source: server/major/openssh.xml@ e4e0d060

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since e4e0d060 was e4e0d060, checked in by Manuel Canales Esparcia <manuel@…>, 19 years ago

Tagged openssh.xml

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@4347 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 12.5 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3 "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY openssh-download-http "http://sunsite.ualberta.ca/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
8 <!ENTITY openssh-download-ftp "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
9 <!ENTITY openssh-md5sum "7b36f28fc16e1b7f4ba3c1dca191ac92">
10 <!ENTITY openssh-size "889 KB">
11 <!ENTITY openssh-buildsize "14.5 MB">
12 <!ENTITY openssh-time "0.42 SBU">
13]>
14
15<sect1 id="openssh" xreflabel="OpenSSH-&openssh-version;">
16 <?dbhtml filename="openssh.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>OpenSSH-&openssh-version;</title>
24
25 <indexterm zone="openssh">
26 <primary sortas="a-OpenSSH">OpenSSH</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to OpenSSH</title>
31
32 <para>The <application>OpenSSH</application> package contains
33 <command>ssh</command> clients and the <command>sshd</command> daemon.
34 This is useful for encrypting authentication and subsequent traffic
35 over a network.</para>
36
37 <bridgehead renderas="sect3">Package Information</bridgehead>
38 <itemizedlist spacing="compact">
39 <listitem>
40 <para>Download (HTTP): <ulink url="&openssh-download-http;"/></para>
41 </listitem>
42 <listitem>
43 <para>Download (FTP): <ulink url="&openssh-download-ftp;"/></para>
44 </listitem>
45 <listitem>
46 <para>Download MD5 sum: &openssh-md5sum;</para>
47 </listitem>
48 <listitem>
49 <para>Download size: &openssh-size;</para>
50 </listitem>
51 <listitem>
52 <para>Estimated disk space required: &openssh-buildsize;</para>
53 </listitem>
54 <listitem>
55 <para>Estimated build time: &openssh-time;</para>
56 </listitem>
57 </itemizedlist>
58
59 <bridgehead renderas="sect3">OpenSSH Dependencies</bridgehead>
60
61 <bridgehead renderas="sect4">Required</bridgehead>
62 <para><xref linkend="openssl"/></para>
63
64 <bridgehead renderas="sect4">Optional</bridgehead>
65 <para><xref linkend="Linux_PAM"/>,
66 <xref linkend="tcpwrappers"/>,
67 X (<xref linkend="xfree86"/> or <xref linkend="xorg"/>),
68 <xref linkend="mitkrb"/> or <xref linkend="heimdal"/>,
69 <xref linkend="jdk"/>,
70 <xref linkend="net-tools"/>,
71 <ulink url="http://www.opensc.org/">OpenSC</ulink> and
72 <ulink url="http://sourceforge.net/projects/libedit/">libedit</ulink></para>
73
74 </sect2>
75
76 <sect2 role="installation">
77 <title>Installation of OpenSSH</title>
78
79 <para><application>OpenSSH</application> runs as two processes when
80 connecting to other computers. The first process is a privileged process
81 and controls the issuance of privileges as necessary. The second process
82 communicates with the network. Additional installation steps are necessary
83 to set up the proper environment, which are performed by the following
84 commands:</para>
85
86<screen role="root"><userinput>install -v -d -m700 /var/lib/sshd &amp;&amp;
87chown root:sys /var/lib/sshd &amp;&amp;
88groupadd sshd &amp;&amp;
89useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false sshd</userinput></screen>
90
91 <para><application>OpenSSH</application> is very sensitive to changes in
92 the linked <application>OpenSSL</application> libraries. If you recompile
93 <application>OpenSSL</application>, <application>OpenSSH</application> may
94 fail to startup. An alternative is to link against the static
95 <application>OpenSSL</application> library. To link against the static
96 library, execute the following command:</para>
97
98<screen><userinput>sed -i "s:-lcrypto:/usr/lib/libcrypto.a:g" configure</userinput></screen>
99
100 <para>Install <application>OpenSSH</application> by running
101 the following commands:</para>
102
103<screen><userinput>./configure --prefix=/usr --sysconfdir=/etc/ssh \
104 --libexecdir=/usr/sbin --with-md5-passwords \
105 --with-privsep-path=/var/lib/sshd</userinput></screen>
106
107 <para>If you use <application>Heimdal</application> as your Kerberos5
108 implementation and you linked the <application>Heimdal</application>
109 libraries into the build using the <option>--with-kerberos5</option>
110 parameter, you'll need to modify the <filename>Makefile</filename> or
111 the build will fail. Use the following command:</para>
112
113<screen><userinput>sed -i -e "s/lkrb5 -ldes/lkrb5/" Makefile</userinput></screen>
114
115 <para>Continue the build:</para>
116
117<screen><userinput>make</userinput></screen>
118
119 <para>If you linked <application>tcp_wrappers</application> into the
120 build using the <option>--with-tcp-wrappers</option> parameter, ensure
121 you add 127.0.0.1 to the sshd line in <filename>/etc/hosts.allow</filename>
122 if you have a restrictive <filename>/etc/hosts.deny</filename> file, or the
123 testsuite will fail. To run the testsuite, issue: <command>make -k
124 tests</command>.</para>
125
126 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
127
128<screen role="root"><userinput>make install</userinput></screen>
129
130 </sect2>
131
132 <sect2 role="commands">
133 <title>Command Explanations</title>
134
135 <para><parameter>--sysconfdir=/etc/ssh</parameter>: This prevents
136 the configuration files from being installed in
137 <filename class="directory">/usr/etc</filename>.</para>
138
139 <para><parameter>--with-md5-passwords</parameter>: This is required
140 if you made the changes recommended by the shadowpasswd_plus
141 LFS hint on your SSH server when you installed the Shadow Password
142 Suite or if you access a SSH server that authenticates by
143 user passwords encrypted with md5.</para>
144
145 <para><parameter>--libexecdir=/usr/sbin</parameter>: This parameter
146 changes the installation path of some programs to
147 <filename class="directory">/usr/sbin</filename> instead of
148 <filename class="directory">/usr/libexec</filename>.</para>
149
150 </sect2>
151
152 <sect2 role="configuration">
153 <title>Configuring OpenSSH</title>
154
155 <sect3 id="openssh-config">
156 <title>Config Files</title>
157
158 <para><filename>~/.ssh/*</filename>,
159 <filename>/etc/ssh/ssh_config</filename>, and
160 <filename>/etc/ssh/sshd_config</filename></para>
161
162 <indexterm zone="openssh openssh-config">
163 <primary sortas="e-AA.ssh">~/.ssh/*</primary>
164 </indexterm>
165
166 <indexterm zone="openssh openssh-config">
167 <primary sortas="e-etc-ssh-ssh_config">/etc/ssh/ssh_config</primary>
168 </indexterm>
169
170 <indexterm zone="openssh openssh-config">
171 <primary sortas="e-etc-ssh-sshd_config">/etc/ssh/sshd_config</primary>
172 </indexterm>
173
174 <para>There are no required changes to any of these files. However,
175 you may wish to view the <filename class='directory'>/etc/ssh/</filename>
176 files and make any changes appropriate for the security of your system. One
177 recomended change is that you disable root login via <command>ssh</command>.
178 Execute the following command to disable root login via
179 <command>ssh</command>:</para>
180
181<screen role="root"><userinput>echo "PermitRootLogin no" >> /etc/ssh/sshd_config</userinput></screen>
182
183 <para>Additional configuration information can be found in the man
184 pages for <command>sshd</command>, <command>ssh</command> and
185 <command>ssh-agent</command>.</para>
186
187 </sect3>
188
189 <sect3 id="openssh-init">
190 <title>Boot Script</title>
191
192 <para>To start the SSH server at system boot, install the
193 <filename>/etc/rc.d/init.d/sshd</filename> init script included
194 in the <xref linkend="intro-important-bootscripts"/> package.</para>
195
196 <indexterm zone="openssh openssh-init">
197 <primary sortas="f-sshd">sshd</primary>
198 </indexterm>
199
200<screen role="root"><userinput>make install-sshd</userinput></screen>
201
202 </sect3>
203
204 </sect2>
205
206 <sect2 role="content">
207 <title>Contents</title>
208
209 <segmentedlist>
210 <segtitle>Installed Programs</segtitle>
211 <segtitle>Installed Libraries</segtitle>
212 <segtitle>Installed Directories</segtitle>
213
214 <seglistitem>
215 <seg>scp, sftp, sftp-server, slogin, ssh, sshd, ssh-add, ssh-agent,
216 ssh-keygen, ssh-keyscan, and ssh-keysign</seg>
217 <seg>None</seg>
218 <seg>/etc/ssh and /var/lib/sshd</seg>
219 </seglistitem>
220 </segmentedlist>
221
222 <variablelist>
223 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
224 <?dbfo list-presentation="list"?>
225 <?dbhtml list-presentation="table"?>
226
227 <varlistentry id="scp">
228 <term><command>scp</command></term>
229 <listitem>
230 <para>is a file copy program that acts like <command>rcp</command>
231 except it uses an encrypted protocol.</para>
232 <indexterm zone="openssh scp">
233 <primary sortas="b-scp">scp</primary>
234 </indexterm>
235 </listitem>
236 </varlistentry>
237
238 <varlistentry id="sftp">
239 <term><command>sftp</command></term>
240 <listitem>
241 <para>is an FTP-like program that works over
242 SSH1 and SSH2 protocols.</para>
243 <indexterm zone="openssh sftp">
244 <primary sortas="b-sftp">sftp</primary>
245 </indexterm>
246 </listitem>
247 </varlistentry>
248
249 <varlistentry id="sftp-server">
250 <term><command>sftp-server</command></term>
251 <listitem>
252 <para>is an SFTP server subsystem.</para>
253 <indexterm zone="openssh sftp-server">
254 <primary sortas="b-sftp-server">sftp-server</primary>
255 </indexterm>
256 </listitem>
257 </varlistentry>
258
259 <varlistentry id="slogin">
260 <term><command>slogin</command></term>
261 <listitem>
262 <para>is a symlink to <command>ssh</command>.</para>
263 <indexterm zone="openssh slogin">
264 <primary sortas="g-slogin">slogin</primary>
265 </indexterm>
266 </listitem>
267 </varlistentry>
268
269 <varlistentry id="ssh">
270 <term><command>ssh</command></term>
271 <listitem>
272 <para>is an <command>rlogin</command>/<command>rsh</command>-like
273 client program except it uses an encrypted protocol.</para>
274 <indexterm zone="openssh ssh">
275 <primary sortas="b-ssh">ssh</primary>
276 </indexterm>
277 </listitem>
278 </varlistentry>
279
280 <varlistentry id="sshd">
281 <term><command>sshd</command></term>
282 <listitem>
283 <para>is a daemon that listens for <command>ssh</command> login
284 requests.</para>
285 <indexterm zone="openssh sshd">
286 <primary sortas="b-sshd">sshd</primary>
287 </indexterm>
288 </listitem>
289 </varlistentry>
290
291 <varlistentry id="ssh-add">
292 <term><command>ssh-add</command></term>
293 <listitem>
294 <para>is a tool which adds keys to the
295 <command>ssh-agent</command>.</para>
296 <indexterm zone="openssh ssh-add">
297 <primary sortas="b-ssh-add">ssh-add</primary>
298 </indexterm>
299 </listitem>
300 </varlistentry>
301
302 <varlistentry id="ssh-agent">
303 <term><command>ssh-agent</command></term>
304 <listitem>
305 <para>is an authentication agent that can store private keys.</para>
306 <indexterm zone="openssh ssh-agent">
307 <primary sortas="b-ssh-agent">ssh-agent</primary>
308 </indexterm>
309 </listitem>
310 </varlistentry>
311
312 <varlistentry id="ssh-keygen">
313 <term><command>ssh-keygen</command></term>
314 <listitem>
315 <para>is a key generation tool.</para>
316 <indexterm zone="openssh ssh-keygen">
317 <primary sortas="b-ssh-keygen">ssh-keygen</primary>
318 </indexterm>
319 </listitem>
320 </varlistentry>
321
322 <varlistentry id="ssh-keyscan">
323 <term><command>ssh-keyscan</command></term>
324 <listitem>
325 <para>is a utility for gathering public host keys from a
326 number of hosts.</para>
327 <indexterm zone="openssh ssh-keyscan">
328 <primary sortas="b-ssh-keyscan">ssh-keyscan</primary>
329 </indexterm>
330 </listitem>
331 </varlistentry>
332
333 <varlistentry id="ssh-keysign">
334 <term><command>ssh-keysign</command></term>
335 <listitem>
336 <para>is used by <command>ssh</command> to access the local host
337 keys and generate the digital signature required during hostbased
338 authentication with SSH protocol version 2.</para>
339 <indexterm zone="openssh ssh-keysign">
340 <primary sortas="b-ssh-keysign">ssh-keysign</primary>
341 </indexterm>
342 </listitem>
343 </varlistentry>
344
345 </variablelist>
346
347 </sect2>
348
349</sect1>
Note: See TracBrowser for help on using the repository browser.