Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Numbered Headings

Building OpenSSH

Install prerequisites

You will need various packages installed in order to build OpenSSH from scratch. Install them via yum:

Expand
titleRHEL/CentOS/SL 6
Code Block
languagebash
titleRHEL/CentOS/SL 6
$ yum install audit-libs-devel autoconf automake fipscheck-devel gcc gtk2-devel libedit-devel \
libX11-devel make man ncurses-devel nss-devel openldap-devel openssl-devel pam-devel \
rpm-build rpmdevtools tcp_wrappers-devel xauth
Expand
titleRHEL/CentOS/SL 7
Code Block
languagebash
titleRHEL/CentOS/SL 7
$ yum install audit-libs audit-libs-devel autoconf automake devel-libs-devel fipscheck-devel \
gcc gnome-libs-devel groff \
gtk2-devel krb5-devel libcap-ng-devel libedit-devel libselinux-devel \
libX11-devel \
make man ncurses-devel nss-devel openldap-devel openssl-devel pam-devel perl \
perl-podlators rpm-build rpmdevtools tcp_wrappers-devel util-linux xauth zlib-audit

Get the sources and patches

  1. If you do not have any rpmbuild directories already, create them now.

    Code Block
    languagebash
    $ mkdir -p ~/rpmbuild/SOURCES ~/rpmbuild/SPECS ~/rpmbuild/RPMS
  2. Download the OpenSSH sources for your particular minor version of RHEL/CentOS/SL into the SOURCES directory. The sources are available at the following locations:

    Expand
    titleRHEL/CentOS/SL 6
    Expand
    titleRHEL/CentOS/SL 7
  3. Navigate to the SOURCES directory and extract the source from the RPM.

    Expand
    titleRHEL/CentOS/SL 6
    Code Block
    languagebash
    titleRHEL/CentOS/SL 6
    $ cd ~/rpmbuild/SOURCES && rpm -ivh openssh-5.3p1-*.src.rpm
    Expand
    titleRHEL/CentOS/SL 7
    Code Block
    languagebash
    titleRHEL/CentOS/SL 7
    $ cd ~/rpmbuild/SOURCES && rpm -ivh openssh-6.*.src.rpm
  4. Download the Moonshot patches into the SOURCES directory:

    Expand
    titleRHEL/CentOS/SL 6
    Code Block
    languagebash
    titleCentOS 6 to CentOS 6.7
    $ curl -o openssh-gssapi-generic.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-5.3p1-gssapi-generic.patch?api=v2 && \
    curl -o openssh-nulluser.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-5.3p1-nulluser.patch?api=v2
    Code Block
    languagebash
    titleCentOS 6.8
    $ curl -o openssh-gssapi-generic.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-5.3p1-gssapi-generic.patch?api=v2 && \
    curl -o openssh-nulluser.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-5.3p1-nulluser-118.patch?api=v2
    Expand
    titleRHEL/CentOS/SL 7
    Code Block
    languagebash
    titleCentOS 7.2
    $ curl -o openssh-gssapi-generic-6x.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-gssapi-generic-6x.patch?api=v2 && \
    curl -o openssh-nulluser-6x.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-nulluser-6x.patch?api=v2
    Code Block
    languagebash
    titleCentOS 7.3
    $ curl -o openssh-gssapi-generic-6x.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-gssapi-generic-6x.patch?api=v2 && \
    curl -o openssh-nulluser-6x.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-nulluser-6.6.1p1-33.patch?api=v2
  5. Navigate to the SPECS directory and download the Moonshot-enabled OpenSSH spec file for your particular version of RHEL/CentOS/SL. The sources are available at the following locations:

    Expand
    titleRHEL/CentOS/SL 6
    Expand
    titleRHEL/CentOS/SL 7
  6. Rename the file you downloaded to "openssh.spec", overwriting the existing copy:

    Code Block
    title(For CentOS 6.6)
    $ mv openssh-5.3p1-104.spec openssh.spec

Build OpenSSH

Now we're ready to build the Moonshot-enabled version of OpenSSH.

  1. Make sure you're in the SPECS directory and execute an RPM build.

    Code Block
    $ rpmbuild -bb openssh.spec
    Tip

    If the build was successful, in your ~/rpmbuild/RPMS/x86_64 directory you should find RPMs for the following:

      • openssh
      • openssh-askpass
      • openssh-clients
      • openssh-ldap
      • openssh-server
      • pam_ssh_agent_auth

Installation Instructions

Add the Moonshot libraries.

If you have not already done so, you first need to follow the instructions on how to install the Moonshot Libraries on a Linux Server.

Ensure that your hostname is correct

The channel bindings check requires that the hostname of your SSH server match the hostname people are SSHing to. That is, the output of the "hostname" command should match the FQDN of the server. If it doesn't, change the relevant line in /etc/sysconfig/network to make it so.

Installation Instructions

  1. Establish first which of the above OpenSSH packages are installed and note them down:

    Code Block
    $ yum list installed |grep openssh
  2. Change to the ~/rpmbuild/RPMS/x86_64 directory that contains your packages and install the packages by using the yum downgrade command by listing the RPM for each of the packages listed in Step 1 above:

    Code Block
    title(for CentOS 7.3)
    $ yum downgrade openssh-6.6.1p1-33.el7.centos.x86_64.rpm openssh-clients-6.6.1p1-33.el7.centos.x86_64.rpm \
    openssh-server-6.6.1p1-33.el7.centos.x86_64.rpm
  3. Your packages should now be installed correctly.

Configuration Instructions

The configuration instructions for this version of the OpenSSH server are unchanged from those in the repository.