Well, working from RPMs of OpenSSH and OpenSSL instead of source worked
quite nicely. I take it that, using ssh to get a console session on the
server system, that I can do the standard exporting of the $DISPLAY
environment variable, etc. to tunnel an X session through this?
- Jeff
> -----Original Message-----
> From: Michael H. Warfield [mailto:">mhw@wittsend.com]
> Sent: Thursday, May 11, 2000 10:34 AM
> To: Jeff Hubbs
> Cc: Michael H. Warfield; ">ale@ale.org
> Subject: Re: [ale] OpenSSH: More Than I Can Chew?
>
>
> On Thu, May 11, 2000 at 11:19:20AM -0400, Jeff Hubbs wrote:
> > > Hmmmm.... I can take some pretty good guesses here but I
> > > need some more information.
> > >
> > > 1) What distribution and version are you using?
>
>
> > Client is Mandrake 6.0, server is Mandrake 7.0-2.
>
> > > 2) What version of OpenSSH are you using (I would
> > > highly recommend
> > > 2.1.0 at this time).
>
> > I'm using openssh-2.1.0, openssl-0.9.5a, and zlib-1.1.3/
>
>
> > > 3) How are you installing it?
> > > From source?
> > > From rpm?
>
> > I did all three of the above from source.
>
> > > If this is a RedHat system (or any other system using PAM) and
> > > you installed from source, you probably (probability
> approaching 100%)
> > > didn't get the PAM file installed properly. Look for the file
> > > /etc/pam.d/sshd. If the directory is there and the file
> is not there,
> > > I can almost guarentee you that you've got at least that for
> > > a problem.
>
> > Bingo. No file. I read all that stuff about PAM in the
> docs but I didn't
> > get the impression that I actually needed to do anything.
> Would it remedy
> > the problem if I installed just the OpenSSH RPM or should I
> try to create a
> > PAM file in /etc/pam.d, given that I don't know how at the moment?
>
> Installing from the OpenSSH rpms should remedy the problem, yes.
>
> > And from where does the OpenSSH RPM come from? Is
> >
ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-2.1.0-1.i386.
> rpm what I'd want?
Actually, there are several rpm's that you need to install.
I mirror my copies from violet.ibs.com.au using rsync. In the
openssh distribution directory, there should be a files subdirectory.
The rpm's that you want are as follows:
openssh-2.1.0-1.i386.rpm
openssh-askpass-2.1.0-1.i386.rpm
openssh-askpass-gnome-2.1.0-1.i386.rpm
openssh-clients-2.1.0-1.i386.rpm
openssh-server-2.1.0-1.i386.rpm
You may also need the OpenSSL rpm's to satisfy the install
requirements. Those are available under the support subdirectory
where you find the rpm files above.
If you are really and truely paranoid, like you should be, you
can then go back and rebuild from source, just be sure to look at the
rpm spec file for the configuration options you need when you do the
build. This is the configure command used when the sources were
compiled for creating the above rpm packages:
./configure --prefix=/usr --sysconfdir=/etc/ssh \
--with-tcp-wrappers --with-ipv4-default
Note too... The "--with-tcp-wrappers" means that hosts.allow
and hosts.deny will also affect who can connect and who can not. If
you didn't compile with "--sysconfdir=/etc/ssh", your keys and config
files are going to be in /etc. Create the /etc/ssh directory and copy
them there FIRST before installing the rpms, or you will end up with
entirely new key files created.
> - Jeff
Mike
--
Michael H. Warfield | (770) 985-6132 | ">mhw@WittsEnd.com
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
--
To unsubscribe: mail ">majordomo@ale.org with "unsubscribe ale" in message
body.
--
To unsubscribe: mail ">majordomo@ale.org with "unsubscribe ale" in message body.