ALL AS 'root' (su -) ##### Change dir an get tar.gz files cd /usr/local wget http://www.openssl.org/source/openssl-0.9.6.tar.gz wget ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-2.5.1p2.tar.gz ##### Install at first OpenSSL tar -xvf openssl-0.9.6.tar.gz cd openssl-0.9.6 ./config make make test make install ##### Install OpenSSH cd /usr/local tar -xvzf openssh-2.5.1p2.tar.gz cd openssh-2.5.1p2 ./configure --sysconfdir=/etc --with-pam ##### When end, we can read OpenSSH configured has been configured with the following options. User binaries: /usr/local/bin System binaries: /usr/local/sbin Configuration files: /etc Askpass program: /usr/local/libexec/ssh-askpass Manual pages: /usr/local/man/manX PID file: /var/run Random number collection: Device (/dev/urandom) Manpage format: man PAM support: yes KerberosIV support: no AFS support: no S/KEY support: no TCP Wrappers support: no MD5 password support: no IP address in $DISPLAY hack: no Use IPv4 by default hack: no Translate v4 in v6 hack: yes Host: i586-pc-linux-gnu Compiler: gcc Compiler flags: -g -O2 -Wall Preprocessor flags: -I/usr/local/ssl/include Linker flags: -L/usr/local/ssl/lib Libraries: -lpam -ldl -lz -lnsl -lutil -lcrypto PAM is enabled. You may need to install a PAM control file for sshd, otherwise password authentication may fail. Example PAM control files can be found in the contrib/ subdirectory ##### After configure make make install ##### We get (No real keys and doms) Generating public/private rsa1 key pair. Your identification has been saved in /etc/ssh_host_key. Your public key has been saved in /etc/ssh_host_key.pub. The key fingerprint is: cd:44:11:ab:dc:77:88:98:ff:88:55:31:78:10:60:10 [EMAIL PROTECTED] Generating public/private dsa key pair. Your identification has been saved in /etc/ssh_host_dsa_key. Your public key has been saved in /etc/ssh_host_dsa_key.pub. The key fingerprint is: cd:44:11:ab:dc:77:88:98:ff:88:55:31:78:10:60:10 [EMAIL PROTECTED] Generating public/private rsa key pair. Your identification has been saved in /etc/ssh_host_rsa_key. Your public key has been saved in /etc/ssh_host_rsa_key.pub. The key fingerprint is: cd:44:11:ab:dc:77:88:98:ff:88:55:31:78:10:60:10 [EMAIL PROTECTED] ##### Copy the PAM control file from redhat 'contrib' dir to 'etc' ##### Failure to install a valid PAM file may result in an inability to ##### use password authentication. If file exist make first a backup cd /etc/pam.d ls ssh* ##### If file exist cp sshd sshd.ori ##### Then copy the redhat 'contrib' cp /usr/local/openssh-2.5.1p2/contrib/redhat/sshd.pam sshd ##### Copy the start script file from redhat 'contrib' dir to 'etc' ##### If file exist make first a backup cd /etc/rc.d/init.d ls ssh* ##### If file exist cp sshd sshd.ori ##### Then copy the redhat 'contrib' cp /usr/local/openssh-2.5.1p2/contrib/redhat/sshd.init sshd ##### This script need litle edition vi /etc/rc.d/init.d/sshd ##### Where say... KEYGEN=/usr/bin/ssh-keygen RSA1_KEY=/etc/ssh/ssh_host_key RSA_KEY=/etc/ssh/ssh_host_rsa_key DSA_KEY=/etc/ssh/ssh_host_dsa_key ##### Change for... KEYGEN=/usr/local/bin/ssh-keygen RSA1_KEY=/etc/ssh_host_key RSA_KEY=/etc/ssh_host_rsa_key DSA_KEY=/etc/ssh_host_dsa_key ##### Save and Quit :wq ##### Make the needed link cd /etc/rc.d/rc3.d ln -s ../init.d/sshd S75sshd ##### Go to '/etc' dir for edit the SSH conf file cd /etc vi /etc/sshd_config ##### Cut & Paste (This work for password login) ##### Read the manual for RSA/DSA keys login) Port 22 ListenAddress 0.0.0.0 Protocol 2 HostKey /etc/ssh_host_key HostKey /etc/ssh_host_dsa_key #HostKey /etc/ssh_host_rsa_key ServerKeyBits 1024 LoginGraceTime 120 KeyRegenerationInterval 1800 PermitRootLogin no AllowUsers root admin IgnoreRhosts yes StrictModes yes X11Forwarding no X11DisplayOffset 10 PrintMotd no KeepAlive yes SyslogFacility AUTH LogLevel INFO RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication no PasswordAuthentication yes PermitEmptyPasswords no MaxStartups 10:30:60 #Banner /etc/issue.net Subsystem sftp /usr/local/libexec/sftp-server ##### Save and Quit :wq ##### Make the needed link to sshd cd /usr/sbin ln -s /usr/local/sbin/sshd sshd ##### Test the link for start sshd cd /etc/rc.d/rc3.d ./S75sshd start ##### We can read Starting sshd: ok ##### Next, test the link for stop sshd ./S75sshd stop ##### We can read Shutting down sshd: sshd ok ##### Start sshd again ./S75sshd start ##### And check status ./S75sshd status ##### We can read (pid can be different) sshd (pid 22002) is running... ##### Test the installation ssh -v ##### We can read OpenSSH_2.5.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f Usage: ssh [options] host [command] .... ##### Change to 'admin' exit ##### And test the conection ssh -v -l admin localhost ##### We can read OpenSSH_2.5.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f debug: Reading configuration data /etc/ssh_config debug: ssh_connect: getuid 110 geteuid 0 anon 0 debug: Connecting to localhost [127.0.0.1] port 22. debug: Seeding random number generator .... admin@localhost's password: ##### Press Ctrl+C for quit ##### Close telnet session exit, logout, etc... ##### And finally, start your prefered SSH client and connect to SSH(2) ##### (PuTTY, SecureCRT, ...) REMENBER TO CHANGE YOUR OLD PASSWORDS!!! passwd user ##### Read the documentation of OpenSSH is very recommended. Hope this help. RB _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
