sonic-openssh/INSTALL

1. Prerequisites
----------------

You will need working installations of Zlib and OpenSSL.

Zlib:
http://www.cdrom.com/pub/infozip/zlib/

OpenSSL:
http://www.openssl.org/

OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system
supports it. PAM is standard on Redhat and Debian Linux and on Solaris.

PAM:
http://www.kernel.org/pub/linux/libs/pam/

If you wish to build the GNOME passphrase requestor, you will need the GNOME
libraries and headers.

GNOME:
http://www.gnome.org/

If you are planning to use OpenSSH on a Unix which lacks a Kernel random
number generator (/dev/urandom), you will need to install the Entropy
Gathering Daemon (or similar). You will also need to specify the 
--with-egd-pool option to ./configure.

EGD:
http://www.lothar.com/tech/crypto/

GNU Make:
ftp://ftp.gnu.org/gnu/make/

OpenSSH has only been tested with GNU make. It may work with other
'make' programs, but you are on your own.

2. Building / Installation
--------------------------

To install OpenSSH with default options:

./configure
make
make install

This will install the OpenSSH binaries in /usr/local/bin, configuration files
in /usr/local/etc, the server in /usr/local/sbin, etc. To specify a different
installation prefix, use the --prefix option to configure:

./configure --prefix=/opt
make
make install

Will install OpenSSH in /opt/{bin,etc,lib,sbin}. You can also override 
specific paths, for example:

./configure --prefix=/opt --sysconfdir=/etc/ssh
make
make install

This will install the binaries in /opt/{bin,lib,sbin}, but will place the
configuration files in /etc/ssh.

If you are using PAM, you will need to manually install a PAM control
file as "/etc/pam.d/sshd" (or wherever your system prefers to keep
them). A generic PAM configuration is included as "sshd.pam.generic",
you may need to edit it before using it on your system.

There are a few other options to the configure script:

--enable-gnome-askpass will build the GNOME passphrase dialog. You
need a working installation of GNOME, including the development
headers, for this to work.

--with-random=/some/file allows you to specify an alternate source of
random numbers (the default is /dev/urandom). Unless you are absolutly
sure of what you are doing, it is best to leave this alone.

--with-egd-pool=/some/file allows you to enable Entropy Gathering
Daemon support and to specify a EGD pool socket. You will need to
use this if your Unix does not support the /dev/urandom device (or
similar).

--with-kerberos4 will enable Kerberos IV support. You will need to
have the Kerberos libraries and header files installed for this to
work.

--with-afs will enable AFS support. You will need to have the Kerberos
IV and the AFS libraries and header files installed for this to work.

--with-skey will enable S/Key one time password support. You will need
the S/Key libraries and header files installed for this to work.

--with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow|deny)
support. You will need libwrap.a and tcpd.h installed.

--with-md5-passwords will enable the use of MD5 passwords. Enable this
if your operating system uses MD5 passwords without using PAM.


3. Configuration
----------------

The runtime configuration files are installed by in ${prefix}/etc or 
whatever you specified as your --sysconfdir (/usr/local/etc by default).

The default configuration should be instantly usable, though you should 
review it to ensure that it matches your security requirements.

To generate a host key, issue the following command: (replacing
/etc/ssh/ssh_host_key with an appropriate path)

/usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N ''

For more information on configuration, please refer to the manual pages 
for sshd, ssh and ssh-agent.