Context Navigation

-              r08254fc
+              r0931098
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+   "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
+  <!ENTITY % general-entities SYSTEM "../../general.ent">
+  %general-entities;
+<!ENTITY openssh-download-http "http://sunsite.ualberta.ca/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
+<!ENTITY openssh-download-ftp "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
+<!ENTITY openssh-size "799 KB">
+<!ENTITY openssh-buildsize "37 MB">
+<!ENTITY openssh-time "0.49 SBU">
+]>
 <sect1 id="openssh" xreflabel="OpenSSH-&openssh-version;">
 <?dbhtml filename="openssh.html"?>
 <title>Open<acronym>SSH</acronym>-&openssh-version;</title>
+&openssh-intro;
+&openssh-inst;
+&openssh-exp;
+&openssh-config;
+&openssh-desc;
+<sect2>
+<title>Introduction to <application>Open<acronym>SSH</acronym></application></title>
+<para>The <application>Open<acronym>SSH</acronym></application> package
+contains <command>ssh</command> clients and the <command>sshd</command> daemon.
+This is useful for encrypting authentication and subsequent traffic over a network.</para>
+<sect3><title>Package information</title>
+<itemizedlist spacing='compact'>
+<listitem><para>Download (HTTP): <ulink url="&openssh-download-http;"/></para></listitem>
+<listitem><para>Download (FTP): <ulink url="&openssh-download-ftp;"/></para></listitem>
+<listitem><para>Download size: &openssh-size;</para></listitem>
+<listitem><para>Estimated Disk space required: &openssh-buildsize;</para></listitem>
+<listitem><para>Estimated build time: &openssh-time;</para></listitem></itemizedlist>
+</sect3>
+<sect3><title><application>Open<acronym>SSH</acronym></application> dependencies</title>
+<sect4><title>Required</title>
+<para><xref linkend="openssl"/></para></sect4>
+<sect4><title>Optional</title>
+<para>
+<xref linkend="Linux_PAM"/>,
+<xref linkend="tcpwrappers"/>,
+X (<xref linkend="xfree86"/> or <xref linkend="xorg"/>),
+<xref linkend="mitkrb"/> or <xref linkend="heimdal"/>, and
+<ulink url="http://www.opensc.org/">OpenSC</ulink>
+</para></sect4>
+</sect3>
+</sect2>
+<sect2>
+<title>Installation of <application>Open<acronym>SSH</acronym></application></title>
+<para><application>Open<acronym>SSH</acronym></application> runs as two
+processes when connecting to other
+computers. The first process is a privileged process and controls the
+issuance of privileges as necessary. The second process communicates
+with the network. Additional installation steps are necessary to set up
+the proper environment which are performed by the following
+commands:</para>
+<screen><userinput><command>mkdir /var/empty &amp;&amp;
+chown root:sys /var/empty &amp;&amp;
+groupadd sshd &amp;&amp;
+useradd -c 'sshd privsep' -d /var/empty -g sshd -s /bin/false sshd</command></userinput></screen>
+<para><application>OpenSSH</application> is very sensitive to changes in the
+linked <application>OpenSSL</application> libraries. If you recompile
+<application>OpenSSL</application>, <application>OpenSSH</application> may
+fail to startup. An alternative is to link against the static <application>OpenSSL</application>
+library. To link against the static library, execute the following command:</para>
+<screen><userinput><command>sed -i "s:-lcrypto:/usr/lib/libcrypto.a:g" configure</command></userinput></screen>
+<para>Install <application>Open<acronym>SSH</acronym></application> by running
+the following commands:</para>
+<screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc/ssh \
+    --libexecdir=/usr/sbin --with-md5-passwords &amp;&amp;
+make &amp;&amp;
+make install</command></userinput></screen>
+</sect2>
+<sect2>
+<title>Command explanations</title>
+<para><parameter>--sysconfdir=/etc/ssh</parameter>: This prevents the
+configuration files from going to <filename class="directory">/usr/etc</filename>.</para>
+<para><parameter>--with-md5-passwords</parameter>: This is required
+if you made the changes recommended by the shadowpasswd_plus
+<acronym>LFS</acronym> hint on
+your <acronym>SSH</acronym> server when you installed the Shadow Password
+Suite or if you access a <acronym>SSH</acronym> server that authenticates by
+user passwords encrypted with md5. </para>
+<para><parameter>--libexecdir=/usr/sbin</parameter>:
+<application>Open<acronym>SSH</acronym></application> installs
+programs called by programs in <filename class="directory">/usr/libexec</filename>.
+<command>sftp-server</command> is a <command>sshd</command>
+utility and <command>ssh-askpass</command> is a <command>ssh-add</command>
+utility that is installed as a link to <command>X11-ssh-askpass</command>.
+Both of these should go in <filename class="directory">/usr/sbin</filename>
+not <filename class="directory">/usr/libexec</filename>.</para>
+</sect2>
+<sect2>
+<title>Configuring <application>Open<acronym>SSH</acronym></application></title>
+<sect3><title>Config files</title>
+<para><filename>/etc/ssh/ssh_config</filename>,
+<filename>/etc/ssh/sshd_config </filename></para>
+<para>There are no required changes in either of these files.  However
+you may wish to view them to make changes for appropriate security to
+your system. Configuration information can be found in the man pages for
+<command>sshd</command>, <command>ssh</command> and <command>ssh-agent
+</command></para>
+</sect3>
+<sect3><title>sshd init.d script</title>
+<para>To start the SSH Server at boot, install the <filename>/etc/rc.d/init.d/sshd</filename>
+init script included in the <xref linkend="intro-important-bootscripts"/> package.</para>
+<screen><userinput><command>make install-sshd</command></userinput></screen>
+</sect3>
+</sect2>
+<sect2>
+<title>Contents</title>
+<para>The <application>Open<acronym>SSH</acronym></application> package contains <command>ssh</command>,
+<command>sshd</command>, <command>ssh-agent</command>,
+<command>ssh-add</command>, <command>sftp</command>,
+<command>scp</command>, <command>ssh-keygen</command>,
+<command>sftp-server</command> and
+<command>ssh-keyscan</command>.</para>
+</sect2>
+<sect2><title>Description</title>
+<sect3><title>ssh</title>
+<para>The basic rlogin/rsh-like client program.</para></sect3>
+<sect3><title>sshd</title>
+<para>The daemon that listens for ssh login requests.</para></sect3>
+<sect3><title>ssh-agent</title>
+<para>An authentication agent that can store private keys.</para></sect3>
+<sect3><title>ssh-add</title>
+<para>Tool which adds keys to the <command>ssh-agent</command>.</para></sect3>
+<sect3><title>sftp</title>
+<para><acronym>FTP</acronym>-like program that works over
+<acronym>SSH</acronym>1 and <acronym>SSH</acronym>2 protocols.</para></sect3>
+<sect3><title>scp</title>
+<para>File copy program that acts like rcp.</para></sect3>
+<sect3><title>ssh-keygen</title>
+<para>Key generation tool.</para></sect3>
+<sect3><title>sftp-server</title>
+<para><acronym>SFTP</acronym> server subsystem.</para></sect3>
+<sect3><title>ssh-keyscan</title>
+<para>Utility for gathering public host keys from a number of hosts.</para></sect3>
+</sect2>
 </sect1>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 0931098 for server/other/openssh.xml

Legend:

server/other/openssh.xml

Download in other formats: