Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Numbered Headings

Building OpenSSH

Install prerequisites

You will need various packages installed in order to build OpenSSH from scratch. Install them via yum:

Expand
titleRHEL/CentOS/SL 6
Code Block
languagebash
titleRHEL/CentOS/SL 6
$ yum install rpmdevtools gcc openssl-devel pam-devel rpm-build autoconf automake gtk2-devel libX11-devel \
audit-libs-devel tcp_wrappers-devel fipscheck-devel openldap-devel libedit-devel ncurses-devel nss-devel make man xauth
Expand
titleRHEL/CentOS/SL 7
Code Block
languagebash
titleRHEL/CentOS/SL 7
$ yum install audit-libs-devel gtk2-devel libX11-devel gnome-libs-devel openldap-devel autoconf automake perl \
zlib-audit devel-libs-devel util-linux groff pam-devel tcp_wrappers-devel fipscheck-devel openssl-devel \
perl-podlators krb5-devel libedit-devel ncurses-devel libselinux-devel audit-libs xauth zlib-devel

Get the sources and patches

  1. If you do not have any rpmbuild directories already, create them now.

    Code Block
    languagebash
    $ mkdir -p ~/rpmbuild/SOURCES ~/rpmbuild/SPECS ~/rpmbuild/RPMS
  2. Download the OpenSSH sources for your particular minor version of RHEL/CentOS/SL into the SOURCES directory. The sources are available at the following locations:

    Expand
    titleRHEL/CentOS/SL 6
    Expand
    titleRHEL/CentOS/SL 7
  3. Navigate to the SOURCES directory and extract the source from the RPM.

    Expand
    titleRHEL/CentOS/SL 6
    Code Block
    languagebash
    titleRHEL/CentOS/SL 6
    $ cd ~/rpmbuild/SOURCES && rpm -ivh openssh-5.3p1-*.src.rpm
    Expand
    titleRHEL/CentOS/SL 7
    Code Block
    languagebash
    titleRHEL/CentOS/SL 7
    $ cd ~/rpmbuild/SOURCES && rpm -ivh openssh-6.*.src.rpm
  4. Download the Moonshot patches into the SOURCES directory:

    Expand
    titleRHEL/CentOS/SL 6
    Code Block
    languagebash
    titleCentOS 6 to CentOS 6.7
    $ curl -o openssh-gssapi-generic.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-5.3p1-gssapi-generic.patch?api=v2 && \
    curl -o openssh-nulluser.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-5.3p1-nulluser.patch?api=v2
    Code Block
    languagebash
    titleCentOS 6.8
    $ curl -o openssh-gssapi-generic.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-5.3p1-gssapi-generic.patch?api=v2 && \
    curl -o openssh-nulluser.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-5.3p1-nulluser-118.patch?api=v2
    Expand
    titleRHEL/CentOS/SL 7
    Code Block
    languagebash
    titleCentOS 7.2
    $ curl -o openssh-gssapi-generic-6x.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-gssapi-generic-6x.patch?api=v2 && \
    curl -o openssh-nulluser-6x.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-nulluser-6x.patch?api=v2
    Code Block
    languagebash
    titleCentOS 7.3
    $ curl -o openssh-gssapi-generic-6x.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-gssapi-generic-6x.patch?api=v2 && \
    curl -o openssh-nulluser-6x.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-nulluser-6.6.1p1-33.patch?api=v2
  5. Navigate to the SPECS directory and download the Moonshot-enabled OpenSSH spec file for your particular version of RHEL/CentOS/SL. The sources are available at the following locations:

    Expand
    titleRHEL/CentOS/SL 6
    Expand
    titleRHEL/CentOS/SL 7
  6. Rename the file you downloaded to "openssh.spec", overwriting the existing copy:

    Code Block
    title(For CentOS 6.6)
    $ mv openssh-5.3p1-104.spec openssh.spec

Build OpenSSH

Now we're ready to build the Moonshot-enabled version of OpenSSH.

  1. Make sure you're in the SPECS directory and execute an RPM build.

    Code Block
    $ rpmbuild -bb openssh.spec
    Tip

    If the build was successful, in your ~/rpmbuild/RPMS/x86_64 directory you should find RPMs for the following:

      • openssh
      • openssh-askpass
      • openssh-clients
      • openssh-ldap
      • openssh-server
      • pam_ssh_agent_auth

Installation Instructions

Add the Moonshot libraries.

If you have not already done so, you first need to follow the instructions on how to install the Moonshot Libraries on a Linux Server.

Ensure that your hostname is correct

The channel bindings check requires that the hostname of your SSH server match the hostname people are SSHing to. That is, the output of the "hostname" command should match the FQDN of the server. If it doesn't, change the relevant line in /etc/sysconfig/network to make it so.

Installation Instructions

  1. Establish first which of the above OpenSSH packages are installed and note them down:

    Code Block
    $ yum list installed |grep openssh
  2. Change to the ~/rpmbuild/RPMS/x86_64 directory that contains your packages and install the packages by using the yum downgrade command by listing the RPM for each of the packages listed in Step 1 above:

    Code Block
    title(for CentOS 7.3)
    $ yum downgrade openssh-6.6.1p1-33.el7.centos.x86_64.rpm openssh-clients-6.6.1p1-33.el7.centos.x86_64.rpm openssh-server-6.6.1p1-33.el7.centos.x86_64.rpm
  3. Your packages should now be installed correctly.

Configuration Instructions

The configuration instructions for this version of the OpenSSH server are unchanged from those in the repository.