In our configuration we have configured OpenSSH to support tcp-wrappers; the inetd super server, to improve the security of this already secure program and to avoid always running its daemon in the background of the server. This
way, the program will run only when client connections arrive and will redirect them through the TCP-WRAPPERS daemon for authentication and authorization before allowing the connection in the server.
OpenSSH is a free replacement and improvement of SSH1 with all patent-encumbered algorithms removed to external libraries, all known security bugs fixed, new features reintroduced and many other clean-ups. It
is recommended that you use OpenSSH free and security bug fixed instead of SSH1 free, buggy, and old or SSH2 that was originally free but now under a commercial
license. For peoples that use SSH2 from Datafellows Company, we'll provide in this book both versions, beginning with OpenSSH, since it is the new SSH program which everyone, we suggest, must move to in the future.
These installation instructions assume:
Commands are Unix-compatible.
The source path is /var/tmp -other paths are possible.
Installations were tested on Red Hat Linux 6.1 and 6.2.
All steps in the installation will happen in super-user account root.
OpenSSH version number is 1.2.3
These are the Packages you can download from OpenSSH Homepage:https://www.openssh.com and be sure to download: openssh-1.2.3.tar.gz as of this writing
There are some Prerequisites you need to take care of before installing OpenSSH since it requires that the zlib-devel package, which contains the header files and libraries needed to
develop programs that use the zlib compression and decompression library, be already installed on your system. If this is not the case, you must install it from your Red Hat Linux 6.1
or 6.2 CD-ROM.
To verify that the zlib-devel package is installed on your Linux system, use the following command:
[root@deep] /#rpm -qi zlib-devel
|
package zlib-devel is not installed
To install the zlib-devel package on your Linux system, use the following command:
[root@deep] /#mount /dev/cdrom /mnt/cdrom/
[root@deep] /#cd /mnt/cdrom/RedHat/RPMS/
[root@deep ]/RPMS#rpm -Uvh zlib-devel-version.i386.rpm
|
gd ##################################################
[root@deep ]/RPMS#rpm -Uvh gd-devel-version.i386.rpm
|
zlib-devel ##################################################
[root@deep ]/RPMS# cd /; umount /mnt/cdrom/
|
:
OpenSSL, which enables support for SSL functionality, must already be installed on your system to be able to use the OpenSSH software.For more information on OpenSSL server, see its related chapter in this book. Even if you don't
need to use OpenSSL software to create or hold encrypted key files, it's important to note that OpenSSH program require its libraries files to be able to work properly on your system.
you need to decompress and unpack the Tarballs but it is a good idea to make a list of files on the system before you install OpenSSH, and one afterwards, and then compare them using diff to find out what files it placed where. Simply
run find/* > OpenSSH1 before and find/* > OpenSSH2 after you install the software, and use diff OpenSSH1 OpenSSH2 > OpenSSH-Installed
to get a list of what changed.
To Compile,Decompress the tarball tar.gz and:
[root@deep] /#cp openssh-version.tar.gz /var/tmp
[root@deep] /#cd /var/tmp
[root@deep ]/tmp#tar xzpf openssh-version.tar.gz
|
You need to Compile and Optimize:
Move into the new OpenSSH directory and type the following commands on your terminal:
CC="egcs" \
CFLAGS="-O9 -funroll-loops -ffast-math -malign-double -mcpu=pentiumpro -march=pentiumpro -fomit-frame-pointer -fno-exceptions" \
./configure \
--prefix=/usr \
--sysconfdir=/etc/ssh \
--with-tcp-wrappers \
--with-ipv4-default \
--with-ssl-dir=/usr/include/openssl
|
This tells OpenSSH to set itself up for this particular hardware setup with:
|
- Compiled-in libwrap and enabled TCP Wrappers /etc/hosts.allow|deny support.
|
|
- Disabled long delays in name resolution under Linux/glibc-2.1.2 to improve connection time.
|
|
- Specified locations of OpenSSL libraries required by OpenSSH program to work.
|
Now, we must compile and install OpenSSH on the Server:
[root@deep ]/openssh-1.2.3#make
[root@deep ]/openssh-1.2.3#make install
[root@deep ]/openssh-1.2.3#make host-key
[root@deep ]/openssh-1.2.3#install -m644 contrib/redhat/sshd.pam /etc/pam.d/sshd
|
- make
command will compile all source files into executable binaries,
- make install
will install the binaries and any supporting files into the appropriate locations.
- make host-key
command will generate a host key.
- install
command will install the PAM support for Red Hat Linux, which is now more functional than the popular packages of commercial ssh-1.2.x.
please do a Cleanup later:
[root@deep] /#cd /var/tmp
[root@deep ]/tmp#rm -rf openssh-version/ openssh-version.tar.gz
|
The rm command as used above will remove all the source files we have used to compile and install OpenSSH. It will also remove the OpenSSH compressed archive from the /var/tmp directory.
