulink url="http://www.thrysoee.dk/editline/">libedit</ulink>,
|
---|
[94b42903] | 100 | <ulink url="http://www.libressl.org/">LibreSSL Portable</ulink>,
|
---|
[6c6990c] | 101 | <ulink url="https://github.com/OpenSC/OpenSC/wiki">OpenSC</ulink>, and
|
---|
[3a373116] | 102 | <ulink url="http://www.citi.umich.edu/projects/smartcard/sectok.html">libsectok</ulink>
|
---|
| 103 | </para>
|
---|
[9561d7e] | 104 |
|
---|
[409e2e7] | 105 | <bridgehead renderas="sect4">Optional Runtime (Used only to gather entropy)</bridgehead>
|
---|
[3a373116] | 106 | <para role="optional">
|
---|
[b47d633] | 107 | <!--<xref role="runtime" linkend="openjdk"/>, Not seen in 8.8p1 -->
|
---|
[96e9478] | 108 | <xref role="runtime" linkend="net-tools"/>, and
|
---|
| 109 | <xref role="runtime" linkend="sysstat"/>
|
---|
[3a373116] | 110 | </para>
|
---|
[e4e0d060] | 111 |
|
---|
[3a373116] | 112 | <para condition="html" role="usernotes">
|
---|
[8ba08b56] | 113 | User Notes: <ulink url="&blfs-wiki;/OpenSSH"/>
|
---|
[3a373116] | 114 | </para>
|
---|
[e4e0d060] | 115 | </sect2>
|
---|
| 116 |
|
---|
| 117 | <sect2 role="installation">
|
---|
| 118 | <title>Installation of OpenSSH</title>
|
---|
| 119 |
|
---|
[3a373116] | 120 | <para>
|
---|
| 121 | <application>OpenSSH</application> runs as two processes when connecting
|
---|
| 122 | to other computers. The first process is a privileged process and controls
|
---|
| 123 | the issuance of privileges as necessary. The second process communicates
|
---|
| 124 | with the network. Additional installation steps are necessary to set up
|
---|
| 125 | the proper environment, which are performed by issuing the following
|
---|
| 126 | commands as the <systemitem class="username">root</systemitem> user:
|
---|
| 127 | </para>
|
---|
[e4e0d060] | 128 |
|
---|
[6c6990c] | 129 | <screen role="root"><userinput>install -v -m700 -d /var/lib/sshd &&
|
---|
| 130 | chown -v root:sys /var/lib/sshd &&
|
---|
[59382ab] | 131 |
|
---|
[6c6990c] | 132 | groupadd -g 50 sshd &&
|
---|
| 133 | useradd -c 'sshd PrivSep' \
|
---|
| 134 | -d /var/lib/sshd \
|
---|
| 135 | -g sshd \
|
---|
| 136 | -s /bin/false \
|
---|
| 137 | -u 50 sshd</userinput></screen>
|
---|
[479274d] | 138 | <!--
|
---|
[3806235] | 139 | <para>
|
---|
| 140 | Apply a patch to allow OpenSSH to build and function with
|
---|
[f2cb3164] | 141 | <application>Glibc-2.31</application> and later:
|
---|
[3806235] | 142 | </para>
|
---|
| 143 |
|
---|
[f2cb3164] | 144 | <screen><userinput remap="pre">patch -Np1 -i ../openssh-&openssh-version;-glibc_2.31_fix-1.patch</userinput></screen>
|
---|
[8558044] | 145 | -->
|
---|
[5d2965c] | 146 |
|
---|
| 147 | <!-- Applied in 8.5p1
|
---|
[66d223b] | 148 | <para>
|
---|
| 149 | First, adapt <application>ssh-copy-id</application> to changes
|
---|
| 150 | in bash-5.1:
|
---|
| 151 | </para>
|
---|
| 152 |
|
---|
| 153 | <screen><userinput remap="pre">sed -e '/INSTALLKEYS_SH/s/)//' -e '260a\ )' -i contrib/ssh-copy-id</userinput></screen>
|
---|
| 154 |
|
---|
[79eec369] | 155 | <para>
|
---|
| 156 | Next, fix an issue on platforms other than x86_64:
|
---|
| 157 | </para>
|
---|
| 158 | <screen><userinput remap="pre">if [ "$(uname -m)" != "x86_64" ]; then
|
---|
| 159 | l1="#ifdef __NR_pselect6_time64"
|
---|
| 160 | l2=" SC_ALLOW(__NR_pselect6_time64),"
|
---|
| 161 | l3="#endif"
|
---|
| 162 | sed -e "/^#ifdef __NR_read$/ i $l1\n$l2\n$l3" \
|
---|
| 163 | -i sandbox-seccomp-filter.c
|
---|
| 164 | fi</userinput></screen>
|
---|
[5d2965c] | 165 | -->
|
---|
[3a373116] | 166 | <para>
|
---|
| 167 | Install <application>OpenSSH</application> by running the following
|
---|
| 168 | commands:
|
---|
| 169 | </para>
|
---|
[0931098] | 170 |
|
---|
[1a3d7fb2] | 171 | <screen><userinput>./configure --prefix=/usr \
|
---|
| 172 | --sysconfdir=/etc/ssh \
|
---|
| 173 | --with-md5-passwords \
|
---|
| 174 | --with-privsep-path=/var/lib/sshd \
|
---|
| 175 | --with-default-path=/usr/bin \
|
---|
| 176 | --with-superuser-path=/usr/sbin:/usr/bin \
|
---|
| 177 | --with-pid-dir=/run
|
---|
[3a3b19b] | 178 | make</userinput></screen>
|
---|
[1b83a7c1] | 179 |
|
---|
[3a373116] | 180 | <para>
|
---|
[bc6e56d] | 181 | The testsuite requires an installed copy of <command>scp</command> to
|
---|
| 182 | complete the multiplexing tests. To run the test suite, first copy the
|
---|
| 183 | <command>scp</command> program to
|
---|
| 184 | <filename class="directory">/usr/bin</filename>, making sure that you
|
---|
[45db70f] | 185 | backup any existing copy first.
|
---|
[3a373116] | 186 | </para>
|
---|
[409e2e7] | 187 |
|
---|
[9556a94] | 188 | <para>
|
---|
| 189 | If you wish to run the tests, remove a test suite that is not valid on
|
---|
| 190 | Linux-based platforms:
|
---|
| 191 | </para>
|
---|
| 192 |
|
---|
| 193 | <screen><userinput>sed -i 's/conch-ciphers//' regress/Makefile</userinput></screen>
|
---|
| 194 |
|
---|
[5a6a6be] | 195 | <para>
|
---|
[7c017a3] | 196 | To test the results, issue: <command>make -j1 tests</command>.
|
---|
[21552cf] | 197 | <!--One test, <filename>key options</filename>, fails when run in chroot.-->
|
---|
[5a6a6be] | 198 | </para>
|
---|
| 199 |
|
---|
| 200 | <!-- commenting this, I get "all tests passed" [ ken ]
|
---|
| 201 | NB tests should be run as _user_ but the role in the comment is root
|
---|
[59382ab] | 202 |
|
---|
| 203 | commenting [ bruce ]: There are a couple of tests that want root.
|
---|
[6c6990c] | 204 | The log mentions that SUDO is not set. These skipped tests are
|
---|
[59382ab] | 205 | ignored and the end says 'all tests passed' even when not root
|
---|
| 206 |
|
---|
[3a373116] | 207 | <para>
|
---|
| 208 | To run the test suite, issue the following commands:
|
---|
| 209 | </para>
|
---|
[7c9e252] | 210 |
|
---|
[409e2e7] | 211 | <screen role="root"><userinput>make tests 2>&1 | tee check.log
|
---|
| 212 | grep FATAL check.log</userinput></screen>
|
---|
[7c9e252] | 213 |
|
---|
[3a373116] | 214 | <para>
|
---|
| 215 | If the above command produces no 'FATAL' errors, then proceed with the
|
---|
| 216 | installation, as the <systemitem class="username">root</systemitem> user:
|
---|
[5a6a6be] | 217 | </para>-->
|
---|
| 218 | <para>
|
---|
| 219 | Now, as the <systemitem class="username">root</systemitem> user:
|
---|
[3a373116] | 220 | </para>
|
---|
[7c9e252] | 221 |
|
---|
[6c6990c] | 222 | <screen role="root"><userinput>make install &&
|
---|
| 223 | install -v -m755 contrib/ssh-copy-id /usr/bin &&
|
---|
| 224 |
|
---|
| 225 | install -v -m644 contrib/ssh-copy-id.1 \
|
---|
| 226 | /usr/share/man/man1 &&
|
---|
[5ee1266] | 227 | install -v -m755 -d /usr/share/doc/openssh-&openssh-version; &&
|
---|
[6c6990c] | 228 | install -v -m644 INSTALL LICENCE OVERVIEW README* \
|
---|
| 229 | /usr/share/doc/openssh-&openssh-version;</userinput></screen>
|
---|
[e4e0d060] | 230 | </sect2>
|
---|
| 231 |
|
---|
| 232 | <sect2 role="commands">
|
---|
| 233 | <title>Command Explanations</title>
|
---|
| 234 |
|
---|
[3a373116] | 235 | <para>
|
---|
| 236 | <parameter>--sysconfdir=/etc/ssh</parameter>: This prevents the
|
---|
| 237 | configuration files from being installed in
|
---|
| 238 | <filename class="directory">/usr/etc</filename>.
|
---|
| 239 | </para>
|
---|
| 240 |
|
---|
| 241 | <para>
|
---|
| 242 | <parameter>--with-md5-passwords</parameter>: This enables the use of MD5
|
---|
| 243 | passwords.
|
---|
| 244 | </para>
|
---|
| 245 |
|
---|
[1a3d7fb2] | 246 | <para>
|
---|
| 247 | <parameter>--with-default-path=/usr/bin</parameter> and
|
---|
| 248 | <parameter>--with-superuser-path=/usr/sbin:/usr/bin</parameter>:
|
---|
| 249 | These set <envar>PATH</envar> consistent with LFS and BLFS
|
---|
| 250 | <application>Shadow</application> package.
|
---|
| 251 | </para>
|
---|
| 252 |
|
---|
| 253 | <para>
|
---|
| 254 | <parameter>--with-pid-dir=/run</parameter>: This prevents
|
---|
[2c87187] | 255 | <application>OpenSSH</application> from referring to deprecated
|
---|
[1a3d7fb2] | 256 | <filename class="directory">/var/run</filename>.
|
---|
| 257 | </para>
|
---|
| 258 |
|
---|
[3a373116] | 259 | <para>
|
---|
[f1d7196] | 260 | <option>--with-pam</option>: This parameter enables
|
---|
[3a373116] | 261 | <application>Linux-PAM</application> support in the build.
|
---|
| 262 | </para>
|
---|
| 263 |
|
---|
| 264 | <para>
|
---|
[f1d7196] | 265 | <option>--with-xauth=/usr/bin/xauth</option>: Set the default
|
---|
[3a373116] | 266 | location for the <command>xauth</command> binary for X authentication.
|
---|
| 267 | Change the location if <command>xauth</command> will be installed to a
|
---|
| 268 | different path. This can also be controlled from
|
---|
| 269 | <filename>sshd_config</filename> with the XAuthLocation keyword. You can
|
---|
| 270 | omit this switch if <application>Xorg</application> is already installed.
|
---|
| 271 | </para>
|
---|
| 272 |
|
---|
| 273 | <para>
|
---|
[f1d7196] | 274 | <option>--with-kerberos5=/usr</option>: This option is used to
|
---|
[3a373116] | 275 | include Kerberos 5 support in the build.
|
---|
| 276 | </para>
|
---|
[409e2e7] | 277 |
|
---|
[ba0004e] | 278 | <para>
|
---|
[f1d7196] | 279 | <option>--with-libedit</option>: This option enables line editing
|
---|
[ba0004e] | 280 | and history features for <command>sftp</command>.
|
---|
| 281 | </para>
|
---|
| 282 |
|
---|
[e4e0d060] | 283 | </sect2>
|
---|
| 284 |
|
---|
| 285 | <sect2 role="configuration">
|
---|
| 286 | <title>Configuring OpenSSH</title>
|
---|
| 287 |
|
---|
| 288 | <sect3 id="openssh-config">
|
---|
| 289 | <title>Config Files</title>
|
---|
| 290 |
|
---|
[3a373116] | 291 | <para>
|
---|
| 292 | <filename>~/.ssh/*</filename>,
|
---|
[e4e0d060] | 293 | <filename>/etc/ssh/ssh_config</filename>, and
|
---|
[3a373116] | 294 | <filename>/etc/ssh/sshd_config</filename>
|
---|
| 295 | </para>
|
---|
[e4e0d060] | 296 |
|
---|
| 297 | <indexterm zone="openssh openssh-config">
|
---|
| 298 | <primary sortas="e-AA.ssh">~/.ssh/*</primary>
|
---|
| 299 | </indexterm>
|
---|
| 300 |
|
---|
| 301 | <indexterm zone="openssh openssh-config">
|
---|
| 302 | <primary sortas="e-etc-ssh-ssh_config">/etc/ssh/ssh_config</primary>
|
---|
| 303 | </indexterm>
|
---|
| 304 |
|
---|
| 305 | <indexterm zone="openssh openssh-config">
|
---|
| 306 | <primary sortas="e-etc-ssh-sshd_config">/etc/ssh/sshd_config</primary>
|
---|
| 307 | </indexterm>
|
---|
| 308 |
|
---|
[3a373116] | 309 | <para>
|
---|
| 310 | There are no required changes to any of these files. However,
|
---|
| 311 | you may wish to view the
|
---|
| 312 | <filename class='directory'>/etc/ssh/</filename> files and make any
|
---|
| 313 | changes appropriate for the security of your system. One recommended
|
---|
| 314 | change is that you disable
|
---|
| 315 | <systemitem class='username'>root</systemitem> login via
|
---|
| 316 | <command>ssh</command>. Execute the following command as the
|
---|
| 317 | <systemitem class='username'>root</systemitem> user to disable
|
---|
| 318 | <systemitem class='username'>root</systemitem> login via
|
---|
| 319 | <command>ssh</command>:
|
---|
| 320 | </para>
|
---|
[e4e0d060] | 321 |
|
---|
[6c24da75] | 322 | <screen role="root"><userinput>echo "PermitRootLogin no" >> /etc/ssh/sshd_config</userinput></screen>
|
---|
| 323 |
|
---|
[3a373116] | 324 | <para>
|
---|
| 325 | If you want to be able to log in without typing in your password, first
|
---|
| 326 | create ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub with
|
---|
| 327 | <command>ssh-keygen</command> and then copy ~/.ssh/id_rsa.pub to
|
---|
| 328 | ~/.ssh/authorized_keys on the remote computer that you want to log into.
|
---|
[f507f06] | 329 | You'll need to change REMOTE_USERNAME and REMOTE_HOSTNAME for the username and hostname of the remote
|
---|
| 330 | computer and you'll also need to enter your password for the ssh-copy-id command
|
---|
[3a373116] | 331 | to succeed:
|
---|
| 332 | </para>
|
---|
| 333 |
|
---|
| 334 | <screen><userinput>ssh-keygen &&
|
---|
[f507f06] | 335 | ssh-copy-id -i ~/.ssh/id_rsa.pub <replaceable>REMOTE_USERNAME</replaceable>@<replaceable>REMOTE_HOSTNAME</replaceable></userinput></screen>
|
---|
[3a373116] | 336 |
|
---|
| 337 | <para>
|
---|
| 338 | Once you've got passwordless logins working it's actually more secure
|
---|
| 339 | than logging in with a password (as the private key is much longer than
|
---|
| 340 | most people's passwords). If you would like to now disable password
|
---|
| 341 | logins, as the <systemitem class="username">root</systemitem> user:
|
---|
| 342 | </para>
|
---|
| 343 |
|
---|
| 344 |
|
---|
| 345 | <screen role="root"><userinput>echo "PasswordAuthentication no" >> /etc/ssh/sshd_config &&
|
---|
| 346 | echo "ChallengeResponseAuthentication no" >> /etc/ssh/sshd_config</userinput></screen>
|
---|
| 347 |
|
---|
| 348 | <para>
|
---|
[f586237] | 349 | If you added <application>Linux-PAM</application> support and you want
|
---|
[3a373116] | 350 | ssh to use it then you will need to add a configuration file for
|
---|
| 351 | <application>sshd</application> and enable use of
|
---|
| 352 | <application>LinuxPAM</application>. Note, ssh only uses PAM to check
|
---|
| 353 | passwords, if you've disabled password logins these commands are not
|
---|
[f586237] | 354 | needed. If you want to use PAM, issue the following commands as the
|
---|
[3a373116] | 355 | <systemitem class='username'>root</systemitem> user:
|
---|
| 356 | </para>
|
---|
[6c24da75] | 357 |
|
---|
| 358 | <screen role="root"><userinput>sed 's@d/login@d/sshd@g' /etc/pam.d/login > /etc/pam.d/sshd &&
|
---|
[b30ddee] | 359 | chmod 644 /etc/pam.d/sshd &&
|
---|
[5a6a6be] | 360 | echo "UsePAM yes" >> /etc/ssh/sshd_config</userinput></screen>
|
---|
[e4e0d060] | 361 |
|
---|
[3a373116] | 362 | <para>
|
---|
| 363 | Additional configuration information can be found in the man
|
---|
| 364 | pages for <command>sshd</command>, <command>ssh</command> and
|
---|
| 365 | <command>ssh-agent</command>.
|
---|
| 366 | </para>
|
---|
[e4e0d060] | 367 | </sect3>
|
---|
| 368 |
|
---|
| 369 | <sect3 id="openssh-init">
|
---|
[f586237] | 370 | <title><phrase revision="sysv">Boot Script</phrase>
|
---|
| 371 | <phrase revision="systemd">Systemd Unit</phrase></title>
|
---|
[e4e0d060] | 372 |
|
---|
[f586237] | 373 | <para revision="sysv">
|
---|
[3a373116] | 374 | To start the SSH server at system boot, install the
|
---|
[3c7bd00] | 375 | <filename>/etc/rc.d/init.d/sshd</filename> init script included
|
---|
[f586237] | 376 | in the <xref linkend="bootscripts"/> package.
|
---|
| 377 | </para>
|
---|
| 378 |
|
---|
| 379 | <para revision="systemd">
|
---|
| 380 | To start the SSH server at system boot, install the
|
---|
| 381 | <filename>sshd.service</filename> unit included in the
|
---|
| 382 | <xref linkend="systemd-units"/> package.
|
---|
[3c7bd00] | 383 | </para>
|
---|
[e4e0d060] | 384 |
|
---|
| 385 | <indexterm zone="openssh openssh-init">
|
---|
| 386 | <primary sortas="f-sshd">sshd</primary>
|
---|
| 387 | </indexterm>
|
---|
| 388 |
|
---|
| 389 | <screen role="root"><userinput>make install-sshd</userinput></screen>
|
---|
| 390 | </sect3>
|
---|
| 391 | </sect2>
|
---|
| 392 |
|
---|
| 393 | <sect2 role="content">
|
---|
| 394 | <title>Contents</title>
|
---|
| 395 |
|
---|
| 396 | <segmentedlist>
|
---|
| 397 | <segtitle>Installed Programs</segtitle>
|
---|
[c3c56b2] | 398 | <segtitle>Installed Libraries</segtitle>
|
---|
[e4e0d060] | 399 | <segtitle>Installed Directories</segtitle>
|
---|
| 400 |
|
---|
| 401 | <seglistitem>
|
---|
[3a373116] | 402 | <seg>
|
---|
[5d2965c] | 403 | scp, sftp, <!--slogin (symlink to ssh),--> ssh, ssh-add, ssh-agent,
|
---|
[b2b7378b] | 404 | ssh-copy-id, ssh-keygen, ssh-keyscan, and sshd
|
---|
[c3c56b2] | 405 | </seg>
|
---|
| 406 | <seg>
|
---|
| 407 | None
|
---|
[3a373116] | 408 | </seg>
|
---|
| 409 | <seg>
|
---|
| 410 | /etc/ssh,
|
---|
[c175983] | 411 | /usr/share/doc/openssh-&openssh-version;, and
|
---|
| 412 | /var/lib/sshd
|
---|
[3a373116] | 413 | </seg>
|
---|
[e4e0d060] | 414 | </seglistitem>
|
---|
| 415 | </segmentedlist>
|
---|
| 416 |
|
---|
| 417 | <variablelist>
|
---|
| 418 | <bridgehead renderas="sect3">Short Descriptions</bridgehead>
|
---|
| 419 | <?dbfo list-presentation="list"?>
|
---|
| 420 | <?dbhtml list-presentation="table"?>
|
---|
| 421 |
|
---|
| 422 | <varlistentry id="scp">
|
---|
| 423 | <term><command>scp</command></term>
|
---|
| 424 | <listitem>
|
---|
[3a373116] | 425 | <para>
|
---|
| 426 | is a file copy program that acts like <command>rcp</command> except
|
---|
[4c24eb0a] | 427 | it uses an encrypted protocol
|
---|
[3a373116] | 428 | </para>
|
---|
[e4e0d060] | 429 | <indexterm zone="openssh scp">
|
---|
| 430 | <primary sortas="b-scp">scp</primary>
|
---|
| 431 | </indexterm>
|
---|
| 432 | </listitem>
|
---|
| 433 | </varlistentry>
|
---|
| 434 |
|
---|
| 435 | <varlistentry id="sftp">
|
---|
| 436 | <term><command>sftp</command></term>
|
---|
| 437 | <listitem>
|
---|
[3a373116] | 438 | <para>
|
---|
[4c24eb0a] | 439 | is an FTP-like program that works over the SSH1 and SSH2 protocols
|
---|
[3a373116] | 440 | </para>
|
---|
[e4e0d060] | 441 | <indexterm zone="openssh sftp">
|
---|
| 442 | <primary sortas="b-sftp">sftp</primary>
|
---|
| 443 | </indexterm>
|
---|
| 444 | </listitem>
|
---|
| 445 | </varlistentry>
|
---|
[5d2965c] | 446 | <!-- Not installed anymore as of 8.5p1
|
---|
[e4e0d060] | 447 | <varlistentry id="slogin">
|
---|
| 448 | <term><command>slogin</command></term>
|
---|
| 449 | <listitem>
|
---|
[3a373116] | 450 | <para>
|
---|
[4c24eb0a] | 451 | is a symlink to <command>ssh</command>
|
---|
[3a373116] | 452 | </para>
|
---|
[e4e0d060] | 453 | <indexterm zone="openssh slogin">
|
---|
[b960e3ec] | 454 | <primary sortas="b-slogin">slogin</primary>
|
---|
[e4e0d060] | 455 | </indexterm>
|
---|
| 456 | </listitem>
|
---|
| 457 | </varlistentry>
|
---|
[5d2965c] | 458 | -->
|
---|
[e4e0d060] | 459 | <varlistentry id="ssh">
|
---|
| 460 | <term><command>ssh</command></term>
|
---|
| 461 | <listitem>
|
---|
[3a373116] | 462 | <para>
|
---|
| 463 | is an <command>rlogin</command>/<command>rsh</command>-like client
|
---|
[4c24eb0a] | 464 | program except it uses an encrypted protocol
|
---|
[3a373116] | 465 | </para>
|
---|
[e4e0d060] | 466 | <indexterm zone="openssh ssh">
|
---|
| 467 | <primary sortas="b-ssh">ssh</primary>
|
---|
| 468 | </indexterm>
|
---|
| 469 | </listitem>
|
---|
| 470 | </varlistentry>
|
---|
| 471 |
|
---|
| 472 | <varlistentry id="sshd">
|
---|
| 473 | <term><command>sshd</command></term>
|
---|
| 474 | <listitem>
|
---|
[3a373116] | 475 | <para>
|
---|
[4c24eb0a] | 476 | is a daemon that listens for <command>ssh</command> login requests
|
---|
[3a373116] | 477 | </para>
|
---|
[e4e0d060] | 478 | <indexterm zone="openssh sshd">
|
---|
| 479 | <primary sortas="b-sshd">sshd</primary>
|
---|
| 480 | </indexterm>
|
---|
| 481 | </listitem>
|
---|
| 482 | </varlistentry>
|
---|
| 483 |
|
---|
| 484 | <varlistentry id="ssh-add">
|
---|
| 485 | <term><command>ssh-add</command></term>
|
---|
| 486 | <listitem>
|
---|
[3a373116] | 487 | <para>
|
---|
[4c24eb0a] | 488 | is a tool which adds keys to the <command>ssh-agent</command>
|
---|
[3a373116] | 489 | </para>
|
---|
[e4e0d060] | 490 | <indexterm zone="openssh ssh-add">
|
---|
| 491 | <primary sortas="b-ssh-add">ssh-add</primary>
|
---|
| 492 | </indexterm>
|
---|
| 493 | </listitem>
|
---|
| 494 | </varlistentry>
|
---|
| 495 |
|
---|
| 496 | <varlistentry id="ssh-agent">
|
---|
| 497 | <term><command>ssh-agent</command></term>
|
---|
| 498 | <listitem>
|
---|
[3a373116] | 499 | <para>
|
---|
[4c24eb0a] | 500 | is an authentication agent that can store private keys
|
---|
[3a373116] | 501 | </para>
|
---|
[e4e0d060] | 502 | <indexterm zone="openssh ssh-agent">
|
---|
| 503 | <primary sortas="b-ssh-agent">ssh-agent</primary>
|
---|
| 504 | </indexterm>
|
---|
| 505 | </listitem>
|
---|
| 506 | </varlistentry>
|
---|
| 507 |
|
---|
[5a2f5972] | 508 | <varlistentry id="ssh-copy-id">
|
---|
| 509 | <term><command>ssh-copy-id</command></term>
|
---|
| 510 | <listitem>
|
---|
| 511 | <para>
|
---|
[5d2965c] | 512 | is a script that enables logins on remote machines using local keys
|
---|
[5a2f5972] | 513 | </para>
|
---|
| 514 | <indexterm zone="openssh ssh-copy-id">
|
---|
| 515 | <primary sortas="b-ssh-copy-id">ssh-copy-id</primary>
|
---|
| 516 | </indexterm>
|
---|
| 517 | </listitem>
|
---|
| 518 | </varlistentry>
|
---|
| 519 |
|
---|
[e4e0d060] | 520 | <varlistentry id="ssh-keygen">
|
---|
| 521 | <term><command>ssh-keygen</command></term>
|
---|
| 522 | <listitem>
|
---|
[3a373116] | 523 | <para>
|
---|
[4c24eb0a] | 524 | is a key generation tool
|
---|
[3a373116] | 525 | </para>
|
---|
[e4e0d060] | 526 | <indexterm zone="openssh ssh-keygen">
|
---|
| 527 | <primary sortas="b-ssh-keygen">ssh-keygen</primary>
|
---|
| 528 | </indexterm>
|
---|
| 529 | </listitem>
|
---|
| 530 | </varlistentry>
|
---|
| 531 |
|
---|
| 532 | <varlistentry id="ssh-keyscan">
|
---|
| 533 | <term><command>ssh-keyscan</command></term>
|
---|
| 534 | <listitem>
|
---|
[3a373116] | 535 | <para>
|
---|
[4c24eb0a] | 536 | is a utility for gathering public host keys from a number of hosts
|
---|
[3a373116] | 537 | </para>
|
---|
[e4e0d060] | 538 | <indexterm zone="openssh ssh-keyscan">
|
---|
| 539 | <primary sortas="b-ssh-keyscan">ssh-keyscan</primary>
|
---|
| 540 | </indexterm>
|
---|
| 541 | </listitem>
|
---|
| 542 | </varlistentry>
|
---|
| 543 |
|
---|
| 544 | </variablelist>
|
---|
| 545 | </sect2>
|
---|
[4c24eb0a] | 546 |
|
---|
[e4e0d060] | 547 | </sect1>
|
---|