Building OpenSSHInstall prerequisitesYou will need various packages installed in order to build OpenSSH from scratch. Install them via yum : $ yum install rpmdevtools gcc openssl-devel pam-devel rpm-build autoconf automake gtk2-devel libX11-devel \
audit-libs-devel tcp_wrappers-devel fipscheck-devel openldap-devel libedit-devel ncurses-devel nss-devel make man xauth |
|
$ yum install audit-libs-devel gtk2-devel libX11-devel gnome-libs-devel openldap-devel autoconf automake perl \
zlib-audit devel-libs-devel util-linux groff pam-devel tcp_wrappers-devel fipscheck-devel openssl-devel \
perl-podlators krb5-devel libedit-devel ncurses-devel libselinux-devel audit-libs xauth zlib-devel |
|
Get the sources and patchesIf you do not have any rpmbuild directories already, create them now. $ mkdir -p ~/rpmbuild/SOURCES ~/rpmbuild/SPECS ~/rpmbuild/RPMS |
Download the OpenSSH sources for your particular minor version of RHEL/CentOS/SL into the SOURCES directory. The sources are available at the following locations: Navigate to the SOURCES directory and extract the source from the RPM. $ cd ~/rpmbuild/SOURCES && rpm -ivh openssh-5.3p1-*.src.rpm |
|
$ cd ~/rpmbuild/SOURCES && rpm -ivh openssh-6.*.src.rpm |
|
Download the Moonshot patches into the SOURCES directory: $ curl -o openssh-gssapi-generic.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-5.3p1-gssapi-generic.patch?api=v2 && \
curl -o openssh-nulluser.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-5.3p1-nulluser.patch?api=v2 |
$ curl -o openssh-gssapi-generic.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-5.3p1-gssapi-generic.patch?api=v2 && \
curl -o openssh-nulluser.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-5.3p1-nulluser-118.patch?api=v2 |
|
$ curl -o openssh-gssapi-generic-6x.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-gssapi-generic-6x.patch?api=v2 && \
curl -o openssh-nulluser-6x.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-nulluser-6x.patch?api=v2 |
$ curl -o openssh-gssapi-generic-6x.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-gssapi-generic-6x.patch?api=v2 && \
curl -o openssh-nulluser-6x.patch https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-nulluser-6.6.1p1-33.patch?api=v2 |
|
Navigate to the SPECS directory and download the Moonshot-enabled OpenSSH spec file for your particular version of RHEL/CentOS/SL. The sources are available at the following locations: Rename the file you downloaded to "openssh.spec", overwriting the existing copy: $ mv openssh-5.3p1-104.spec openssh.spec |
Build OpenSSHNow we're ready to build the Moonshot-enabled version of OpenSSH. Make sure you're in the SPECS directory and execute an RPM build. $ rpmbuild -bb openssh.spec |
If the build was successful, in your ~/rpmbuild/RPMS/x86_64 directory you should find RPMs for the following: - openssh
- openssh-askpass
- openssh-clients
- openssh-ldap
- openssh-server
- pam_ssh_agent_auth
|
Installation InstructionsAdd the Moonshot libraries.If you have not already done so, you first need to follow the instructions on how to install the Moonshot Libraries on a Linux Server. Ensure that your hostname is correctThe channel bindings check requires that the hostname of your SSH server match the hostname people are SSHing to. That is, the output of the "hostname" command should match the FQDN of the server. If it doesn't, change the relevant line in /etc/sysconfig/network to make it so. Installation InstructionsEstablish first which of the above OpenSSH packages are installed and note them down: $ yum list installed |grep openssh |
Change to the ~/rpmbuild/RPMS/x86_64 directory that contains your packages and install the packages by using the yum downgrade command by listing the RPM for each of the packages listed in Step 1 above: $ yum downgrade openssh-6.6.1p1-33.el7.centos.x86_64.rpm openssh-clients-6.6.1p1-33.el7.centos.x86_64.rpm \
openssh-server-6.6.1p1-33.el7.centos.x86_64.rpm |
- Your packages should now be installed correctly.
Configuration InstructionsThe configuration instructions for this version of the OpenSSH server are unchanged from those in the repository. |