From: Markus Waldorf (waldorfm@rferl.org)
Date: Tue Jan 07 2003 - 10:10:19 EST
Thanks to everyone who replied! I would say the installation of OpenSSH is
really not as trivial as I thought, and the installation instructions
provided with the product distribution should be checked.
Installed OpenSSL 0.9.7
Installed Zlib
The source code compiled and installed without problems, using the defaults.
openssl gets installed in /usr/local/ssl and zlib in /usr/local/
Tru64 Enhanced Security (shadow passwords):
If this is enabled, then Privilege Separation does not work. Some say it
works with basic security, some say it does not work at all under Tru64.
Well, I'm not going to disable shadow passwords and compromise general
system security just for ssh.
So, prior to compiling openssh 3.5p1 under Tru64 it is necessary to disable
Privilege Separation, at least when using enhanced system security.
Edit sshd_config in the source dir and add a line:
#UsePrivilegeSeparation yes
UsePrivilegeSeparation no
So I'm ending up with the following:
(priv separate is disabled in sshd_conf file)
./configure \
--with-cppflags=-I/usr/local/include \
--with-ipv4-default \
--disable-suid-ssh \
--with-ldflags='-s' \
make clean
make
make install
I not able yet to configure/compile it with tcp_wrapper support. The system
is using tcp-wrapper 7.6 (alpha rpm distribution). I've received on
interesting reply about this:
"It's better to start sshd as a standalone daemon. If you do run it
from inetd you need to give it the -i option."
"If you're running it from inetd you don't need to build in libwrap
support since tcpd takes care of that. Compiling with tcp-wrappers
is only necessary for the standalone daemon."
With the above qualifiers openssh 3.5p1 compliled and installed without any
errors under 5.1 pk5.
For some reason however I always receive error:
ssh_exchange_identification: Connection closed by remote host
when sshd daemon is started from inetd, with or without tcp_wrapper.
If I start sshd daemon manually it seems to work ok. I'm going to search for
a startup script that I can put in /sbin/init.
Thanks and best regards,
Markus Waldorf
Radio Free Europe/Radio Liberty, Inc.
Prague, Czech Repbulic
Below some more details.
Problems and solutions:
While trying to setup OpenSSH 3.5p1 I ran into the following problems:
./configure
make
Cannot find file "zlib.h"
To correct this problem it seems necessary to do
./configure --with-cppflags=-I/usr/local/include
ok.
./configure --with-tcp-wrapper
The configuration report however shows "TCP Wrappers support: no"
./configure --with-tcp-wrappers=/usr/local/etc/tcpd
checking for libwrap... configure: error: *** libwrap missing
To correct this problem it seems necessary to do
./configure --with-ldflags=-l/usr/local/lib
configure: error: *** zlib missing
I've tried all suggestions including other parameters and using compile
flags, but none of them worked sucessfully.
vi /etc/inetd.conf
ssh stream tcp nowait root /usr/local/etc/tcpd
/usr/local/sbin/sshd -i -f /usr/local/etc/sshd_config
--> receiving
ssh_exchange_identification: Connection closed by remote host
ssh stream tcp nowait root
/usr/local/sbin/sshd -i -f /usr/local/etc/sshd_config sshd
--> receiving
ssh_exchange_identification: Connection closed by remote host
removed ssh from inetd.conf started it manually with
/usr/local/sbin/sshd -f /usr/local/etc/sshd_config
bingo!
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:03 EDT