Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

15.1. OpenSSH

In our configuration we have configured OpenSSH to support tcp-wrappers; the inetd super server, to improve the security of this already secure program and to avoid always running its daemon in the background of the server. This way, the program will run only when client connections arrive and will redirect them through the TCP-WRAPPERS daemon for authentication and authorization before allowing the connection in the server.

OpenSSH is a free replacement and improvement of SSH1 with all patent-encumbered algorithms removed to external libraries, all known security bugs fixed, new features reintroduced and many other clean-ups. It is recommended that you use OpenSSH free and security bug fixed instead of SSH1 free, buggy, and old or SSH2 that was originally free but now under a commercial license. For peoples that use SSH2 from Datafellows Company, we'll provide in this book both versions, beginning with OpenSSH, since it is the new SSH program which everyone, we suggest, must move to in the future.

These installation instructions assume:

  • Commands are Unix-compatible.

  • The source path is /var/tmp -other paths are possible.

  • Installations were tested on Red Hat Linux 6.1 and 6.2.

  • All steps in the installation will happen in super-user account root.

  • OpenSSH version number is 1.2.3

These are the Packages you can download from OpenSSH Homepage:https://www.openssh.com and be sure to download: openssh-1.2.3.tar.gz as of this writing

There are some Prerequisites you need to take care of before installing OpenSSH since it requires that the zlib-devel package, which contains the header files and libraries needed to develop programs that use the zlib compression and decompression library, be already installed on your system. If this is not the case, you must install it from your Red Hat Linux 6.1 or 6.2 CD-ROM. To verify that the zlib-devel package is installed on your Linux system, use the following command:
         [[email protected]] /#rpm -qi zlib-devel
         

package zlib-devel is not installed

To install the zlib-devel package on your Linux system, use the following command:
         [[email protected]] /#mount /dev/cdrom /mnt/cdrom/
         [[email protected]] /#cd /mnt/cdrom/RedHat/RPMS/
         [[email protected] ]/RPMS#rpm -Uvh zlib-devel-version.i386.rpm
         

gd ##################################################

         [[email protected] ]/RPMS#rpm -Uvh gd-devel-version.i386.rpm
         

zlib-devel ##################################################

         [[email protected] ]/RPMS# cd /; umount /mnt/cdrom/
         

Important: OpenSSL, which enables support for SSL functionality, must already be installed on your system to be able to use the OpenSSH software.For more information on OpenSSL server, see its related chapter in this book. Even if you don't need to use OpenSSL software to create or hold encrypted key files, it's important to note that OpenSSH program require its libraries files to be able to work properly on your system.

you need to decompress and unpack the Tarballs but it is a good idea to make a list of files on the system before you install OpenSSH, and one afterwards, and then compare them using diff to find out what files it placed where. Simply run find/* > OpenSSH1 before and find/* > OpenSSH2 after you install the software, and use diff OpenSSH1 OpenSSH2 > OpenSSH-Installed to get a list of what changed.

To Compile,Decompress the tarball tar.gz and:
         [[email protected]] /#cp openssh-version.tar.gz /var/tmp
         [[email protected]] /#cd /var/tmp
         [[email protected] ]/tmp#tar xzpf openssh-version.tar.gz
         

You need to Compile and Optimize:

  1. Move into the new OpenSSH directory and type the following commands on your terminal:
             CC="egcs" \
             CFLAGS="-O9 -funroll-loops -ffast-math -malign-double -mcpu=pentiumpro -march=pentiumpro -fomit-frame-pointer -fno-exceptions" \
             ./configure \
             --prefix=/usr \
             --sysconfdir=/etc/ssh \
             --with-tcp-wrappers \
             --with-ipv4-default \
             --with-ssl-dir=/usr/include/openssl
             
    This tells OpenSSH to set itself up for this particular hardware setup with:

    - Compiled-in libwrap and enabled TCP Wrappers /etc/hosts.allow|deny support.
    - Disabled long delays in name resolution under Linux/glibc-2.1.2 to improve connection time.
    - Specified locations of OpenSSL libraries required by OpenSSH program to work.

  2. Now, we must compile and install OpenSSH on the Server:
             [[email protected] ]/openssh-1.2.3#make
             [[email protected] ]/openssh-1.2.3#make install
             [[email protected] ]/openssh-1.2.3#make host-key
             [[email protected] ]/openssh-1.2.3#install -m644 contrib/redhat/sshd.pam /etc/pam.d/sshd
             

    make

    command will compile all source files into executable binaries,

    make install

    will install the binaries and any supporting files into the appropriate locations.

    make host-key

    command will generate a host key.

    install

    command will install the PAM support for Red Hat Linux, which is now more functional than the popular packages of commercial ssh-1.2.x.

  3. please do a Cleanup later:
             [[email protected]] /#cd /var/tmp
             [[email protected] ]/tmp#rm -rf openssh-version/ openssh-version.tar.gz
             
    The rm command as used above will remove all the source files we have used to compile and install OpenSSH. It will also remove the OpenSSH compressed archive from the /var/tmp directory.

 
 
  Published under the terms of the Open Publication License Design by Interspire