How to install Openssh 5 on CentOS 5.5 from RPM ?

Installing, Configuring, Troubleshooting server daemons such as Web and Mail

How to install Openssh 5 on CentOS 5.5 from RPM ?

Postby djdule » 2010/07/07 12:37:13

Hi all,

I would like to replace default OpenSSH version 4.3 with latest one (5.x). New version do support SFTP chroot, which is something I need.

Of course, it can be compiled from source, but it is worst possible option for maintenance, since I do have few servers. Does someone provide RPMs or source RPMs at least ? If yes, what is repository/URL ?

Thanks in advance.

Dusan
djdule
 
Posts: 2
Joined: 2010/07/07 12:34:08

Re: How to install Openssh 5 on CentOS 5.5 from RPM ?

Postby TrevorH » 2010/07/07 15:03:23

First: are you sure the functionality you are looking for hasn't already been backportedd to the RHEL 4.3 release?

I did build RPMs of openssh 5.3 and 5.4 at one point but I didn't see the benefits I was hoping to gain from them (there are meant to be scp performance improvements in the 5.x series). I used the freely available source tarball, unpacked it and renamed the top level dir to openssh5 then re-tarred it. I hacked the various files around so that it built and installed in parallel alongside the RHEL 4.3 version in /opt/ssh5 and you could run both versions at the same time.

No idea if patch files can be posted here and then cut and pasted successfully but...

Code: Select all
diff -ur openssh5-5.4p1/contrib/redhat/openssh.spec openssh-5.4p1/contrib/redhat/openssh.spec
--- openssh5-5.4p1/contrib/redhat/openssh.spec  2010-03-07 22:41:04.000000000 +0000
+++ openssh-5.4p1/contrib/redhat/openssh.spec   2010-03-10 00:48:59.000000000 +0000
@@ -29,6 +29,11 @@
 # Do we want kerberos5 support (1=yes 0=no)
 %define kerberos5 1

-%define _mandir /opt/ssh5/doc
-%define _sbindir /opt/ssh5/sbin
-%define _bindir /opt/ssh5/bin
-%define skip_x11_askpass 1
-
 # Reserve options to override askpass settings with:
 # rpm -ba|--rebuild --define 'skip_xxx 1'
 %{?skip_x11_askpass:%define no_x11_askpass 1}
@@ -65,7 +70,7 @@
 %endif

 Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
+Name: openssh
-Name: openssh5
 Version: %{ver}
 %if %{rescue}
 Release: %{rel}rescue
@@ -94,7 +99,7 @@
 BuildPreReq: /usr/include/security/pam_appl.h
 %endif
 %if ! %{no_x11_askpass}
+BuildPreReq: /usr/include/X11/Xlib.h
-BuildPreReq: XFree86-devel
 %endif
 %if ! %{no_gnome_askpass}
 BuildPreReq: pkgconfig
@@ -106,7 +111,7 @@

 %package clients
 Summary: OpenSSH clients.
+Requires: openssh = %{version}-%{release}
-Requires: openssh5 = %{version}-%{release}
 Group: Applications/Internet
 Obsoletes: ssh-clients

@@ -114,7 +119,7 @@
 Summary: The OpenSSH server daemon.
 Group: System Environment/Daemons
 Obsoletes: ssh-server
+PreReq: openssh = %{version}-%{release}, chkconfig >= 0.9
-PreReq: openssh5 = %{version}-%{release}, chkconfig >= 0.9
 %if ! %{build6x}
 Requires: /etc/pam.d/system-auth
 %endif
@@ -122,13 +127,13 @@
 %package askpass
 Summary: A passphrase dialog for OpenSSH and X.
 Group: Applications/Internet
+Requires: openssh = %{version}-%{release}
-Requires: openssh5 = %{version}-%{release}
 Obsoletes: ssh-extras

 %package askpass-gnome
 Summary: A passphrase dialog for OpenSSH, X, and GNOME.
 Group: Applications/Internet
+Requires: openssh = %{version}-%{release}
-Requires: openssh5 = %{version}-%{release}
 Obsoletes: ssh-extras

 %description
@@ -184,19 +189,19 @@
 %endif

 %if %{kerberos5}
+K5DIR=`rpm -ql krb5-devel | grep include/krb5.h | sed 's,\/include\/krb5.h,,'`
-K5DIR=`rpm -ql krb5-devel | grep include/krb5.h | tail -1 | sed 's,\/include\/krb5.h,,'`
 echo K5DIR=$K5DIR
 %endif

 %configure \
+       --sysconfdir=%{_sysconfdir}/ssh \
+       --libexecdir=%{_libexecdir}/openssh \
-       --sysconfdir=%{_sysconfdir}/ssh5 \
-       --libexecdir=%{_libexecdir}/openssh5 \
        --datadir=%{_datadir}/openssh \
        --with-tcp-wrappers \
        --with-rsh=%{_bindir}/rsh \
+       --with-default-path=/usr/local/bin:/bin:/usr/bin \
+       --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
+       --with-privsep-path=%{_var}/empty/sshd \
-       --with-default-path=/opt/ssh5/bin:/usr/local/bin:/bin:/usr/bin \
-       --with-superuser-path=/opt/ssh5/sbin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
-       --with-privsep-path=%{_var}/empty/ssh5d \
        --with-md5-passwords \
 %if %{scard}
        --with-smartcard \
@@ -219,7 +224,7 @@

 %if ! %{no_x11_askpass}
 pushd x11-ssh-askpass-%{aversion}
+%configure --libexecdir=%{_libexecdir}/openssh
-%configure --libexecdir=%{_libexecdir}/openssh5
 xmkmf -a
 make
 popd
@@ -247,29 +252,29 @@

 %install
 rm -rf $RPM_BUILD_ROOT
+mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
+mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
+mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd
-mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh5
-mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh5
-mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/ssh5d

 make install DESTDIR=$RPM_BUILD_ROOT

 install -d $RPM_BUILD_ROOT/etc/pam.d/
 install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
+install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
-install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh5
 %if %{build6x}
+install -m644 contrib/redhat/sshd.pam.old $RPM_BUILD_ROOT/etc/pam.d/sshd
-install -m644 contrib/redhat/sshd.pam.old $RPM_BUILD_ROOT/etc/pam.d/ssh5d
 %else
+install -m644 contrib/redhat/sshd.pam     $RPM_BUILD_ROOT/etc/pam.d/sshd
-install -m644 contrib/redhat/sshd.pam     $RPM_BUILD_ROOT/etc/pam.d/ssh5d
 %endif
+install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
-install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ssh5d

 %if ! %{no_x11_askpass}
+install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass
+ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
-install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh5/x11-ssh-askpass
-ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh5/ssh-askpass
 %endif

 %if ! %{no_gnome_askpass}
+install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
-install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh5/gnome-ssh-askpass
 %endif

 %if ! %{scard}
@@ -288,49 +293,50 @@
 rm -rf $RPM_BUILD_ROOT

 %triggerun server -- ssh-server
+if [ "$1" != 0 -a -r /var/run/sshd.pid ] ; then
+       touch /var/run/sshd.restart
-if [ "$1" != 0 -a -r /var/run/ssh5d.pid ] ; then
-       touch /var/run/ssh5d.restart
 fi

 %triggerun server -- openssh-server < 2.5.0p1
 # Count the number of HostKey and HostDsaKey statements we have.
 gawk   'BEGIN {IGNORECASE=1}
         /^hostkey/ || /^hostdsakey/ {sawhostkey = sawhostkey + 1}
+        END {exit sawhostkey}' /etc/ssh/sshd_config
-        END {exit sawhostkey}' /etc/ssh5/sshd_config
 # And if we only found one, we know the client was relying on the old default
 # behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasn't
 # specified.  Now that HostKey is used for both SSH1 and SSH2 keys, specifying
 # one nullifies the default, which would have loaded both.
 if [ $? -eq 1 ] ; then
+       echo HostKey /etc/ssh/ssh_host_rsa_key >> /etc/ssh/sshd_config
+       echo HostKey /etc/ssh/ssh_host_dsa_key >> /etc/ssh/sshd_config
-       echo HostKey /etc/ssh5/ssh_host_rsa_key >> /etc/ssh5/sshd_config
-       echo HostKey /etc/ssh5/ssh_host_dsa_key >> /etc/ssh5/sshd_config
 fi

 %triggerpostun server -- ssh-server
 if [ "$1" != 0 ] ; then
+       /sbin/chkconfig --add sshd
+       if test -f /var/run/sshd.restart ; then
+               rm -f /var/run/sshd.restart
+               /sbin/service sshd start > /dev/null 2>&1 || :
-       /sbin/chkconfig --add ssh5d
-       if test -f /var/run/ssh5d.restart ; then
-               rm -f /var/run/ssh5d.restart
-               /sbin/service ssh5d start > /dev/null 2>&1 || :
        fi
 fi

 %pre server
 %{_sbindir}/groupadd -r -g %{sshd_gid} sshd 2>/dev/null || :
+%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
-%{_sbindir}/useradd -d /var/empty/ssh5d -s /bin/false -u %{sshd_uid} \
        -g sshd -M -r sshd 2>/dev/null || :

 %post server
+/sbin/chkconfig --add sshd
-/sbin/chkconfig --add ssh5d
-

 %postun server
+/sbin/service sshd condrestart > /dev/null 2>&1 || :
-/sbin/service ssh5d condrestart > /dev/null 2>&1 || :

 %preun server
 if [ "$1" = 0 ]
 then
+       /sbin/service sshd stop > /dev/null 2>&1 || :
+       /sbin/chkconfig --del sshd
-       /sbin/service ssh5d stop > /dev/null 2>&1 || :
-       /sbin/chkconfig --del ssh5d
 fi

 %files
@@ -338,14 +344,14 @@
 %doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* PROTOCOL* TODO WARNING*
 %attr(0755,root,root) %{_bindir}/scp
 %attr(0644,root,root) %{_mandir}/man1/scp.1*
+%attr(0755,root,root) %dir %{_sysconfdir}/ssh
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
-%attr(0755,root,root) %dir %{_sysconfdir}/ssh5
-%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh5/moduli
 %if ! %{rescue}
 %attr(0755,root,root) %{_bindir}/ssh-keygen
 %attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
+%attr(0755,root,root) %dir %{_libexecdir}/openssh
+%attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
+%attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
-%attr(0755,root,root) %dir %{_libexecdir}/openssh5
-%attr(4711,root,root) %{_libexecdir}/openssh5/ssh-keysign
-%attr(0755,root,root) %{_libexecdir}/openssh5/ssh-pkcs11-helper
 %attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
 %attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
 %endif
@@ -359,7 +365,7 @@
 %attr(0755,root,root) %{_bindir}/ssh
 %attr(0644,root,root) %{_mandir}/man1/ssh.1*
 %attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
-%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh5/ssh_config
 %attr(-,root,root) %{_bindir}/slogin
 %attr(-,root,root) %{_mandir}/man1/slogin.1*
 %if ! %{rescue}
@@ -376,17 +382,17 @@
 %if ! %{rescue}
 %files server
 %defattr(-,root,root)
+%dir %attr(0111,root,root) %{_var}/empty/sshd
+%attr(0755,root,root) %{_sbindir}/sshd
+%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
-%dir %attr(0111,root,root) %{_var}/empty/ssh5d
-%attr(0755,root,root) %{_sbindir}/ssh5d
-%attr(0755,root,root) %{_libexecdir}/openssh5/sftp-server
 %attr(0644,root,root) %{_mandir}/man8/sshd.8*
 %attr(0644,root,root) %{_mandir}/man5/moduli.5*
 %attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
+%attr(0755,root,root) %dir %{_sysconfdir}/ssh
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
+%attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd
+%attr(0755,root,root) %config /etc/rc.d/init.d/sshd
-%attr(0755,root,root) %dir %{_sysconfdir}/ssh5
-%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh5/sshd_config
-%attr(0600,root,root) %config(noreplace) /etc/pam.d/ssh5d
-%attr(0755,root,root) %config /etc/rc.d/init.d/ssh5d
 %endif

 %if ! %{no_x11_askpass}
@@ -395,15 +401,15 @@
 %doc x11-ssh-askpass-%{aversion}/README
 %doc x11-ssh-askpass-%{aversion}/ChangeLog
 %doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
+%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass
+%attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass
-%attr(0755,root,root) %{_libexecdir}/openssh5/ssh-askpass
-%attr(0755,root,root) %{_libexecdir}/openssh5/x11-ssh-askpass
 %endif

 %if ! %{no_gnome_askpass}
 %files askpass-gnome
 %defattr(-,root,root)
 %attr(0755,root,root) %config %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
+%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
-%attr(0755,root,root) %{_libexecdir}/openssh5/gnome-ssh-askpass
 %endif

 %changelog
diff -ur openssh5-5.4p1/contrib/redhat/sshd.init openssh-5.4p1/contrib/redhat/sshd.init
--- openssh5-5.4p1/contrib/redhat/sshd.init     2006-04-22 11:26:08.000000000 +0000
+++ openssh-5.4p1/contrib/redhat/sshd.init      2010-03-09 17:17:24.000000000 +0000
@@ -16,18 +16,18 @@
 . /etc/rc.d/init.d/functions

 # pull in sysconfig settings
+[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
-[ -f /etc/sysconfig/ssh5d ] && . /etc/sysconfig/ssh5d

 RETVAL=0
+prog="sshd"
-prog="ssh5d"

 # Some functions to make the below more readable
+KEYGEN=/usr/bin/ssh-keygen
+SSHD=/usr/sbin/sshd
+RSA1_KEY=/etc/ssh/ssh_host_key
+RSA_KEY=/etc/ssh/ssh_host_rsa_key
+DSA_KEY=/etc/ssh/ssh_host_dsa_key
+PID_FILE=/var/run/sshd.pid
-KEYGEN=/opt/ssh5/bin/ssh-keygen
-SSHD=/opt/ssh5/sbin/ssh5d
-RSA1_KEY=/etc/ssh5/ssh_host_key
-RSA_KEY=/etc/ssh5/ssh_host_rsa_key
-DSA_KEY=/etc/ssh5/ssh_host_dsa_key
-PID_FILE=/var/run/ssh5d.pid

 do_rsa1_keygen() {
        if [ ! -s $RSA1_KEY ]; then
@@ -104,9 +104,9 @@
        do_dsa_keygen

        echo -n $"Starting $prog:"
+       initlog -c "$SSHD $OPTIONS" && success || failure
-       $SSHD $OPTIONS && success || failure
        RETVAL=$?
+       [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
-       [ "$RETVAL" = 0 ] && touch /var/lock/subsys/ssh5d
        echo
 }

@@ -115,7 +115,7 @@
        echo -n $"Stopping $prog:"
        killproc $SSHD -TERM
        RETVAL=$?
+       [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd
-       [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/ssh5d
        echo
 }

@@ -142,7 +142,7 @@
                reload
                ;;
        condrestart)
+               if [ -f /var/lock/subsys/sshd ] ; then
-               if [ -f /var/lock/subsys/ssh5d ] ; then
                        do_restart_sanity_check
                        if [ "$RETVAL" = 0 ] ; then
                                stop
diff -ur openssh5-5.4p1/Makefile.in openssh-5.4p1/Makefile.in
--- openssh5.4p1/Makefile.in    2010-02-24 07:18:51.000000000 +0000
+++ openssh-5.4p1/Makefile.in   2010-03-09 17:07:44.000000000 +0000
@@ -62,7 +62,7 @@
 INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
 INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@

+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT)
-TARGETS=ssh$(EXEEXT) ssh5d$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT)

 LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
        canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
@@ -141,7 +141,7 @@
 ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
        $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)

+sshd$(EXEEXT): libssh.a        $(LIBCOMPAT) $(SSHDOBJS)
-ssh5d$(EXEEXT): libssh.a       $(LIBCOMPAT) $(SSHDOBJS)
        $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)

 scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
@@ -243,7 +243,7 @@
 install-nosysconf: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files

 check-config:
+       -$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config
-       -$(DESTDIR)$(sbindir)/ssh5d -t -f $(DESTDIR)$(sysconfdir)/sshd_config

 install-files:
        $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
@@ -261,7 +261,7 @@
        $(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent $(DESTDIR)$(bindir)/ssh-agent
        $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen
        $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan
+       $(INSTALL) -m 0755 $(STRIP_OPT) sshd $(DESTDIR)$(sbindir)/sshd
-       $(INSTALL) -m 0755 $(STRIP_OPT) ssh5d $(DESTDIR)$(sbindir)/ssh5d
        if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \
                $(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \
        fi
@@ -368,7 +368,7 @@
        -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
        -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
        -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT)
+       -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
-       -rm -f $(DESTDIR)$(sbindir)/ssh5d$(EXEEXT)
        -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
        -rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
        -rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
@@ -394,7 +394,7 @@
            ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile ; \
        TEST_SHELL="@TEST_SHELL@"; \
        TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
+       TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \
-       TEST_SSH_SSHD="$${BUILDDIR}/ssh5d"; \
        TEST_SSH_SSHAGENT="$${BUILDDIR}/ssh-agent"; \
        TEST_SSH_SSHADD="$${BUILDDIR}/ssh-add"; \
        TEST_SSH_SSHKEYGEN="$${BUILDDIR}/ssh-keygen"; \
diff -ur openssh5-5.4p1/sshd_config openssh-5.4p1/sshd_config
--- openssh5-5.4p1/sshd_config  2009-10-11 10:51:09.000000000 +0000
+++ openssh-5.4p1/sshd_config   2010-03-09 17:10:50.000000000 +0000
@@ -10,13 +10,13 @@
 # possible, but leave them commented.  Uncommented options change a
 # default value.

+#Port 22
-Port 522
 #AddressFamily any
 #ListenAddress 0.0.0.0
 #ListenAddress ::

 # The default requires explicit activation of protocol 1
+#Protocol 2
-Protocol 2

 # HostKey for protocol version 1
 #HostKey /etc/ssh/ssh_host_key
@@ -30,13 +30,13 @@

 # Logging
 # obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
-SyslogFacility AUTHPRIV
 #LogLevel INFO

 # Authentication:

 #LoginGraceTime 2m
+#PermitRootLogin yes
-PermitRootLogin no
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
@@ -56,11 +56,11 @@
 #IgnoreRhosts yes

 # To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
-PasswordAuthentication no
 #PermitEmptyPasswords no

 # Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
-ChallengeResponseAuthentication no

 # Kerberos options
 #KerberosAuthentication no
@@ -69,8 +69,8 @@
 #KerberosGetAFSToken no

 # GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
-GSSAPIAuthentication no
-GSSAPICleanupCredentials yes

 # Set this to 'yes' to enable PAM authentication, account processing,
 # and session processing. If this is enabled, PAM authentication will
@@ -81,16 +81,21 @@
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
+#UsePAM no
-UsePAM yes
-
-# Accept locale-related environment variables
-AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
-AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
-AcceptEnv LC_IDENTIFICATION LC_ALL

 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
 #GatewayPorts no
+#X11Forwarding no
-X11Forwarding yes
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PrintMotd yes
+#PrintLastLog yes
-PrintLastLog yes
 #TCPKeepAlive yes
 #UseLogin no
 #UsePrivilegeSeparation yes
@@ -108,7 +113,7 @@
 #Banner none

 # override default of no subsystems
+Subsystem      sftp    /usr/libexec/sftp-server
-Subsystem      sftp    /usr/libexec/openssh5/sftp-server

 # Example of overriding settings on a per-user basis
 #Match User anoncvs
User avatar
TrevorH
Forum Moderator
 
Posts: 9100
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

How to install Openssh 5 on CentOS 5.5 from RPM ?

Postby pjwelsh » 2010/07/08 13:39:17

At least openssh-4.3p2-41.el5 supports sftp chroot. I have it in production. From the config file:
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
The only bad news is that the "Match" does not work with this 4.3version
pjwelsh
 
Posts: 2555
Joined: 2007/01/07 02:18:02
Location: Central IL USA

Re: How to install Openssh 5 on CentOS 5.5 from RPM ?

Postby djdule » 2010/07/09 08:50:24

pjwelsh wrote:
At least openssh-4.3p2-41.el5 supports sftp chroot. I have it in production. From the config file:
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
The only bad news is that the "Match" does not work with this 4.3version


Yes, it works, thanks for info.
btw. for having user chroot-ed, basic infrastructure must exist in it's home dir (/dev/.... etc). How do you usually create it ? Using some script maybe?
djdule
 
Posts: 2
Joined: 2010/07/07 12:34:08


Return to CentOS 5 - Server Support

Who is online

Users browsing this forum: No registered users and 1 guest