Installation of OpenSSH on FreeBSD
This is a brief overview of installing OpenSSH 3.4, be warned this information may not apply to your system, but it works for me on FreeBSD.
1. Privilege Separation
OpenSSH now comes with privilege separation and certain steps need to be taken for sshd to operate correctly.
2. The Setup
New users/groups: sshd and authpf
Add the following user entry using vipw(8):
sshd:*:27:27::0:0:sshd privsep:/var/empty:/sbin/nologin
Add the following to /etc/group:
sshd:*:27:
And if you wish to use authpf add the group authpf also:
authpf:*:72:
more info on authpf can be found at: http://www.deadly.org/article.php3?sid=20020404012633
make the directory /var/empty
mkdir /var/empty
3. OpenSSL
OpenSSL 0.9.6 or greater is required to run OpenSSH 3.4 effectively since SSH1 and Blowfish may not work correctly.
download source from http://www.openssl.org/source/
tar zxvf openssl-0.9.6.tar.gz cd openssl-0.9.6 ./config make make test make install
Note: the OpenSSL binary is now placed in /usr/local/ssl/bin this can be changed at configure time but it is also possible to make a symbolic link to the new binary from the old location do...
cd /usr/bin rm openssl ln -s /usr/local/ssl/bin/openssl openssl
4. Installation
download source from your nearest mirror at http://www.openssh.org/portable.html
tar zxvf openssh-3.4p1.tar.gz cd openssh-3.4p1 ./configure make make install
add the following line to /etc/ssh/sshd_config
UsePrivilegeSeparation yes
5. Now running it:
killall sshd /usr/local/sbin/sshd
Note: when upgrading sshd may have been in /usr/sbin to make a symbolic link to the new binary do..
cd /usr/sbin rm sshd ln -s /usr/local/sbin/sshd sshd
And that's about it really.
Captain Kirk
|