All of the instructions below assume that you have root access, and will work as the root user (either directly or using sudo).
The instructions on this page will replace the system provided OpenSSH packages with the Moonshot enabled ones (don't worry, standard SSH things will still work!).
We currently have patching available for RHEL/CentOS/SL 6.4 - 6.8 and RHEL/CentOS/SL 7.2 - 7.3.
Following the instructions on this page will give you a Moonshot-enabled OpenSSH Server only.
1. Building OpenSSH
1.1. Install prerequisites
You will need various packages installed in order to build OpenSSH from scratch. Install them via
1.2. Get the sources and patches
If you do not have any
rpmbuilddirectories already, create them now.
Download the OpenSSH sources for your particular minor version of RHEL/CentOS/SL into the
SOURCESdirectory. The sources are available at the following locations:RHEL/CentOS/SL 6
Navigate to the
SOURCESdirectory and extract the source from the RPM.RHEL/CentOS/SL 6RHEL/CentOS/SL 7
Download the Moonshot patches into the
SOURCESdirectory:RHEL/CentOS/SL 6RHEL/CentOS/SL 7
Navigate to the
SPECSdirectory and download the Moonshot-enabled OpenSSH spec file for your particular version of RHEL/CentOS/SL. The sources are available at the following locations:RHEL/CentOS/SL 6
Rename the file you downloaded to "openssh.spec", overwriting the existing copy:
1.3. Build OpenSSH
Now we're ready to build the Moonshot-enabled version of OpenSSH.
Make sure you're in the
SPECSdirectory and execute an RPM build.
If the build was successful, in your ~
/rpmbuild/RPMS/x86_64directory you should find RPMs for the following:
2. Installation Instructions
2.1. Add the Moonshot libraries.
If you have not already done so, you first need to follow the instructions on how to install the Moonshot Libraries on a Linux Server.
2.2. Ensure that your hostname is correct
The channel bindings check requires that the hostname of your SSH server match the hostname people are SSHing to. That is, the output of the "hostname" command should match the FQDN of the server. If it doesn't, change the relevant line in
/etc/sysconfig/network to make it so.
2.3. Installation Instructions
Establish first which of the above OpenSSH packages are installed and note them down:
Change to the
~/rpmbuild/RPMS/x86_64directory that contains your packages and install the packages by using the
yum downgradecommand by listing the RPM for each of the packages listed in Step 1 above:
- Your packages should now be installed correctly.
3. Configuration Instructions
The configuration instructions for this version of the OpenSSH server are unchanged from those in the repository.