source: server/other/openssh.xml@ 5cd0959d

10.0 10.1 11.0 11.1 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/test-20220226
Last change on this file since 5cd0959d was 5cd0959d, checked in by Archaic <archaic@…>, 18 years ago

Resetting keywords

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2592 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 7.0 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7<!ENTITY openssh-download-http "http://sunsite.ualberta.ca/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
8<!ENTITY openssh-download-ftp "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
9<!ENTITY openssh-size "799 KB">
10<!ENTITY openssh-buildsize "37 MB">
11<!ENTITY openssh-time "0.49 SBU">
12
13]>
14
15<sect1 id="openssh" xreflabel="OpenSSH-&openssh-version;">
16<sect1info>
17<othername>$LastChangedBy$</othername>
18<date>$Date$</date>
19</sect1info>
20<?dbhtml filename="openssh.html"?>
21<title>Open<acronym>SSH</acronym>-&openssh-version;</title>
22
23<sect2>
24<title>Introduction to <application>Open<acronym>SSH</acronym></application></title>
25
26<para>The <application>Open<acronym>SSH</acronym></application> package
27contains <command>ssh</command> clients and the <command>sshd</command> daemon.
28This is useful for encrypting authentication and subsequent traffic over a network.</para>
29
30<sect3><title>Package information</title>
31<itemizedlist spacing='compact'>
32<listitem><para>Download (HTTP): <ulink url="&openssh-download-http;"/></para></listitem>
33<listitem><para>Download (FTP): <ulink url="&openssh-download-ftp;"/></para></listitem>
34<listitem><para>Download size: &openssh-size;</para></listitem>
35<listitem><para>Estimated Disk space required: &openssh-buildsize;</para></listitem>
36<listitem><para>Estimated build time: &openssh-time;</para></listitem></itemizedlist>
37</sect3>
38
39<sect3><title><application>Open<acronym>SSH</acronym></application> dependencies</title>
40<sect4><title>Required</title>
41<para><xref linkend="openssl"/></para></sect4>
42<sect4><title>Optional</title>
43<para>
44<xref linkend="Linux_PAM"/>,
45<xref linkend="tcpwrappers"/>,
46X (<xref linkend="xfree86"/> or <xref linkend="xorg"/>),
47<xref linkend="mitkrb"/> or <xref linkend="heimdal"/>, and
48<ulink url="http://www.opensc.org/">OpenSC</ulink>
49</para></sect4>
50</sect3>
51
52</sect2>
53
54<sect2>
55<title>Installation of <application>Open<acronym>SSH</acronym></application></title>
56
57<para><application>Open<acronym>SSH</acronym></application> runs as two
58processes when connecting to other
59computers. The first process is a privileged process and controls the
60issuance of privileges as necessary. The second process communicates
61with the network. Additional installation steps are necessary to set up
62the proper environment which are performed by the following
63commands:</para>
64
65<screen><userinput><command>mkdir /var/empty &amp;&amp;
66chown root:sys /var/empty &amp;&amp;
67groupadd sshd &amp;&amp;
68useradd -c 'sshd privsep' -d /var/empty -g sshd -s /bin/false sshd</command></userinput></screen>
69
70<para><application>OpenSSH</application> is very sensitive to changes in the
71linked <application>OpenSSL</application> libraries. If you recompile
72<application>OpenSSL</application>, <application>OpenSSH</application> may
73fail to startup. An alternative is to link against the static <application>OpenSSL</application>
74library. To link against the static library, execute the following command:</para>
75
76<screen><userinput><command>sed -i "s:-lcrypto:/usr/lib/libcrypto.a:g" configure</command></userinput></screen>
77
78<para>Install <application>Open<acronym>SSH</acronym></application> by running
79the following commands:</para>
80
81<screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc/ssh \
82 --libexecdir=/usr/sbin --with-md5-passwords &amp;&amp;
83make &amp;&amp;
84make install</command></userinput></screen>
85
86</sect2>
87
88<sect2>
89<title>Command explanations</title>
90
91<para><parameter>--sysconfdir=/etc/ssh</parameter>: This prevents the
92configuration files from going to <filename class="directory">/usr/etc</filename>.</para>
93
94<para><parameter>--with-md5-passwords</parameter>: This is required
95if you made the changes recommended by the shadowpasswd_plus
96<acronym>LFS</acronym> hint on
97your <acronym>SSH</acronym> server when you installed the Shadow Password
98Suite or if you access a <acronym>SSH</acronym> server that authenticates by
99user passwords encrypted with md5. </para>
100
101<para><parameter>--libexecdir=/usr/sbin</parameter>:
102<application>Open<acronym>SSH</acronym></application> installs
103programs called by programs in <filename class="directory">/usr/libexec</filename>.
104<command>sftp-server</command> is a <command>sshd</command>
105utility and <command>ssh-askpass</command> is a <command>ssh-add</command>
106utility that is installed as a link to <command>X11-ssh-askpass</command>.
107Both of these should go in <filename class="directory">/usr/sbin</filename>
108not <filename class="directory">/usr/libexec</filename>.</para>
109
110</sect2>
111
112<sect2>
113<title>Configuring <application>Open<acronym>SSH</acronym></application></title>
114
115<sect3><title>Config files</title>
116
117<para><filename>/etc/ssh/ssh_config</filename>,
118<filename>/etc/ssh/sshd_config </filename></para>
119<para>There are no required changes in either of these files. However
120you may wish to view them to make changes for appropriate security to
121your system. Configuration information can be found in the man pages for
122<command>sshd</command>, <command>ssh</command> and <command>ssh-agent
123</command></para>
124</sect3>
125
126<sect3><title>sshd init.d script</title>
127
128<para>To start the SSH Server at boot, install the <filename>/etc/rc.d/init.d/sshd</filename>
129init script included in the <xref linkend="intro-important-bootscripts"/> package.</para>
130
131<screen><userinput><command>make install-sshd</command></userinput></screen>
132
133</sect3>
134
135</sect2>
136
137<sect2>
138<title>Contents</title>
139
140<para>The <application>Open<acronym>SSH</acronym></application> package contains <command>ssh</command>,
141<command>sshd</command>, <command>ssh-agent</command>,
142<command>ssh-add</command>, <command>sftp</command>,
143<command>scp</command>, <command>ssh-keygen</command>,
144<command>sftp-server</command> and
145<command>ssh-keyscan</command>.</para>
146
147</sect2>
148
149<sect2><title>Description</title>
150
151<sect3><title>ssh</title>
152<para>The basic rlogin/rsh-like client program.</para></sect3>
153
154<sect3><title>sshd</title>
155<para>The daemon that listens for ssh login requests.</para></sect3>
156
157<sect3><title>ssh-agent</title>
158<para>An authentication agent that can store private keys.</para></sect3>
159
160<sect3><title>ssh-add</title>
161<para>Tool which adds keys to the <command>ssh-agent</command>.</para></sect3>
162
163<sect3><title>sftp</title>
164<para><acronym>FTP</acronym>-like program that works over
165<acronym>SSH</acronym>1 and <acronym>SSH</acronym>2 protocols.</para></sect3>
166
167<sect3><title>scp</title>
168<para>File copy program that acts like rcp.</para></sect3>
169
170<sect3><title>ssh-keygen</title>
171<para>Key generation tool.</para></sect3>
172
173<sect3><title>sftp-server</title>
174<para><acronym>SFTP</acronym> server subsystem.</para></sect3>
175
176<sect3><title>ssh-keyscan</title>
177<para>Utility for gathering public host keys from a number of hosts.</para></sect3>
178
179</sect2>
180
181</sect1>
182
Note: See TracBrowser for help on using the repository browser.