linux-from-scratch/glfs
1
0
Fork 0
mirror of https://github.com/Zeckmathederg/glfs.git synced 2025-01-27 09:42:12 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
266724ee97
glfs/server/other/openssh.xml
Archaic 5cd0959daa Resetting keywords 
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2592 af4574ff-66df-0310-9fd7-8a98e5e911e0
2004-08-10 04:25:57 +00:00

183 lines
7.0 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY openssh-download-http "http://sunsite.ualberta.ca/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
<!ENTITY openssh-download-ftp "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
<!ENTITY openssh-size "799 KB">
<!ENTITY openssh-buildsize "37 MB">
<!ENTITY openssh-time "0.49 SBU">
]>
<sect1 id="openssh" xreflabel="OpenSSH-&openssh-version;">
<sect1info>
<othername>$LastChangedBy$</othername>
<date>$Date$</date>
</sect1info>
<?dbhtml filename="openssh.html"?>
<title>Open<acronym>SSH</acronym>-&openssh-version;</title>
<sect2>
<title>Introduction to <application>Open<acronym>SSH</acronym></application></title>
<para>The <application>Open<acronym>SSH</acronym></application> package
contains <command>ssh</command> clients and the <command>sshd</command> daemon.
This is useful for encrypting authentication and subsequent traffic over a network.</para>
<sect3><title>Package information</title>
<itemizedlist spacing='compact'>
<listitem><para>Download (HTTP): <ulink url="&openssh-download-http;"/></para></listitem>
<listitem><para>Download (FTP): <ulink url="&openssh-download-ftp;"/></para></listitem>
<listitem><para>Download size: &openssh-size;</para></listitem>
<listitem><para>Estimated Disk space required: &openssh-buildsize;</para></listitem>
<listitem><para>Estimated build time: &openssh-time;</para></listitem></itemizedlist>
</sect3>
<sect3><title><application>Open<acronym>SSH</acronym></application> dependencies</title>
<sect4><title>Required</title>
<para><xref linkend="openssl"/></para></sect4>
<sect4><title>Optional</title>
<para>
<xref linkend="Linux_PAM"/>,
<xref linkend="tcpwrappers"/>,
X (<xref linkend="xfree86"/> or <xref linkend="xorg"/>),
<xref linkend="mitkrb"/> or <xref linkend="heimdal"/>, and
<ulink url="http://www.opensc.org/">OpenSC</ulink>
</para></sect4>
</sect3>
</sect2>
<sect2>
<title>Installation of <application>Open<acronym>SSH</acronym></application></title>
<para><application>Open<acronym>SSH</acronym></application> runs as two
processes when connecting to other
computers. The first process is a privileged process and controls the
issuance of privileges as necessary. The second process communicates
with the network. Additional installation steps are necessary to set up
the proper environment which are performed by the following
commands:</para>
<screen><userinput><command>mkdir /var/empty &amp;&amp;
chown root:sys /var/empty &amp;&amp;
groupadd sshd &amp;&amp;
useradd -c 'sshd privsep' -d /var/empty -g sshd -s /bin/false sshd</command></userinput></screen>
<para><application>OpenSSH</application> is very sensitive to changes in the
linked <application>OpenSSL</application> libraries. If you recompile
<application>OpenSSL</application>, <application>OpenSSH</application> may
fail to startup. An alternative is to link against the static <application>OpenSSL</application>
library. To link against the static library, execute the following command:</para>
<screen><userinput><command>sed -i "s:-lcrypto:/usr/lib/libcrypto.a:g" configure</command></userinput></screen>
<para>Install <application>Open<acronym>SSH</acronym></application> by running
the following commands:</para>
<screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc/ssh \
--libexecdir=/usr/sbin --with-md5-passwords &amp;&amp;
make &amp;&amp;
make install</command></userinput></screen>
</sect2>
<sect2>
<title>Command explanations</title>
<para><parameter>--sysconfdir=/etc/ssh</parameter>: This prevents the
configuration files from going to <filename class="directory">/usr/etc</filename>.</para>
<para><parameter>--with-md5-passwords</parameter>: This is required
if you made the changes recommended by the shadowpasswd_plus
<acronym>LFS</acronym> hint on
your <acronym>SSH</acronym> server when you installed the Shadow Password
Suite or if you access a <acronym>SSH</acronym> server that authenticates by
user passwords encrypted with md5. </para>
<para><parameter>--libexecdir=/usr/sbin</parameter>:
<application>Open<acronym>SSH</acronym></application> installs
programs called by programs in <filename class="directory">/usr/libexec</filename>.
<command>sftp-server</command> is a <command>sshd</command>
utility and <command>ssh-askpass</command> is a <command>ssh-add</command>
utility that is installed as a link to <command>X11-ssh-askpass</command>.
Both of these should go in <filename class="directory">/usr/sbin</filename>
not <filename class="directory">/usr/libexec</filename>.</para>
</sect2>
<sect2>
<title>Configuring <application>Open<acronym>SSH</acronym></application></title>
<sect3><title>Config files</title>
<para><filename>/etc/ssh/ssh_config</filename>,
<filename>/etc/ssh/sshd_config </filename></para>
<para>There are no required changes in either of these files. However
you may wish to view them to make changes for appropriate security to
your system. Configuration information can be found in the man pages for
<command>sshd</command>, <command>ssh</command> and <command>ssh-agent
</command></para>
</sect3>
<sect3><title>sshd init.d script</title>
<para>To start the SSH Server at boot, install the <filename>/etc/rc.d/init.d/sshd</filename>
init script included in the <xref linkend="intro-important-bootscripts"/> package.</para>
<screen><userinput><command>make install-sshd</command></userinput></screen>
</sect3>
</sect2>
<sect2>
<title>Contents</title>
<para>The <application>Open<acronym>SSH</acronym></application> package contains <command>ssh</command>,
<command>sshd</command>, <command>ssh-agent</command>,
<command>ssh-add</command>, <command>sftp</command>,
<command>scp</command>, <command>ssh-keygen</command>,
<command>sftp-server</command> and
<command>ssh-keyscan</command>.</para>
</sect2>
<sect2><title>Description</title>
<sect3><title>ssh</title>
<para>The basic rlogin/rsh-like client program.</para></sect3>
<sect3><title>sshd</title>
<para>The daemon that listens for ssh login requests.</para></sect3>
<sect3><title>ssh-agent</title>
<para>An authentication agent that can store private keys.</para></sect3>
<sect3><title>ssh-add</title>
<para>Tool which adds keys to the <command>ssh-agent</command>.</para></sect3>
<sect3><title>sftp</title>
<para><acronym>FTP</acronym>-like program that works over
<acronym>SSH</acronym>1 and <acronym>SSH</acronym>2 protocols.</para></sect3>
<sect3><title>scp</title>
<para>File copy program that acts like rcp.</para></sect3>
<sect3><title>ssh-keygen</title>
<para>Key generation tool.</para></sect3>
<sect3><title>sftp-server</title>
<para><acronym>SFTP</acronym> server subsystem.</para></sect3>
<sect3><title>ssh-keyscan</title>
<para>Utility for gathering public host keys from a number of hosts.</para></sect3>
</sect2>
</sect1>
Reference in New Issue View Git Blame Copy Permalink