[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] [RaQ3][HOW-TO]Install OpenSSH 2.5.1 from source
- Subject: [cobalt-security] [RaQ3][HOW-TO]Install OpenSSH 2.5.1 from source
- From: "Cobalt" <cobalt@xxxxxxxxxx>
- Date: Wed, 14 Mar 2001 05:22:22 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
ALL AS 'root' (su -)
##### Change dir an get tar.gz files
cd /usr/local
wget http://www.openssl.org/source/openssl-0.9.6.tar.gz
wget
ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-2.5.1p2.tar.gz
##### Install at first OpenSSL
tar -xvf openssl-0.9.6.tar.gz
cd openssl-0.9.6
./config
make
make test
make install
##### Install OpenSSH
cd /usr/local
tar -xvzf openssh-2.5.1p2.tar.gz
cd openssh-2.5.1p2
./configure --sysconfdir=/etc --with-pam
##### When end, we can read
OpenSSH configured has been configured with the following options.
User binaries: /usr/local/bin
System binaries: /usr/local/sbin
Configuration files: /etc
Askpass program: /usr/local/libexec/ssh-askpass
Manual pages: /usr/local/man/manX
PID file: /var/run
Random number collection: Device (/dev/urandom)
Manpage format: man
PAM support: yes
KerberosIV support: no
AFS support: no
S/KEY support: no
TCP Wrappers support: no
MD5 password support: no
IP address in $DISPLAY hack: no
Use IPv4 by default hack: no
Translate v4 in v6 hack: yes
Host: i586-pc-linux-gnu
Compiler: gcc
Compiler flags: -g -O2 -Wall
Preprocessor flags: -I/usr/local/ssl/include
Linker flags: -L/usr/local/ssl/lib
Libraries: -lpam -ldl -lz -lnsl -lutil -lcrypto
PAM is enabled. You may need to install a PAM control file for sshd,
otherwise password authentication may fail. Example PAM control files
can be found in the contrib/ subdirectory
##### After configure
make
make install
##### We get (No real keys and doms)
Generating public/private rsa1 key pair.
Your identification has been saved in /etc/ssh_host_key.
Your public key has been saved in /etc/ssh_host_key.pub.
The key fingerprint is:
cd:44:11:ab:dc:77:88:98:ff:88:55:31:78:10:60:10 root@xxxxxxxxxxxxxx
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh_host_dsa_key.pub.
The key fingerprint is:
cd:44:11:ab:dc:77:88:98:ff:88:55:31:78:10:60:10 root@xxxxxxxxxxxxxx
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh_host_rsa_key.pub.
The key fingerprint is:
cd:44:11:ab:dc:77:88:98:ff:88:55:31:78:10:60:10 root@xxxxxxxxxxxxxx
##### Copy the PAM control file from redhat 'contrib' dir to 'etc'
##### Failure to install a valid PAM file may result in an inability to
##### use password authentication. If file exist make first a backup
cd /etc/pam.d
ls ssh*
##### If file exist
cp sshd sshd.ori
##### Then copy the redhat 'contrib'
cp /usr/local/openssh-2.5.1p2/contrib/redhat/sshd.pam sshd
##### Copy the start script file from redhat 'contrib' dir to 'etc'
##### If file exist make first a backup
cd /etc/rc.d/init.d
ls ssh*
##### If file exist
cp sshd sshd.ori
##### Then copy the redhat 'contrib'
cp /usr/local/openssh-2.5.1p2/contrib/redhat/sshd.init sshd
##### This script need litle edition
vi /etc/rc.d/init.d/sshd
##### Where say...
KEYGEN=/usr/bin/ssh-keygen
RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key
##### Change for...
KEYGEN=/usr/local/bin/ssh-keygen
RSA1_KEY=/etc/ssh_host_key
RSA_KEY=/etc/ssh_host_rsa_key
DSA_KEY=/etc/ssh_host_dsa_key
##### Save and Quit
:wq
##### Make the needed link
cd /etc/rc.d/rc3.d
ln -s ../init.d/sshd S75sshd
##### Go to '/etc' dir for edit the SSH conf file
cd /etc
vi /etc/sshd_config
##### Cut & Paste (This work for password login)
##### Read the manual for RSA/DSA keys login)
Port 22
ListenAddress 0.0.0.0
Protocol 2
HostKey /etc/ssh_host_key
HostKey /etc/ssh_host_dsa_key
#HostKey /etc/ssh_host_rsa_key
ServerKeyBits 1024
LoginGraceTime 120
KeyRegenerationInterval 1800
PermitRootLogin no
AllowUsers root admin
IgnoreRhosts yes
StrictModes yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd no
KeepAlive yes
SyslogFacility AUTH
LogLevel INFO
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication no
PasswordAuthentication yes
PermitEmptyPasswords no
MaxStartups 10:30:60
#Banner /etc/issue.net
Subsystem sftp /usr/local/libexec/sftp-server
##### Save and Quit
:wq
##### Make the needed link to sshd
cd /usr/sbin
ln -s /usr/local/sbin/sshd sshd
##### Test the link for start sshd
cd /etc/rc.d/rc3.d
./S75sshd start
##### We can read
Starting sshd: ok
##### Next, test the link for stop sshd
./S75sshd stop
##### We can read
Shutting down sshd: sshd ok
##### Start sshd again
./S75sshd start
##### And check status
./S75sshd status
##### We can read (pid can be different)
sshd (pid 22002) is running...
##### Test the installation
ssh -v
##### We can read
OpenSSH_2.5.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
Usage: ssh [options] host [command]
....
##### Change to 'admin'
exit
##### And test the conection
ssh -v -l admin localhost
##### We can read
OpenSSH_2.5.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug: Reading configuration data /etc/ssh_config
debug: ssh_connect: getuid 110 geteuid 0 anon 0
debug: Connecting to localhost [127.0.0.1] port 22.
debug: Seeding random number generator
....
admin@localhost's password:
##### Press Ctrl+C for quit
##### Close telnet session
exit, logout, etc...
##### And finally, start your prefered SSH client and connect to SSH(2)
##### (PuTTY, SecureCRT, ...) REMENBER TO CHANGE YOUR OLD PASSWORDS!!!
passwd user
##### Read the documentation of OpenSSH is very recommended.
Hope this help.
RB