[cobalt-users] RAQ2 Pkgs OpenSSH/SSL

[Jay Summers <jay@xxxxxxxxxxxxxxxxxxxxx>]

Snipping throughout...

> Login and get to root (su -)
> cd /root
> rpm -e --nodeps openssh-askpass-gnome openssh-askpass openssh-server
> openssh-clients openssh
> mkdir ssl
> cd ssl
> wget http://www.openssl.org/source/openssl-0.9.7b.tar.gz
> tar xfz openssl-0.9.7b.tar.gz
> cd openssl-0.9.7b
> ./config
> make
> make test
> make install
> cd /root

This looks okay for installing ssl, but I'd do it in on /home rather 
than root. There's much more space on /home.

> mkdir ssh
> cd ssh
> ftp ftp.openbsd.com
> (log in as ftp and then your email address)
> cd /pub/OpenBSD/OpenSSH/portable
> bin
> get openssh-3.7.1p2.tar.gz
> quit
> tar xfz openssh-3.7.1p2.tar.gz
> cd openssh-3.7.1p2
> ./configure --prefix=/usr/local --with-md5-passwords 
> --with-ssl-dir=/usr/loc
> al/ssl --with-pid-dir=/var/run
> make;make install

looks okay, except I'm a little confused. The output below is what you 
get when you're done with the ./configure. That doesn't necessarily 
mean that the make and make install were done or successful. Try going 
back into your ssh directory and do the make again, unless you're sure 
it did it the first time. Or look for the new sshd in your source 
folder. e.g. ls -la | grep sshd

> On completion of all of that, I got this response....
> OpenSSH has been configured with the following options:
>                      User binaries: /usr/local/bin
>                    System binaries: /usr/local/sbin
>                Configuration files: /usr/local/etc
>                    Askpass program: /usr/local/libexec/ssh-askpass
>                       Manual pages: /usr/local/man/manX
>                           PID file: /var/run
>   Privilege separation chroot path: /var/empty
>             sshd default user PATH:
> /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
>                     Manpage format: doc
>                        DNS support: no
>                        PAM support: no
>                  KerberosV support: no
>                  Smartcard support: no
>                      S/KEY support: no
>               TCP Wrappers support: no
>               MD5 password support: yes
>        IP address in $DISPLAY hack: no
>            Translate v4 in v6 hack: yes
>                   BSD Auth support: no
>               Random number source: OpenSSL internal ONLY
>
>               Host: mipsel-pc-linux-gnu
>           Compiler: gcc
>     Compiler flags: -g -O2 -Wall -Wpointer-arith -Wno-uninitialized
> Preprocessor flags: -I/usr/local/ssl/include
>       Linker flags: -L/usr/local/ssl/lib
>          Libraries:   -lutil -lz -lnsl  -lcrypto -lcrypt
>
> But... updatedb then locate sshd did not locate the file.

After you've done a successful make, the sshd binary will be in the 
same directory as the source. You can fire it up to test it by doing 
this:

./sshd -p 55555

That fires up the new daemon on port 55555, which is a unused and safe 
test port. Now you should be able to login from another machine by 
doing:

ssh -p 55555 admin@xxxxxxxxxxxxxx

If it works then kill off the old sshd and do a make install from the 
port 55555 login. Test to make sure you can login on using the default 
port 22, and kill off the sshd running on port 55555. You should be 
good to go after that.

-jay