source: server/major/openssh.xml@ bfb7882

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since bfb7882 was bfb7882, checked in by Tushar Teredesai <tushar@…>, 19 years ago

More typo fixes

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@4841 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 12.7 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3 "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY openssh-download-http "http://sunsite.ualberta.ca/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
8 <!ENTITY openssh-download-ftp "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
9 <!ENTITY openssh-md5sum "959c663e709c981f07a3315bfd64f3d0">
10 <!ENTITY openssh-size "894 KB">
11 <!ENTITY openssh-buildsize "15 MB">
12 <!ENTITY openssh-time "0.4 SBU">
13]>
14
15<sect1 id="openssh" xreflabel="OpenSSH-&openssh-version;">
16 <?dbhtml filename="openssh.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>OpenSSH-&openssh-version;</title>
24
25 <indexterm zone="openssh">
26 <primary sortas="a-OpenSSH">OpenSSH</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to OpenSSH</title>
31
32 <para>The <application>OpenSSH</application> package contains
33 <command>ssh</command> clients and the <command>sshd</command> daemon.
34 This is useful for encrypting authentication and subsequent traffic
35 over a network.</para>
36
37 <bridgehead renderas="sect3">Package Information</bridgehead>
38 <itemizedlist spacing="compact">
39 <listitem>
40 <para>Download (HTTP): <ulink url="&openssh-download-http;"/></para>
41 </listitem>
42 <listitem>
43 <para>Download (FTP): <ulink url="&openssh-download-ftp;"/></para>
44 </listitem>
45 <listitem>
46 <para>Download MD5 sum: &openssh-md5sum;</para>
47 </listitem>
48 <listitem>
49 <para>Download size: &openssh-size;</para>
50 </listitem>
51 <listitem>
52 <para>Estimated disk space required: &openssh-buildsize;</para>
53 </listitem>
54 <listitem>
55 <para>Estimated build time: &openssh-time;</para>
56 </listitem>
57 </itemizedlist>
58
59 <bridgehead renderas="sect3">OpenSSH Dependencies</bridgehead>
60
61 <bridgehead renderas="sect4">Required</bridgehead>
62 <para><xref linkend="openssl"/></para>
63
64 <bridgehead renderas="sect4">Optional</bridgehead>
65 <para><xref linkend="Linux_PAM"/>,
66 <xref linkend="tcpwrappers"/>,
67 X (<xref linkend="xfree86"/> or <xref linkend="xorg"/>),
68 <xref linkend="mitkrb"/> or <xref linkend="heimdal"/>,
69 <xref linkend="jdk"/>,
70 <xref linkend="net-tools"/>,
71 <xref linkend="sysstat"/>,
72 <ulink url="http://www.opensc.org/">OpenSC</ulink> and
73 <ulink url="http://sourceforge.net/projects/libedit/">libedit</ulink></para>
74
75 </sect2>
76
77 <sect2 role="installation">
78 <title>Installation of OpenSSH</title>
79
80 <para><application>OpenSSH</application> runs as two processes when
81 connecting to other computers. The first process is a privileged process
82 and controls the issuance of privileges as necessary. The second process
83 communicates with the network. Additional installation steps are necessary
84 to set up the proper environment, which are performed by the following
85 commands:</para>
86
87<screen role="root"><userinput>install -v -d -m700 /var/lib/sshd &amp;&amp;
88chown root:sys /var/lib/sshd &amp;&amp;
89groupadd -g 50 sshd &amp;&amp;
90useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd \
91 -s /bin/false -u 50 sshd</userinput></screen>
92
93 <para><application>OpenSSH</application> is very sensitive to changes in
94 the linked <application>OpenSSL</application> libraries. If you recompile
95 <application>OpenSSL</application>, <application>OpenSSH</application> may
96 fail to startup. An alternative is to link against the static
97 <application>OpenSSL</application> library. To link against the static
98 library, execute the following command:</para>
99
100<screen><userinput>sed -i "s:-lcrypto:/usr/lib/libcrypto.a:g" configure</userinput></screen>
101
102 <para>Install <application>OpenSSH</application> by running
103 the following commands:</para>
104
105<screen><userinput>./configure --prefix=/usr --sysconfdir=/etc/ssh \
106 --libexecdir=/usr/sbin --with-md5-passwords \
107 --with-privsep-path=/var/lib/sshd</userinput></screen>
108
109 <para>If you use <application>Heimdal</application> as your Kerberos5
110 implementation and you linked the <application>Heimdal</application>
111 libraries into the build using the <option>--with-kerberos5</option>
112 parameter, you'll need to modify the <filename>Makefile</filename> or
113 the build will fail. Use the following command:</para>
114
115<screen><userinput>sed -i -e "s/lkrb5 -ldes/lkrb5/" Makefile</userinput></screen>
116
117 <para>Continue the build:</para>
118
119<screen><userinput>make</userinput></screen>
120
121 <para>If you linked <application>tcp_wrappers</application> into the
122 build using the <option>--with-tcp-wrappers</option> parameter, ensure
123 you add 127.0.0.1 to the sshd line in <filename>/etc/hosts.allow</filename>
124 if you have a restrictive <filename>/etc/hosts.deny</filename> file, or the
125 testsuite will fail. To run the testsuite, issue: <command>make -k
126 tests</command>.</para>
127
128 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
129
130<screen role="root"><userinput>make install</userinput></screen>
131
132 </sect2>
133
134 <sect2 role="commands">
135 <title>Command Explanations</title>
136
137 <para><parameter>--sysconfdir=/etc/ssh</parameter>: This prevents
138 the configuration files from being installed in
139 <filename class="directory">/usr/etc</filename>.</para>
140
141 <para><parameter>--with-md5-passwords</parameter>: This is required
142 if you made the changes recommended by the shadowpasswd_plus
143 LFS hint on your SSH server when you installed the Shadow Password
144 Suite or if you access a SSH server that authenticates by
145 user passwords encrypted with md5.</para>
146
147 <para><parameter>--libexecdir=/usr/sbin</parameter>: This parameter
148 changes the installation path of some programs to
149 <filename class="directory">/usr/sbin</filename> instead of
150 <filename class="directory">/usr/libexec</filename>.</para>
151
152 </sect2>
153
154 <sect2 role="configuration">
155 <title>Configuring OpenSSH</title>
156
157 <sect3 id="openssh-config">
158 <title>Config Files</title>
159
160 <para><filename>~/.ssh/*</filename>,
161 <filename>/etc/ssh/ssh_config</filename>, and
162 <filename>/etc/ssh/sshd_config</filename></para>
163
164 <indexterm zone="openssh openssh-config">
165 <primary sortas="e-AA.ssh">~/.ssh/*</primary>
166 </indexterm>
167
168 <indexterm zone="openssh openssh-config">
169 <primary sortas="e-etc-ssh-ssh_config">/etc/ssh/ssh_config</primary>
170 </indexterm>
171
172 <indexterm zone="openssh openssh-config">
173 <primary sortas="e-etc-ssh-sshd_config">/etc/ssh/sshd_config</primary>
174 </indexterm>
175
176 <para>There are no required changes to any of these files. However,
177 you may wish to view the <filename class='directory'>/etc/ssh/</filename>
178 files and make any changes appropriate for the security of your system.
179 One recommended change is that you disable
180 <systemitem class='username'>root</systemitem> login via
181 <command>ssh</command>. Execute the following command as the
182 <systemitem class='username'>root</systemitem> user to disable
183 <systemitem class='username'>root</systemitem> login via
184 <command>ssh</command>:</para>
185
186<screen role="root"><userinput>echo "PermitRootLogin no" >> /etc/ssh/sshd_config</userinput></screen>
187
188 <para>Additional configuration information can be found in the man
189 pages for <command>sshd</command>, <command>ssh</command> and
190 <command>ssh-agent</command>.</para>
191
192 </sect3>
193
194 <sect3 id="openssh-init">
195 <title>Boot Script</title>
196
197 <para>To start the SSH server at system boot, install the
198 <filename>/etc/rc.d/init.d/sshd</filename> init script included
199 in the <xref linkend="intro-important-bootscripts"/> package.</para>
200
201 <indexterm zone="openssh openssh-init">
202 <primary sortas="f-sshd">sshd</primary>
203 </indexterm>
204
205<screen role="root"><userinput>make install-sshd</userinput></screen>
206
207 </sect3>
208
209 </sect2>
210
211 <sect2 role="content">
212 <title>Contents</title>
213
214 <segmentedlist>
215 <segtitle>Installed Programs</segtitle>
216 <segtitle>Installed Libraries</segtitle>
217 <segtitle>Installed Directories</segtitle>
218
219 <seglistitem>
220 <seg>scp, sftp, sftp-server, slogin, ssh, sshd, ssh-add, ssh-agent,
221 ssh-keygen, ssh-keyscan, and ssh-keysign</seg>
222 <seg>None</seg>
223 <seg>/etc/ssh and /var/lib/sshd</seg>
224 </seglistitem>
225 </segmentedlist>
226
227 <variablelist>
228 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
229 <?dbfo list-presentation="list"?>
230 <?dbhtml list-presentation="table"?>
231
232 <varlistentry id="scp">
233 <term><command>scp</command></term>
234 <listitem>
235 <para>is a file copy program that acts like <command>rcp</command>
236 except it uses an encrypted protocol.</para>
237 <indexterm zone="openssh scp">
238 <primary sortas="b-scp">scp</primary>
239 </indexterm>
240 </listitem>
241 </varlistentry>
242
243 <varlistentry id="sftp">
244 <term><command>sftp</command></term>
245 <listitem>
246 <para>is an FTP-like program that works over
247 SSH1 and SSH2 protocols.</para>
248 <indexterm zone="openssh sftp">
249 <primary sortas="b-sftp">sftp</primary>
250 </indexterm>
251 </listitem>
252 </varlistentry>
253
254 <varlistentry id="sftp-server">
255 <term><command>sftp-server</command></term>
256 <listitem>
257 <para>is an SFTP server subsystem.</para>
258 <indexterm zone="openssh sftp-server">
259 <primary sortas="b-sftp-server">sftp-server</primary>
260 </indexterm>
261 </listitem>
262 </varlistentry>
263
264 <varlistentry id="slogin">
265 <term><command>slogin</command></term>
266 <listitem>
267 <para>is a symlink to <command>ssh</command>.</para>
268 <indexterm zone="openssh slogin">
269 <primary sortas="g-slogin">slogin</primary>
270 </indexterm>
271 </listitem>
272 </varlistentry>
273
274 <varlistentry id="ssh">
275 <term><command>ssh</command></term>
276 <listitem>
277 <para>is an <command>rlogin</command>/<command>rsh</command>-like
278 client program except it uses an encrypted protocol.</para>
279 <indexterm zone="openssh ssh">
280 <primary sortas="b-ssh">ssh</primary>
281 </indexterm>
282 </listitem>
283 </varlistentry>
284
285 <varlistentry id="sshd">
286 <term><command>sshd</command></term>
287 <listitem>
288 <para>is a daemon that listens for <command>ssh</command> login
289 requests.</para>
290 <indexterm zone="openssh sshd">
291 <primary sortas="b-sshd">sshd</primary>
292 </indexterm>
293 </listitem>
294 </varlistentry>
295
296 <varlistentry id="ssh-add">
297 <term><command>ssh-add</command></term>
298 <listitem>
299 <para>is a tool which adds keys to the
300 <command>ssh-agent</command>.</para>
301 <indexterm zone="openssh ssh-add">
302 <primary sortas="b-ssh-add">ssh-add</primary>
303 </indexterm>
304 </listitem>
305 </varlistentry>
306
307 <varlistentry id="ssh-agent">
308 <term><command>ssh-agent</command></term>
309 <listitem>
310 <para>is an authentication agent that can store private keys.</para>
311 <indexterm zone="openssh ssh-agent">
312 <primary sortas="b-ssh-agent">ssh-agent</primary>
313 </indexterm>
314 </listitem>
315 </varlistentry>
316
317 <varlistentry id="ssh-keygen">
318 <term><command>ssh-keygen</command></term>
319 <listitem>
320 <para>is a key generation tool.</para>
321 <indexterm zone="openssh ssh-keygen">
322 <primary sortas="b-ssh-keygen">ssh-keygen</primary>
323 </indexterm>
324 </listitem>
325 </varlistentry>
326
327 <varlistentry id="ssh-keyscan">
328 <term><command>ssh-keyscan</command></term>
329 <listitem>
330 <para>is a utility for gathering public host keys from a
331 number of hosts.</para>
332 <indexterm zone="openssh ssh-keyscan">
333 <primary sortas="b-ssh-keyscan">ssh-keyscan</primary>
334 </indexterm>
335 </listitem>
336 </varlistentry>
337
338 <varlistentry id="ssh-keysign">
339 <term><command>ssh-keysign</command></term>
340 <listitem>
341 <para>is used by <command>ssh</command> to access the local host
342 keys and generate the digital signature required during hostbased
343 authentication with SSH protocol version 2.</para>
344 <indexterm zone="openssh ssh-keysign">
345 <primary sortas="b-ssh-keysign">ssh-keysign</primary>
346 </indexterm>
347 </listitem>
348 </varlistentry>
349
350 </variablelist>
351
352 </sect2>
353
354</sect1>
Note: See TracBrowser for help on using the repository browser.