Changeset 1b83a7c1


Ignore:
Timestamp:
04/05/2005 02:55:43 AM (16 years ago)
Author:
Randy McMurchy <randy@…>
Branches:
10.0, 10.1, 11.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, krejzi/svn, nosym, perl-modules, qt5new, systemd-11177, systemd-13485, trunk, xry111/git-date, xry111/git-date-for-trunk, xry111/git-date-test
Children:
cc7ffff
Parents:
7a9d769
Message:

Updated to OpenSSH-4.0p1

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@3672 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:
3 edited

Legend:

Unmodified
Added
Removed
  • general.ent

    r7a9d769 r1b83a7c1  
    210210<!-- Chapter 18 -->               
    211211<!ENTITY ncftp-version                "3.1.7">
    212 <!ENTITY openssh-version              "3.9p1">
     212<!ENTITY openssh-version              "4.0p1">
    213213<!ENTITY rsync-version                "2.6.3">
    214214<!ENTITY cvs-version                  "1.11.18"> 
  • introduction/welcome/changelog.xml

    r7a9d769 r1b83a7c1  
    2424
    2525<listitem><para>April 4th, 2005 [randy]: Updated to OpenLDAP-2.2.24,
    26 Stunnel-4.09 and GTK-Doc-1.3; added a command to the cURL instructions to
    27 fix a broken test script.</para></listitem>
     26Stunnel-4.09, GTK-Doc-1.3 and OpenSSH-4.0p1; added a command to the cURL
     27instructions to fix a broken test script.</para></listitem>
    2828
    2929<listitem><para>April 4th, 2005 [igor]: Updated to OpenSSL-0.9.7f
  • server/other/openssh.xml

    r7a9d769 r1b83a7c1  
    77<!ENTITY openssh-download-http "http://sunsite.ualberta.ca/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
    88<!ENTITY openssh-download-ftp "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
    9 <!ENTITY openssh-md5sum "8e1774d0b52aff08f817f3987442a16e">
    10 <!ENTITY openssh-size "854 KB">
    11 <!ENTITY openssh-buildsize "13.3 MB">
    12 <!ENTITY openssh-time "0.40 SBU">
     9<!ENTITY openssh-md5sum "7b36f28fc16e1b7f4ba3c1dca191ac92">
     10<!ENTITY openssh-size "889 KB">
     11<!ENTITY openssh-buildsize "14.5 MB">
     12<!ENTITY openssh-time "0.42 SBU">
    1313]>
    1414
     
    2020<?dbhtml filename="openssh.html"?>
    2121<title>Open<acronym>SSH</acronym>-&openssh-version;</title>
     22<indexterm zone="openssh">
     23<primary sortas="a-OpenSSH">OpenSSH</primary></indexterm>
    2224
    2325<sect2>
     
    5658<xref linkend="mitkrb"/> or <xref linkend="heimdal"/>,
    5759<xref linkend="j2sdk"/>,
    58 <xref linkend="net-tools"/> and
    59 <ulink url="http://www.opensc.org/">OpenSC</ulink></para>
     60<xref linkend="net-tools"/>,
     61<ulink url="http://www.opensc.org/">OpenSC</ulink> and
     62<ulink url="http://sourceforge.net/projects/libedit/">libedit</ulink></para>
    6063</sect4>
    6164</sect3>
     
    7477by the following commands:</para>
    7578
    76 <screen><userinput><command>mkdir /var/empty &amp;&amp;
    77 chown root:sys /var/empty &amp;&amp;
     79<screen><userinput><command>install -v -d -m700 /var/lib/sshd &amp;&amp;
     80chown root:sys /var/lib/sshd &amp;&amp;
    7881groupadd sshd &amp;&amp;
    79 useradd -c 'sshd privsep' -d /var/empty -g sshd -s /bin/false sshd</command></userinput></screen>
     82useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false sshd</command></userinput></screen>
    8083
    8184<para><application>OpenSSH</application> is very sensitive to changes in the
     
    9295
    9396<screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc/ssh \
    94     --libexecdir=/usr/sbin --with-md5-passwords &amp;&amp;
    95 make &amp;&amp;
    96 make install</command></userinput></screen>
     97    --libexecdir=/usr/sbin --with-md5-passwords \
     98    --with-privsep-path=/var/lib/sshd</command></userinput></screen>
     99
     100<para>If you use <application>Heimdal</application> as your Kerberos5
     101implementation and you linked the <application>Heimdal</application> libraries
     102into the build using the <option>--with-kerberos5</option> parameter, you'll
     103need to modify the <filename>Makefile</filename> or the build will fail. Use
     104the following command:</para>
     105
     106<screen><userinput><command>sed -i -e "s/lkrb5 -ldes/lkrb5/" Makefile</command></userinput></screen>
     107
     108<para>Continue the build:</para>
     109
     110<screen><userinput><command>make</command></userinput></screen>
     111
     112<para>If you linked <application>tcp_wrappers</application> into the build
     113using the <option>--with-tcp-wrappers</option> parameter, ensure you add
     114127.0.0.1 to the sshd line in <filename>/etc/hosts.allow</filename> if you
     115have a restrictive <filename>/etc/hosts.deny</filename> file, or the testsuite
     116will fail. To run the testsuite, issue: <command>make -k
     117tests</command>.</para>
     118
     119<para>Now, as the root user:</para>
     120
     121<screen><userinput role='root'><command>make install</command></userinput></screen>
    97122
    98123</sect2>
     
    102127
    103128<para><parameter>--sysconfdir=/etc/ssh</parameter>: This prevents the
    104 configuration files from going to
     129configuration files from being installed in
    105130<filename class="directory">/usr/etc</filename>.</para>
    106131
     
    112137user passwords encrypted with md5. </para>
    113138
    114 <para><parameter>--libexecdir=/usr/sbin</parameter>:
    115 <application>Open<acronym>SSH</acronym></application> installs programs called
    116 by programs in <filename class="directory">/usr/libexec</filename>.
    117 <command>sftp-server</command> is a <command>sshd</command>
    118 utility and <command>ssh-askpass</command> is a <command>ssh-add</command>
    119 utility that is installed as a link to <command>X11-ssh-askpass</command>.
    120 Both of these should go in <filename class="directory">/usr/sbin</filename>
    121 not <filename class="directory">/usr/libexec</filename>.</para>
     139<para><parameter>--libexecdir=/usr/sbin</parameter>: This parameter
     140changes the installation path of some programs to
     141<filename class="directory">/usr/sbin</filename> instead of
     142<filename class="directory">/usr/libexec</filename>.</para>
    122143
    123144</sect2>
     
    126147<title>Configuring <application>Open<acronym>SSH</acronym></application></title>
    127148
    128 <sect3><title>Config files</title>
    129 
    130 <para><filename>/etc/ssh/ssh_config</filename> and
    131 <filename>/etc/ssh/sshd_config </filename></para>
    132 
    133 <para>There are no required changes to either of these files. However, 
    134 you may wish to view them to make changes for appropriate security to
    135 your system. One recomended change is that you disable root login via
    136 ssh. Execute the following command to disable root login via ssh:</para>
     149<sect3 id="openssh-config"><title>Config files</title>
     150
     151<para><filename>~/.ssh/*, /etc/ssh/ssh_config</filename> and
     152<filename>/etc/ssh/sshd_config</filename></para>
     153<indexterm zone="openssh openssh-config">
     154<primary sortas="e-AA.ssh">~/.ssh/*</primary></indexterm>
     155<indexterm zone="openssh openssh-config">
     156<primary sortas="e-etc-ssh-ssh_config">/etc/ssh/ssh_config</primary>
     157</indexterm>
     158<indexterm zone="openssh openssh-config">
     159<primary sortas="e-etc-ssh-sshd_config">/etc/ssh/sshd_config</primary>
     160</indexterm>
     161
     162<para>There are no required changes to any of these files. However, 
     163you may wish to view the <filename class='directory'>/etc/ssh/</filename> to
     164make changes for appropriate security of your system. One recomended change
     165is that you disable root login via <command>ssh</command>. Execute the
     166following command to disable root login via <command>ssh</command>:</para>
    137167
    138168<screen><userinput><command>echo "PermitRootLogin no" >> /etc/ssh/sshd_config</command></userinput></screen>
     
    140170<para>Additional configuration information can be found in the man pages for
    141171<command>sshd</command>, <command>ssh</command> and
    142 <command>ssh-agent</command></para>
     172<command>ssh-agent</command>.</para>
    143173</sect3>
    144174
    145 <sect3><title>sshd init.d script</title>
     175<sect3 id="openssh-init"><title>sshd init.d script</title>
    146176
    147177<para>To start the <acronym>SSH</acronym> server at system boot, install the
    148178<filename>/etc/rc.d/init.d/sshd</filename> init script included in the
    149179<xref linkend="intro-important-bootscripts"/> package.</para>
     180<indexterm zone="openssh openssh-init">
     181<primary sortas="f-sshd">sshd</primary></indexterm>
    150182
    151183<screen><userinput><command>make install-sshd</command></userinput></screen>
     
    157189<title>Contents</title>
    158190
    159 <para>The <application>Open<acronym>SSH</acronym></application> package
    160 contains <command>ssh</command>, <command>sshd</command>,
    161 <command>ssh-agent</command>, <command>ssh-add</command>,
    162 <command>sftp</command>, <command>scp</command>,
    163 <command>ssh-keygen</command>, <command>sftp-server</command> and
    164 <command>ssh-keyscan</command>.</para>
    165 
    166 </sect2>
    167 
    168 <sect2><title>Description</title>
    169 
    170 <sect3><title>ssh</title>
    171 <para>The basic <command>rlogin</command>/<command>rsh</command>-like
    172 client program.</para></sect3>
    173 
    174 <sect3><title>sshd</title>
    175 <para>The daemon that listens for <command>ssh</command> login
    176 requests.</para></sect3>
    177 
    178 <sect3><title>ssh-agent</title>
    179 <para>An authentication agent that can store private keys.</para></sect3>
    180 
    181 <sect3><title>ssh-add</title>
    182 <para>Tool which adds keys to the <command>ssh-agent</command>.</para></sect3>
    183 
    184 <sect3><title>sftp</title>
    185 <para><acronym>FTP</acronym>-like program that works over
    186 <acronym>SSH</acronym>1 and <acronym>SSH</acronym>2 protocols.</para></sect3>
    187 
    188 <sect3><title>scp</title>
    189 <para>File copy program that acts like <command>rcp</command>.</para></sect3>
    190 
    191 <sect3><title>ssh-keygen</title>
    192 <para>Key generation tool.</para></sect3>
    193 
    194 <sect3><title>sftp-server</title>
    195 <para><acronym>SFTP</acronym> server subsystem.</para></sect3>
    196 
    197 <sect3><title>ssh-keyscan</title>
    198 <para>Utility for gathering public host keys from a number of
    199 hosts.</para></sect3>
     191<segmentedlist>
     192<segtitle>Installed Programs</segtitle>
     193<segtitle>Installed Libraries</segtitle>
     194<segtitle>Installed Directories</segtitle>
     195
     196<seglistitem>
     197<seg>scp, sftp, sftp-server, slogin, ssh, sshd, ssh-add, ssh-agent,
     198ssh-keygen, ssh-keyscan and ssh-keysign</seg>
     199<seg>None</seg>
     200<seg>/etc/ssh and /var/lib/sshd</seg>
     201</seglistitem>
     202</segmentedlist>
     203
     204<variablelist>
     205<bridgehead renderas="sect3">Short Descriptions</bridgehead>
     206<?dbfo list-presentation="list"?>
     207
     208<varlistentry id="scp">
     209<term><command>scp</command></term>
     210<listitem><para>is a file copy program that acts like <command>rcp</command>
     211except it uses an encrypted protocol.</para>
     212<indexterm zone="openssh scp">
     213<primary sortas="b-scp">scp</primary>
     214</indexterm></listitem>
     215</varlistentry>
     216
     217<varlistentry id="sftp">
     218<term><command>sftp</command></term>
     219<listitem><para>is an <acronym>FTP</acronym>-like program that works over
     220<acronym>SSH</acronym>1 and <acronym>SSH</acronym>2 protocols.</para>
     221<indexterm zone="openssh sftp">
     222<primary sortas="b-sftp">sftp</primary>
     223</indexterm></listitem>
     224</varlistentry>
     225
     226<varlistentry id="sftp-server">
     227<term><command>sftp-server</command></term>
     228<listitem><para>is an <acronym>SFTP</acronym> server subsystem.</para>
     229<indexterm zone="openssh sftp-server">
     230<primary sortas="b-sftp-server">sftp-server</primary>
     231</indexterm></listitem>
     232</varlistentry>
     233
     234<varlistentry id="slogin">
     235<term><command>slogin</command></term>
     236<listitem><para>is a symlink to <command>ssh</command>.</para>
     237<indexterm zone="openssh slogin">
     238<primary sortas="g-slogin">slogin</primary>
     239</indexterm></listitem>
     240</varlistentry>
     241
     242<varlistentry id="ssh">
     243<term><command>ssh</command></term>
     244<listitem><para>is an <command>rlogin</command>/<command>rsh</command>-like
     245client program except it uses an encrypted protocol.</para>
     246<indexterm zone="openssh ssh">
     247<primary sortas="b-ssh">ssh</primary>
     248</indexterm></listitem>
     249</varlistentry>
     250
     251<varlistentry id="sshd">
     252<term><command>sshd</command></term>
     253<listitem><para>is a daemon that listens for <command>ssh</command> login
     254requests.</para>
     255<indexterm zone="openssh sshd">
     256<primary sortas="b-sshd">sshd</primary>
     257</indexterm></listitem>
     258</varlistentry>
     259
     260<varlistentry id="ssh-add">
     261<term><command>ssh-add</command></term>
     262<listitem><para>is a tool which adds keys to the
     263<command>ssh-agent</command>.</para>
     264<indexterm zone="openssh ssh-add">
     265<primary sortas="b-ssh-add">ssh-add</primary>
     266</indexterm></listitem>
     267</varlistentry>
     268
     269<varlistentry id="ssh-agent">
     270<term><command>ssh-agent</command></term>
     271<listitem><para>is an authentication agent that can store private keys.</para>
     272<indexterm zone="openssh ssh-agent">
     273<primary sortas="b-ssh-agent">ssh-agent</primary>
     274</indexterm></listitem>
     275</varlistentry>
     276
     277<varlistentry id="ssh-keygen">
     278<term><command>ssh-keygen</command></term>
     279<listitem><para>is a key generation tool.</para>
     280<indexterm zone="openssh ssh-keygen">
     281<primary sortas="b-ssh-keygen">ssh-keygen</primary>
     282</indexterm></listitem>
     283</varlistentry>
     284
     285<varlistentry id="ssh-keyscan">
     286<term><command>ssh-keyscan</command></term>
     287<listitem><para>is a utility for gathering public host keys from a number of
     288hosts.</para>
     289<indexterm zone="openssh ssh-keyscan">
     290<primary sortas="b-ssh-keyscan">ssh-keyscan</primary>
     291</indexterm></listitem>
     292</varlistentry>
     293
     294<varlistentry id="ssh-keysign">
     295<term><command>ssh-keysign</command></term>
     296<listitem><para>is used by <command>ssh</command> to access the local host
     297keys and generate the digital signature required during hostbased
     298authentication with <acronym>SSH</acronym> protocol version 2.</para>
     299<indexterm zone="openssh ssh-keysign">
     300<primary sortas="b-ssh-keysign">ssh-keysign</primary>
     301</indexterm></listitem>
     302</varlistentry>
     303</variablelist>
    200304
    201305</sect2>
Note: See TracChangeset for help on using the changeset viewer.