OpenSSH uses a couple of auxiliary libraries,
some of which are mandatory
(zlib, OpenSSL),
others are optional
(tcp-wrappers, libedit, ...).
# AIX 7.1 / C 12.1
./configure --prefix=/tmp/openssh-6.6p1 CC=cc CPPFLAGS="-D_LARGE_FILES -D_THREAD_SAFE" CFLAGS="-O2"
--with-audit=debug
--with-md5-passwords
--with-ssl-dir=/bio/local/openssl-1.0.1g
--with-zlib=/bio/local/zlib-1.2.7
--with-tcp-wrappers=/bio/local/tcp_wrappers_7.6-ipv6.4
--with-libedit=/bio/local/libedit-3.1
--with-pie
--with-ssl-engine
make
make install
OpenSSH-4.3p2 relies heavily on
OpenSSL and
prngd, i.e. the respective header and library files must exist.
An extensive description is
here
Unpack the source distribution.
Consult README.privsep how to enable privilege separation, if so desired.
export CC=cc; # use native compiler
export CFLAGS="-O2 -I/nfs/local/42// -I/opt/"; # location of headers for ssl and zlib
export LDFLAGS="-L/nfs/local/42/lib -L/opt/lib" # location of libraries for ssl and zlib
./configure --prefix=/opt/openssh-4.3p2 --with-prngd-socket=/dev/egd-pool # --sysconfdir=/etc/ssh
make clean
make
# as root:
make install
/opt/openssh-4.3p2
/opt/bin, /opt/lib, etc, by some stow procedure.
/opt/openssh-4.3p2/etc/ssh_config:
ForwardX11 yes ForwardX11Trusted yes # for OpenSSH 4.x, to avoid 'BadAtom' error
/opt/openssh-4.3p2/etc/sshd_config:
XAuthLocation /usr/bin/X11/xauth X11Forwarding yes UsePrivilegeSeparation no PidFile /var/run/sshd.pid Subsystem sftp /opt/openssh-4.3p2/libexec/sftp-serverIn case X11 connections fail with the message
X11 connection rejected because of wrong authenticationstrangely the entry
X11UseLocalhost nomight help
ssh-keygen -t rsa1 -f /opt/openssh-4.3p2/etc/ssh_host_key -N "" ssh-keygen -t rsa -f /opt/openssh-4.3p2/etc/ssh_host_rsa_key -N "" ssh-keygen -t dsa -f /opt/openssh-4.3p2/etc/ssh_host_dsa_key -N ""
/usr/bin/mkssys -s sshd -p /opt/openssh-4.3p2/sbin/sshd -a '-D' -u 0 -S -n 15 -f 9 -R -G localand in
/etc/rc.local place (and execute once for immediate startup)
startsrc -s sshd
OpenSSL first
OpenSSH subsystems:
stopsrc -s sshd
OpenSSH filesets, if applicable
unset LIBPATH
OpenSSH
/etc/ssh/ssh_config:
ForwardX11 yes ForwardX11Trusted yes # for OpenSSH 4.x, to avoid 'BadAtom' error
/etc/ssh/sshd_config:
PermitRootLogin no # if applicable, e.g. for exposed machines ReverseMappingCheck yes # if applicable, e.g. for exposed machines UseDNS yes # if applicable, e.g. for exposed machines XAuthLocation /usr/bin/X11/xauth X11Forwarding yes UsePrivilegeSeparation no ClientAliveInterval 300 # don't disconnect session PidFile /var/run/sshd.pid Subsystem sftp /usr/sbin/sftp-server
sshd
needs the following line to be enabled in /etc/inittab
l2:2:wait:/etc/rc.d/rc 2
TWWfsw depots, e.g. version 4.2.
If it does not configure automatically
(config files are in /etc/opt/TWWfsw/openssh42/),
put the startup script in the HP-UX-usual places
/sbin/init.d/TWWopenssh42 # calls /opt/TWWfsw/openssh42/sbin/sshd cd /sbin/rc1.d; ln -s /sbin/init.d/TWWopenssh42 K268TWWopenssh42 # shutdown cd /sbin/rc2.d; ln -s /sbin/init.d/TWWopenssh42 S662TWWopenssh42 # startup
/opt/ssh/etc/ssh_config:
ForwardX11 yes ForwardX11Trusted yes # for OpenSSH 4.x, to avoid 'BadAtom' error
/opt/ssh/etc/sshd_config:
XAuthLocation /usr/bin/X11/xauth X11Forwarding yes UsePrivilegeSeparation no Subsystem sftp /opt/ssh/libexec/sftp-server
/etc/ssh_config (or /etc/ssh/ssh_config):
ForwardX11 yes
/etc/sshd_config (or /etc/ssh/sshd_config):
PermitRootLogin yes # if applicable X11Forwarding yes