Changeset 1b83a7c1 for server/other/openssh.xml
- Timestamp:
- 04/05/2005 02:55:43 AM (19 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- cc7ffff
- Parents:
- 7a9d769
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
server/other/openssh.xml
r7a9d769 r1b83a7c1 7 7 <!ENTITY openssh-download-http "http://sunsite.ualberta.ca/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz"> 8 8 <!ENTITY openssh-download-ftp "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz"> 9 <!ENTITY openssh-md5sum " 8e1774d0b52aff08f817f3987442a16e">10 <!ENTITY openssh-size "8 54KB">11 <!ENTITY openssh-buildsize "1 3.3MB">12 <!ENTITY openssh-time "0.4 0SBU">9 <!ENTITY openssh-md5sum "7b36f28fc16e1b7f4ba3c1dca191ac92"> 10 <!ENTITY openssh-size "889 KB"> 11 <!ENTITY openssh-buildsize "14.5 MB"> 12 <!ENTITY openssh-time "0.42 SBU"> 13 13 ]> 14 14 … … 20 20 <?dbhtml filename="openssh.html"?> 21 21 <title>Open<acronym>SSH</acronym>-&openssh-version;</title> 22 <indexterm zone="openssh"> 23 <primary sortas="a-OpenSSH">OpenSSH</primary></indexterm> 22 24 23 25 <sect2> … … 56 58 <xref linkend="mitkrb"/> or <xref linkend="heimdal"/>, 57 59 <xref linkend="j2sdk"/>, 58 <xref linkend="net-tools"/> and 59 <ulink url="http://www.opensc.org/">OpenSC</ulink></para> 60 <xref linkend="net-tools"/>, 61 <ulink url="http://www.opensc.org/">OpenSC</ulink> and 62 <ulink url="http://sourceforge.net/projects/libedit/">libedit</ulink></para> 60 63 </sect4> 61 64 </sect3> … … 74 77 by the following commands:</para> 75 78 76 <screen><userinput><command> mkdir /var/empty&&77 chown root:sys /var/ empty&&79 <screen><userinput><command>install -v -d -m700 /var/lib/sshd && 80 chown root:sys /var/lib/sshd && 78 81 groupadd sshd && 79 useradd -c 'sshd privsep' -d /var/empty-g sshd -s /bin/false sshd</command></userinput></screen>82 useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false sshd</command></userinput></screen> 80 83 81 84 <para><application>OpenSSH</application> is very sensitive to changes in the … … 92 95 93 96 <screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc/ssh \ 94 --libexecdir=/usr/sbin --with-md5-passwords && 95 make && 96 make install</command></userinput></screen> 97 --libexecdir=/usr/sbin --with-md5-passwords \ 98 --with-privsep-path=/var/lib/sshd</command></userinput></screen> 99 100 <para>If you use <application>Heimdal</application> as your Kerberos5 101 implementation and you linked the <application>Heimdal</application> libraries 102 into the build using the <option>--with-kerberos5</option> parameter, you'll 103 need to modify the <filename>Makefile</filename> or the build will fail. Use 104 the following command:</para> 105 106 <screen><userinput><command>sed -i -e "s/lkrb5 -ldes/lkrb5/" Makefile</command></userinput></screen> 107 108 <para>Continue the build:</para> 109 110 <screen><userinput><command>make</command></userinput></screen> 111 112 <para>If you linked <application>tcp_wrappers</application> into the build 113 using the <option>--with-tcp-wrappers</option> parameter, ensure you add 114 127.0.0.1 to the sshd line in <filename>/etc/hosts.allow</filename> if you 115 have a restrictive <filename>/etc/hosts.deny</filename> file, or the testsuite 116 will fail. To run the testsuite, issue: <command>make -k 117 tests</command>.</para> 118 119 <para>Now, as the root user:</para> 120 121 <screen><userinput role='root'><command>make install</command></userinput></screen> 97 122 98 123 </sect2> … … 102 127 103 128 <para><parameter>--sysconfdir=/etc/ssh</parameter>: This prevents the 104 configuration files from going to129 configuration files from being installed in 105 130 <filename class="directory">/usr/etc</filename>.</para> 106 131 … … 112 137 user passwords encrypted with md5. </para> 113 138 114 <para><parameter>--libexecdir=/usr/sbin</parameter>: 115 <application>Open<acronym>SSH</acronym></application> installs programs called 116 by programs in <filename class="directory">/usr/libexec</filename>. 117 <command>sftp-server</command> is a <command>sshd</command> 118 utility and <command>ssh-askpass</command> is a <command>ssh-add</command> 119 utility that is installed as a link to <command>X11-ssh-askpass</command>. 120 Both of these should go in <filename class="directory">/usr/sbin</filename> 121 not <filename class="directory">/usr/libexec</filename>.</para> 139 <para><parameter>--libexecdir=/usr/sbin</parameter>: This parameter 140 changes the installation path of some programs to 141 <filename class="directory">/usr/sbin</filename> instead of 142 <filename class="directory">/usr/libexec</filename>.</para> 122 143 123 144 </sect2> … … 126 147 <title>Configuring <application>Open<acronym>SSH</acronym></application></title> 127 148 128 <sect3><title>Config files</title> 129 130 <para><filename>/etc/ssh/ssh_config</filename> and 131 <filename>/etc/ssh/sshd_config </filename></para> 132 133 <para>There are no required changes to either of these files. However, 134 you may wish to view them to make changes for appropriate security to 135 your system. One recomended change is that you disable root login via 136 ssh. Execute the following command to disable root login via ssh:</para> 149 <sect3 id="openssh-config"><title>Config files</title> 150 151 <para><filename>~/.ssh/*, /etc/ssh/ssh_config</filename> and 152 <filename>/etc/ssh/sshd_config</filename></para> 153 <indexterm zone="openssh openssh-config"> 154 <primary sortas="e-AA.ssh">~/.ssh/*</primary></indexterm> 155 <indexterm zone="openssh openssh-config"> 156 <primary sortas="e-etc-ssh-ssh_config">/etc/ssh/ssh_config</primary> 157 </indexterm> 158 <indexterm zone="openssh openssh-config"> 159 <primary sortas="e-etc-ssh-sshd_config">/etc/ssh/sshd_config</primary> 160 </indexterm> 161 162 <para>There are no required changes to any of these files. However, 163 you may wish to view the <filename class='directory'>/etc/ssh/</filename> to 164 make changes for appropriate security of your system. One recomended change 165 is that you disable root login via <command>ssh</command>. Execute the 166 following command to disable root login via <command>ssh</command>:</para> 137 167 138 168 <screen><userinput><command>echo "PermitRootLogin no" >> /etc/ssh/sshd_config</command></userinput></screen> … … 140 170 <para>Additional configuration information can be found in the man pages for 141 171 <command>sshd</command>, <command>ssh</command> and 142 <command>ssh-agent</command> </para>172 <command>ssh-agent</command>.</para> 143 173 </sect3> 144 174 145 <sect3 ><title>sshd init.d script</title>175 <sect3 id="openssh-init"><title>sshd init.d script</title> 146 176 147 177 <para>To start the <acronym>SSH</acronym> server at system boot, install the 148 178 <filename>/etc/rc.d/init.d/sshd</filename> init script included in the 149 179 <xref linkend="intro-important-bootscripts"/> package.</para> 180 <indexterm zone="openssh openssh-init"> 181 <primary sortas="f-sshd">sshd</primary></indexterm> 150 182 151 183 <screen><userinput><command>make install-sshd</command></userinput></screen> … … 157 189 <title>Contents</title> 158 190 159 <para>The <application>Open<acronym>SSH</acronym></application> package 160 contains <command>ssh</command>, <command>sshd</command>, 161 <command>ssh-agent</command>, <command>ssh-add</command>, 162 <command>sftp</command>, <command>scp</command>, 163 <command>ssh-keygen</command>, <command>sftp-server</command> and 164 <command>ssh-keyscan</command>.</para> 165 166 </sect2> 167 168 <sect2><title>Description</title> 169 170 <sect3><title>ssh</title> 171 <para>The basic <command>rlogin</command>/<command>rsh</command>-like 172 client program.</para></sect3> 173 174 <sect3><title>sshd</title> 175 <para>The daemon that listens for <command>ssh</command> login 176 requests.</para></sect3> 177 178 <sect3><title>ssh-agent</title> 179 <para>An authentication agent that can store private keys.</para></sect3> 180 181 <sect3><title>ssh-add</title> 182 <para>Tool which adds keys to the <command>ssh-agent</command>.</para></sect3> 183 184 <sect3><title>sftp</title> 185 <para><acronym>FTP</acronym>-like program that works over 186 <acronym>SSH</acronym>1 and <acronym>SSH</acronym>2 protocols.</para></sect3> 187 188 <sect3><title>scp</title> 189 <para>File copy program that acts like <command>rcp</command>.</para></sect3> 190 191 <sect3><title>ssh-keygen</title> 192 <para>Key generation tool.</para></sect3> 193 194 <sect3><title>sftp-server</title> 195 <para><acronym>SFTP</acronym> server subsystem.</para></sect3> 196 197 <sect3><title>ssh-keyscan</title> 198 <para>Utility for gathering public host keys from a number of 199 hosts.</para></sect3> 191 <segmentedlist> 192 <segtitle>Installed Programs</segtitle> 193 <segtitle>Installed Libraries</segtitle> 194 <segtitle>Installed Directories</segtitle> 195 196 <seglistitem> 197 <seg>scp, sftp, sftp-server, slogin, ssh, sshd, ssh-add, ssh-agent, 198 ssh-keygen, ssh-keyscan and ssh-keysign</seg> 199 <seg>None</seg> 200 <seg>/etc/ssh and /var/lib/sshd</seg> 201 </seglistitem> 202 </segmentedlist> 203 204 <variablelist> 205 <bridgehead renderas="sect3">Short Descriptions</bridgehead> 206 <?dbfo list-presentation="list"?> 207 208 <varlistentry id="scp"> 209 <term><command>scp</command></term> 210 <listitem><para>is a file copy program that acts like <command>rcp</command> 211 except it uses an encrypted protocol.</para> 212 <indexterm zone="openssh scp"> 213 <primary sortas="b-scp">scp</primary> 214 </indexterm></listitem> 215 </varlistentry> 216 217 <varlistentry id="sftp"> 218 <term><command>sftp</command></term> 219 <listitem><para>is an <acronym>FTP</acronym>-like program that works over 220 <acronym>SSH</acronym>1 and <acronym>SSH</acronym>2 protocols.</para> 221 <indexterm zone="openssh sftp"> 222 <primary sortas="b-sftp">sftp</primary> 223 </indexterm></listitem> 224 </varlistentry> 225 226 <varlistentry id="sftp-server"> 227 <term><command>sftp-server</command></term> 228 <listitem><para>is an <acronym>SFTP</acronym> server subsystem.</para> 229 <indexterm zone="openssh sftp-server"> 230 <primary sortas="b-sftp-server">sftp-server</primary> 231 </indexterm></listitem> 232 </varlistentry> 233 234 <varlistentry id="slogin"> 235 <term><command>slogin</command></term> 236 <listitem><para>is a symlink to <command>ssh</command>.</para> 237 <indexterm zone="openssh slogin"> 238 <primary sortas="g-slogin">slogin</primary> 239 </indexterm></listitem> 240 </varlistentry> 241 242 <varlistentry id="ssh"> 243 <term><command>ssh</command></term> 244 <listitem><para>is an <command>rlogin</command>/<command>rsh</command>-like 245 client program except it uses an encrypted protocol.</para> 246 <indexterm zone="openssh ssh"> 247 <primary sortas="b-ssh">ssh</primary> 248 </indexterm></listitem> 249 </varlistentry> 250 251 <varlistentry id="sshd"> 252 <term><command>sshd</command></term> 253 <listitem><para>is a daemon that listens for <command>ssh</command> login 254 requests.</para> 255 <indexterm zone="openssh sshd"> 256 <primary sortas="b-sshd">sshd</primary> 257 </indexterm></listitem> 258 </varlistentry> 259 260 <varlistentry id="ssh-add"> 261 <term><command>ssh-add</command></term> 262 <listitem><para>is a tool which adds keys to the 263 <command>ssh-agent</command>.</para> 264 <indexterm zone="openssh ssh-add"> 265 <primary sortas="b-ssh-add">ssh-add</primary> 266 </indexterm></listitem> 267 </varlistentry> 268 269 <varlistentry id="ssh-agent"> 270 <term><command>ssh-agent</command></term> 271 <listitem><para>is an authentication agent that can store private keys.</para> 272 <indexterm zone="openssh ssh-agent"> 273 <primary sortas="b-ssh-agent">ssh-agent</primary> 274 </indexterm></listitem> 275 </varlistentry> 276 277 <varlistentry id="ssh-keygen"> 278 <term><command>ssh-keygen</command></term> 279 <listitem><para>is a key generation tool.</para> 280 <indexterm zone="openssh ssh-keygen"> 281 <primary sortas="b-ssh-keygen">ssh-keygen</primary> 282 </indexterm></listitem> 283 </varlistentry> 284 285 <varlistentry id="ssh-keyscan"> 286 <term><command>ssh-keyscan</command></term> 287 <listitem><para>is a utility for gathering public host keys from a number of 288 hosts.</para> 289 <indexterm zone="openssh ssh-keyscan"> 290 <primary sortas="b-ssh-keyscan">ssh-keyscan</primary> 291 </indexterm></listitem> 292 </varlistentry> 293 294 <varlistentry id="ssh-keysign"> 295 <term><command>ssh-keysign</command></term> 296 <listitem><para>is used by <command>ssh</command> to access the local host 297 keys and generate the digital signature required during hostbased 298 authentication with <acronym>SSH</acronym> protocol version 2.</para> 299 <indexterm zone="openssh ssh-keysign"> 300 <primary sortas="b-ssh-keysign">ssh-keysign</primary> 301 </indexterm></listitem> 302 </varlistentry> 303 </variablelist> 200 304 201 305 </sect2>
Note:
See TracChangeset
for help on using the changeset viewer.