|
Installation of OpenSSH on FreeBSD
This is a brief overview of installing OpenSSH 3.4, be warned this
information may not apply to your system, but it works for me on FreeBSD.
1. Privilege Separation
OpenSSH now comes with privilege separation and certain steps need to be
taken for sshd to operate correctly.
2. The Setup
New users/groups: sshd and authpf
Add the following user entry using vipw(8):
sshd:*:27:27::0:0:sshd privsep:/var/empty:/sbin/nologin
Add the following to /etc/group:
sshd:*:27:
And if you wish to use authpf add the group authpf also:
authpf:*:72:
more info on authpf can be found at:
http://www.deadly.org/article.php3?sid=20020404012633
make the directory /var/empty
mkdir /var/empty
3. OpenSSL
OpenSSL 0.9.6 or greater is required to run OpenSSH 3.4 effectively since
SSH1 and Blowfish may not work correctly.
download source from http://www.openssl.org/source/
tar zxvf openssl-0.9.6.tar.gz
cd openssl-0.9.6
./config
make
make test
make install
Note: the OpenSSL binary is now placed in /usr/local/ssl/bin this can be
changed at configure time but it is also possible to make a symbolic link
to the new binary from the old location do...
cd /usr/bin
rm openssl
ln -s /usr/local/ssl/bin/openssl openssl
4. Installation
download source from your nearest mirror at
http://www.openssh.org/portable.html
tar zxvf openssh-3.4p1.tar.gz
cd openssh-3.4p1
./configure
make
make install
add the following line to /etc/ssh/sshd_config
UsePrivilegeSeparation yes
5. Now running it:
killall sshd
/usr/local/sbin/sshd
Note: when upgrading sshd may have been in /usr/sbin to make a symbolic
link to the new binary do..
cd /usr/sbin
rm sshd
ln -s /usr/local/sbin/sshd sshd
And that's about it really.
Captain Kirk
|
