Defcon1-Header
Tool-BarfreeBSD ArticlesSearch Our SiteHOMEfreeBSD LinksContribute to FreeBSD HelpFreeBSD FilesFreeBSD Script Corner

Installation of OpenSSH on FreeBSD

This is a brief overview of installing OpenSSH 3.4, be warned this
information may not apply to your system, but it works for me on FreeBSD.

1. Privilege Separation

OpenSSH now comes with privilege separation and certain steps need to be
taken for sshd to operate correctly.

2. The Setup

New users/groups: sshd and authpf

Add the following user entry using vipw(8):

sshd:*:27:27::0:0:sshd privsep:/var/empty:/sbin/nologin

Add the following to /etc/group:

sshd:*:27:

And if you wish to use authpf add the group authpf also:

authpf:*:72:

more info on authpf can be found at:
http://www.deadly.org/article.php3?sid=20020404012633

make the directory /var/empty

mkdir /var/empty

3. OpenSSL

OpenSSL 0.9.6 or greater is required to run OpenSSH 3.4 effectively since
SSH1 and Blowfish may not work correctly.

download source from http://www.openssl.org/source/

tar zxvf openssl-0.9.6.tar.gz
cd openssl-0.9.6
./config
make
make test
make install

Note: the OpenSSL binary is now placed in /usr/local/ssl/bin this can be
changed at configure time but it is also possible to make a symbolic link
to the new binary from the old location do...

cd /usr/bin
rm openssl
ln -s /usr/local/ssl/bin/openssl openssl

4. Installation

download source from your nearest mirror at
http://www.openssh.org/portable.html

tar zxvf openssh-3.4p1.tar.gz
cd openssh-3.4p1
./configure
make
make install

add the following line to /etc/ssh/sshd_config

UsePrivilegeSeparation yes

5. Now running it:

killall sshd
/usr/local/sbin/sshd

Note: when upgrading sshd may have been in /usr/sbin to make a symbolic
link to the new binary do..

cd /usr/sbin
rm sshd
ln -s /usr/local/sbin/sshd sshd

And that's about it really.

Captain Kirk

© 1997 - 20013 Defcon1, www.defcon1.org , Copyrights for all materials on this web site are held by the individual authors, artists, photographers or creators. Materials may not be reproduced or otherwise distributed without permission of www.defcon1.org and the content's original author.

Defcon1-Header2
Tool-Bar-2Defcon1  Webmail