Danster
01-30-2001, 09:10 AM
Ok maybe not easy ;-)
I owe lots of NG folks for tips on getting OpenSSH working on my machine. As thanks, here is a summary of what I did. I'm on RH 6.1, though it should work on RH 6.2 for other distributions check: http://www.freeos.com/articles/2745/2/13/ and/or http://www.openssh.com/install.html*
1. make sure you have all of the RH 6.x security updates installed -- I didn't at first and regretted it:*http://www.redhat.com/support/errata/rh62-errata-security.html or http://www.redhat.com/support/errata/rh61-errata-general.html. To install the anti-ramen security fix you'll need to recompile to a newer kernel. I used: the directions found at: http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html*
2. Install OpenSSL
# rpm -ivh openssl-0.9.5a-i386.rpm
3. Update RPM to rpm-3.0.5-9.6x -- I heard that 3.0.6 also works. You may have to --force the RPM.*Don't try to go directly to 4.x it won't work. You'll be doing this later see step 14.
1b. rebuild your rpm's database:*
# rpm -i --rebuilddb*
--rebuilddb
4. install zlib RPM-- I used: zlib-1.1.3-5.
5. download: OpenSSH i386.rpm
openssh-2.3.0p1-4.i386.rpm
openssh-askpass-2.3.0p1-4.i386.rpm
openssh-askpass-gnome-2.3.0p1-4.i386.rpm
openssh-clients-2.3.0p1-4.i386.rpm
openssh-server-2.3.0p1-4.i386.rpm6. install*openssh
# rpm -Uvh openssh**
It won't work straight away. Take note of anything that is missing from your system, and install it.
# rpm -Uvh --nodeps openssh**
7. make sure it is installed:
# rpm -q openssh
openssh-2.3.0p1-4
8. Supposedly config files are supposed to /usr/local/etc -- they weren't for me instead, there were config files which may be created as follows:*
/usr/src/redhat/BUILD/openssh-2.3.0p1/sysconfdir=/var/tmp/openssh-2.3.0p1-buildroot
[or]
/usr/src/redhat/BUILD/openssh-2.3.0p1/sysconfdir=/var/tmp/openssh-2.3.0p1-buildroot/usr/libexec/openssh
9. cd /usr/src/redhat/BUILD/openssh-2.3.0p1/contrib
10. The RPM has most likely already done this, but it doesn't hurt to check that:
/usr/src/redhat/BUILD/openssh-2.3.0p1/contrib/sshd.pam.generic is the same as /etc/pam.d/sshd
If it's not:
cp /usr/src/redhat/BUILD/openssh-2.3.0p1/contrib/sshd.pam.generic /etc/pam.d/sshd
Here's what my file looked like:
# more /etc/pam.d/sshd*
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_limits.so
session optional /lib/security/pam_console.so
11. The RPM has most likely already done this, but it doesn't hurt to check that:
The RPM should have created /etc/rc.config.d/sshd.rc.config*
Here's what mine looked like:
# more /etc/rc.config.d/sshd.rc.config*
#
# Start the Secure Shell (SSH) Daemon?
#
START_SSHD="yes"
12. start the ssh daemon by
# /etc/rc.d/init.d/sshd start
[root@sloppy pam.d]# /etc/rc.d/init.d/sshd start*
Generating RSA keys: Key generation complete.
Your identification has been saved in /etc/ssh/ssh_host_key.
Your public key has been saved in /etc/ssh/ssh_host_key.pub.
The key fingerprint is:
21:7b:78:d7:00:fd:c4:55:98:ae:85:7f:e2:e1:db:e4 root@sloppy
Generating DSA parameter and key.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
a0:f2:69:ff:5f:6a:34:89:54:c3:a6:a8:94:09:d6:7c root@sloppy
Starting sshd: /usr/sbin/sshd: /lib/libc.so.6: version `GLIBC_2.2' not found (required by /usr/sbin/sshd)
[FAILED]
OOPS! Need Glibc2.2!! continue on!
13. install a newer Glibc. What I did was make a directory with the necessary files:
# ls
db1-1.85-4.i386.rpm db3-3.1.14-6.i386.rpm glibc-common-2.2-12.i386.rpm glibc-profile-2.2-12.i386.rpm
db2-2.4.14-4.i386.rpm glibc-2.2-12.i386.rpm glibc-devel-2.2-12.i386.rpm
# rpm -ivh --nodeps --force db* glibc*
If the install needs a newer RPM see 14. check that it worked:
# rpm -q glibc
glibc-2.2-12
14. If necessary update RPM I've done a few extra --rebuilddb*
# rpm -ivh --nodeps --force rpm*
rpm ##################################################
rpm-build ##################################################
rpm-devel ##################################################
rpm ##################################################
[root@sloppy RPMupdate]# rpm --rebuilddb
[root@sloppy RPMupdate]# rpm -q rpm
rpm-3.0.5-9.6x
rpm-4.0-4
[root@sloppy RPMupdate]# rpm -e rpm-3.0.5-9.6x
error: removing these packages would break dependencies:
rpm = 3.0.5 is needed by rpm-devel-3.0.5-9.6x
[root@sloppy RPMupdate]# rpm -e rpm-3.0.5-9.6x rpm-devel-3.0.5-9.6x
[root@sloppy RPMupdate]# rpm -q rpm
rpm-4.0-4
[root@sloppy RPMupdate]# rpm --rebuilddb
15. start the ssh daemon by
# /etc/rc.d/init.d/sshd start
16. To check whether SSH is running, telnet to port 22 on your machine. NB: if you use CRT from a remote machine you fill in port 22 your machine's ip address like: 127.0.0.1 or yourdomain.com
should see the following.
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-1.99-OpenSSH_2.3.0p1
;-)
Comments, corrections? Send them to: in2@my-deja.com
I owe lots of NG folks for tips on getting OpenSSH working on my machine. As thanks, here is a summary of what I did. I'm on RH 6.1, though it should work on RH 6.2 for other distributions check: http://www.freeos.com/articles/2745/2/13/ and/or http://www.openssh.com/install.html*
1. make sure you have all of the RH 6.x security updates installed -- I didn't at first and regretted it:*http://www.redhat.com/support/errata/rh62-errata-security.html or http://www.redhat.com/support/errata/rh61-errata-general.html. To install the anti-ramen security fix you'll need to recompile to a newer kernel. I used: the directions found at: http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html*
2. Install OpenSSL
# rpm -ivh openssl-0.9.5a-i386.rpm
3. Update RPM to rpm-3.0.5-9.6x -- I heard that 3.0.6 also works. You may have to --force the RPM.*Don't try to go directly to 4.x it won't work. You'll be doing this later see step 14.
1b. rebuild your rpm's database:*
# rpm -i --rebuilddb*
--rebuilddb
4. install zlib RPM-- I used: zlib-1.1.3-5.
5. download: OpenSSH i386.rpm
openssh-2.3.0p1-4.i386.rpm
openssh-askpass-2.3.0p1-4.i386.rpm
openssh-askpass-gnome-2.3.0p1-4.i386.rpm
openssh-clients-2.3.0p1-4.i386.rpm
openssh-server-2.3.0p1-4.i386.rpm6. install*openssh
# rpm -Uvh openssh**
It won't work straight away. Take note of anything that is missing from your system, and install it.
# rpm -Uvh --nodeps openssh**
7. make sure it is installed:
# rpm -q openssh
openssh-2.3.0p1-4
8. Supposedly config files are supposed to /usr/local/etc -- they weren't for me instead, there were config files which may be created as follows:*
/usr/src/redhat/BUILD/openssh-2.3.0p1/sysconfdir=/var/tmp/openssh-2.3.0p1-buildroot
[or]
/usr/src/redhat/BUILD/openssh-2.3.0p1/sysconfdir=/var/tmp/openssh-2.3.0p1-buildroot/usr/libexec/openssh
9. cd /usr/src/redhat/BUILD/openssh-2.3.0p1/contrib
10. The RPM has most likely already done this, but it doesn't hurt to check that:
/usr/src/redhat/BUILD/openssh-2.3.0p1/contrib/sshd.pam.generic is the same as /etc/pam.d/sshd
If it's not:
cp /usr/src/redhat/BUILD/openssh-2.3.0p1/contrib/sshd.pam.generic /etc/pam.d/sshd
Here's what my file looked like:
# more /etc/pam.d/sshd*
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_limits.so
session optional /lib/security/pam_console.so
11. The RPM has most likely already done this, but it doesn't hurt to check that:
The RPM should have created /etc/rc.config.d/sshd.rc.config*
Here's what mine looked like:
# more /etc/rc.config.d/sshd.rc.config*
#
# Start the Secure Shell (SSH) Daemon?
#
START_SSHD="yes"
12. start the ssh daemon by
# /etc/rc.d/init.d/sshd start
[root@sloppy pam.d]# /etc/rc.d/init.d/sshd start*
Generating RSA keys: Key generation complete.
Your identification has been saved in /etc/ssh/ssh_host_key.
Your public key has been saved in /etc/ssh/ssh_host_key.pub.
The key fingerprint is:
21:7b:78:d7:00:fd:c4:55:98:ae:85:7f:e2:e1:db:e4 root@sloppy
Generating DSA parameter and key.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
a0:f2:69:ff:5f:6a:34:89:54:c3:a6:a8:94:09:d6:7c root@sloppy
Starting sshd: /usr/sbin/sshd: /lib/libc.so.6: version `GLIBC_2.2' not found (required by /usr/sbin/sshd)
[FAILED]
OOPS! Need Glibc2.2!! continue on!
13. install a newer Glibc. What I did was make a directory with the necessary files:
# ls
db1-1.85-4.i386.rpm db3-3.1.14-6.i386.rpm glibc-common-2.2-12.i386.rpm glibc-profile-2.2-12.i386.rpm
db2-2.4.14-4.i386.rpm glibc-2.2-12.i386.rpm glibc-devel-2.2-12.i386.rpm
# rpm -ivh --nodeps --force db* glibc*
If the install needs a newer RPM see 14. check that it worked:
# rpm -q glibc
glibc-2.2-12
14. If necessary update RPM I've done a few extra --rebuilddb*
# rpm -ivh --nodeps --force rpm*
rpm ##################################################
rpm-build ##################################################
rpm-devel ##################################################
rpm ##################################################
[root@sloppy RPMupdate]# rpm --rebuilddb
[root@sloppy RPMupdate]# rpm -q rpm
rpm-3.0.5-9.6x
rpm-4.0-4
[root@sloppy RPMupdate]# rpm -e rpm-3.0.5-9.6x
error: removing these packages would break dependencies:
rpm = 3.0.5 is needed by rpm-devel-3.0.5-9.6x
[root@sloppy RPMupdate]# rpm -e rpm-3.0.5-9.6x rpm-devel-3.0.5-9.6x
[root@sloppy RPMupdate]# rpm -q rpm
rpm-4.0-4
[root@sloppy RPMupdate]# rpm --rebuilddb
15. start the ssh daemon by
# /etc/rc.d/init.d/sshd start
16. To check whether SSH is running, telnet to port 22 on your machine. NB: if you use CRT from a remote machine you fill in port 22 your machine's ip address like: 127.0.0.1 or yourdomain.com
should see the following.
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-1.99-OpenSSH_2.3.0p1
;-)
Comments, corrections? Send them to: in2@my-deja.com