15
15
The remaining items are optional.
17
OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system
18
supports it. PAM is standard on Redhat and Debian Linux, Solaris and
21
17
NB. If you operating system supports /dev/random, you should configure
22
18
OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of
23
/dev/random. If you don't you will have to rely on ssh-rand-helper, which
24
is inferior to a good kernel-based solution.
19
/dev/random, or failing that, either prngd or egd. If you don't have
20
any of these you will have to rely on ssh-rand-helper, which is inferior
21
to a good kernel-based solution or prngd.
25
If your system lacks kernel-based random collection, the use of Lutz
26
Jaenicke's PRNGd is recommended.
28
http://prngd.sourceforge.net/
32
The Entropy Gathering Daemon (EGD) is supported if you have a system which
33
lacks /dev/random and don't want to use OpenSSH's internal entropy collection.
35
http://www.lothar.com/tech/crypto/
27
http://www.kernel.org/pub/linux/libs/pam/
39
OpenSSH can utilise Pluggable Authentication Modules (PAM) if your
40
system supports it. PAM is standard most Linux distributions, Solaris,
41
HP-UX 11, AIX >= 5.2, FreeBSD and NetBSD.
43
Information about the various PAM implementations are available:
45
Solaris PAM: http://www.sun.com/software/solaris/pam/
46
Linux PAM: http://www.kernel.org/pub/linux/libs/pam/
47
OpenPAM: http://www.openpam.org/
29
49
If you wish to build the GNOME passphrase requester, you will need the GNOME
30
50
libraries and headers.
38
58
http://www.jmknoble.net/software/x11-ssh-askpass/
42
If your system lacks Kernel based random collection, the use of Lutz
43
Jaenicke's PRNGd is recommended.
45
http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
49
The Entropy Gathering Daemon (EGD) is supported if you have a system which
50
lacks /dev/random and don't want to use OpenSSH's internal entropy collection.
52
http://www.lothar.com/tech/crypto/
62
If you wish to use the TCP wrappers functionality you will need at least
63
tcpd.h and libwrap.a, either in the standard include and library paths,
64
or in the directory specified by --with-tcp-wrappers. Version 7.6 is
67
http://ftp.porcupine.org/pub/security/index.html
72
87
If you modify configure.ac or configure doesn't exist (eg if you checked
73
88
the code out of CVS yourself) then you will need autoconf-2.61 to rebuild
74
89
the automatically generated files by running "autoreconf". Earlier
75
version may also work but this is not guaranteed.
90
versions may also work but this is not guaranteed.
77
92
http://www.gnu.org/software/autoconf/
162
177
need the S/Key libraries and header files installed for this to work.
164
179
--with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow|deny)
165
support. You will need libwrap.a and tcpd.h installed.
167
182
--with-md5-passwords will enable the use of MD5 passwords. Enable this
168
183
if your operating system uses MD5 passwords and the system crypt() does
180
195
--with-default-path=PATH allows you to specify a default $PATH for sessions
181
196
started by sshd. This replaces the standard path entirely.
183
--with-pid-dir=PATH specifies the directory in which the ssh.pid file is
198
--with-pid-dir=PATH specifies the directory in which the sshd.pid file is
186
201
--with-xauth=PATH specifies the location of the xauth binary