source: server/other/openssh.xml@ df7d6378

10.0 10.1 11.0 11.1 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/test-20220226
Last change on this file since df7d6378 was df7d6378, checked in by Randy McMurchy <randy@…>, 18 years ago

Updated to OpenSSH-3.9p1

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2820 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 7.1 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7<!ENTITY openssh-download-http "http://sunsite.ualberta.ca/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
8<!ENTITY openssh-download-ftp "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
9<!ENTITY openssh-size "854 KB">
10<!ENTITY openssh-buildsize "13.3 MB">
11<!ENTITY openssh-time "0.40 SBU">
12]>
13
14<sect1 id="openssh" xreflabel="OpenSSH-&openssh-version;">
15<sect1info>
16<othername>$LastChangedBy$</othername>
17<date>$Date$</date>
18</sect1info>
19<?dbhtml filename="openssh.html"?>
20<title>Open<acronym>SSH</acronym>-&openssh-version;</title>
21
22<sect2>
23<title>Introduction to
24<application>Open<acronym>SSH</acronym></application></title>
25
26<para>The <application>Open<acronym>SSH</acronym></application> package
27contains <command>ssh</command> clients and the <command>sshd</command> daemon.
28This is useful for encrypting authentication and subsequent traffic over a
29network.</para>
30
31<sect3><title>Package information</title>
32<itemizedlist spacing='compact'>
33<listitem><para>Download (HTTP): <ulink url="&openssh-download-http;"/></para></listitem>
34<listitem><para>Download (FTP): <ulink url="&openssh-download-ftp;"/></para></listitem>
35<listitem><para>Download size: &openssh-size;</para></listitem>
36<listitem><para>Estimated Disk space required: &openssh-buildsize;</para></listitem>
37<listitem><para>Estimated build time: &openssh-time;</para></listitem></itemizedlist>
38</sect3>
39
40<sect3><title><application>Open<acronym>SSH</acronym></application>
41dependencies</title>
42<sect4><title>Required</title>
43<para><xref linkend="openssl"/></para>
44</sect4>
45<sect4><title>Optional</title>
46<para><xref linkend="Linux_PAM"/>,
47<xref linkend="tcpwrappers"/>,
48X (<xref linkend="xfree86"/> or <xref linkend="xorg"/>),
49<xref linkend="mitkrb"/> or <xref linkend="heimdal"/>,
50<xref linkend="j2sdk"/>,
51<xref linkend="net-tools"/> and
52<ulink url="http://www.opensc.org/">OpenSC</ulink>
53</para></sect4>
54</sect3>
55
56</sect2>
57
58<sect2>
59<title>Installation of
60<application>Open<acronym>SSH</acronym></application></title>
61
62<para><application>Open<acronym>SSH</acronym></application> runs as two
63processes when connecting to other computers. The first process is a
64privileged process and controls the issuance of privileges as necessary.
65The second process communicates with the network. Additional installation
66steps are necessary to set up the proper environment, which are performed
67by the following commands:</para>
68
69<screen><userinput><command>mkdir /var/empty &amp;&amp;
70chown root:sys /var/empty &amp;&amp;
71groupadd sshd &amp;&amp;
72useradd -c 'sshd privsep' -d /var/empty -g sshd -s /bin/false sshd</command></userinput></screen>
73
74<para><application>OpenSSH</application> is very sensitive to changes in the
75linked <application>OpenSSL</application> libraries. If you recompile
76<application>OpenSSL</application>, <application>OpenSSH</application> may
77fail to startup. An alternative is to link against the static
78<application>OpenSSL</application> library. To link against the static
79library, execute the following command:</para>
80
81<screen><userinput><command>sed -i "s:-lcrypto:/usr/lib/libcrypto.a:g" configure</command></userinput></screen>
82
83<para>Install <application>Open<acronym>SSH</acronym></application> by running
84the following commands:</para>
85
86<screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc/ssh \
87 --libexecdir=/usr/sbin --with-md5-passwords &amp;&amp;
88make &amp;&amp;
89make install</command></userinput></screen>
90
91</sect2>
92
93<sect2>
94<title>Command explanations</title>
95
96<para><parameter>--sysconfdir=/etc/ssh</parameter>: This prevents the
97configuration files from going to
98<filename class="directory">/usr/etc</filename>.</para>
99
100<para><parameter>--with-md5-passwords</parameter>: This is required
101if you made the changes recommended by the shadowpasswd_plus
102<acronym>LFS</acronym> hint on
103your <acronym>SSH</acronym> server when you installed the Shadow Password
104Suite or if you access a <acronym>SSH</acronym> server that authenticates by
105user passwords encrypted with md5. </para>
106
107<para><parameter>--libexecdir=/usr/sbin</parameter>:
108<application>Open<acronym>SSH</acronym></application> installs programs called
109by programs in <filename class="directory">/usr/libexec</filename>.
110<command>sftp-server</command> is a <command>sshd</command>
111utility and <command>ssh-askpass</command> is a <command>ssh-add</command>
112utility that is installed as a link to <command>X11-ssh-askpass</command>.
113Both of these should go in <filename class="directory">/usr/sbin</filename>
114not <filename class="directory">/usr/libexec</filename>.</para>
115
116</sect2>
117
118<sect2>
119<title>Configuring <application>Open<acronym>SSH</acronym></application></title>
120
121<sect3><title>Config files</title>
122
123<para><filename>/etc/ssh/ssh_config</filename> and
124<filename>/etc/ssh/sshd_config </filename></para>
125
126<para>There are no required changes to either of these files. However,
127you may wish to view them to make changes for appropriate security to
128your system. Configuration information can be found in the man pages for
129<command>sshd</command>, <command>ssh</command> and
130<command>ssh-agent</command></para>
131</sect3>
132
133<sect3><title>sshd init.d script</title>
134
135<para>To start the <acronym>SSH</acronym> server at system boot, install the
136<filename>/etc/rc.d/init.d/sshd</filename> init script included in the
137<xref linkend="intro-important-bootscripts"/> package.</para>
138
139<screen><userinput><command>make install-sshd</command></userinput></screen>
140
141</sect3>
142
143</sect2>
144
145<sect2>
146<title>Contents</title>
147
148<para>The <application>Open<acronym>SSH</acronym></application> package
149contains <command>ssh</command>, <command>sshd</command>,
150<command>ssh-agent</command>, <command>ssh-add</command>,
151<command>sftp</command>, <command>scp</command>,
152<command>ssh-keygen</command>, <command>sftp-server</command> and
153<command>ssh-keyscan</command>.</para>
154
155</sect2>
156
157<sect2><title>Description</title>
158
159<sect3><title>ssh</title>
160<para>The basic <command>rlogin</command>/<command>rsh</command>-like
161client program.</para></sect3>
162
163<sect3><title>sshd</title>
164<para>The daemon that listens for <command>ssh</command> login
165requests.</para></sect3>
166
167<sect3><title>ssh-agent</title>
168<para>An authentication agent that can store private keys.</para></sect3>
169
170<sect3><title>ssh-add</title>
171<para>Tool which adds keys to the <command>ssh-agent</command>.</para></sect3>
172
173<sect3><title>sftp</title>
174<para><acronym>FTP</acronym>-like program that works over
175<acronym>SSH</acronym>1 and <acronym>SSH</acronym>2 protocols.</para></sect3>
176
177<sect3><title>scp</title>
178<para>File copy program that acts like <command>rcp</command>.</para></sect3>
179
180<sect3><title>ssh-keygen</title>
181<para>Key generation tool.</para></sect3>
182
183<sect3><title>sftp-server</title>
184<para><acronym>SFTP</acronym> server subsystem.</para></sect3>
185
186<sect3><title>ssh-keyscan</title>
187<para>Utility for gathering public host keys from a number of
188hosts.</para></sect3>
189
190</sect2>
191
192</sect1>
193
Note: See TracBrowser for help on using the repository browser.