HowTo: to enable tcpwrapper in openssh for SUSE(linux)
From: Klaus Lehmann (lehmann_klaus_at_t-online.de)
Date: 04/22/05
- Next message: Mike: "Re: ADSL connection dropping randomly"
- Previous message: Richard E. Silverman: "Re: No DISPLAY set in -X Tunneling"
- Next in thread: Nico Kadel-Garcia: "Re: HowTo: to enable tcpwrapper in openssh for SUSE(linux)"
- Reply: Nico Kadel-Garcia: "Re: HowTo: to enable tcpwrapper in openssh for SUSE(linux)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 22 Apr 2005 10:13:50 +0200
a small howto
[thanks to Darren Tucker, who showed me right way (to babylon)]
on default there's no support for tcp-warppers in SUSE's openssh.
why it is so certain?
If You will use a host_deny_list (like me! there I have listed all
ip_numbers, they don't have to knock on my ssh_door_bell), You must have
an openSSH WITH build_in_support for tcp-warppers.
[WHY doesn't have SUSE this compiled?]
read on!
1. You need following packages:
tcpd-devel
pam-devel
(they depends from version for: tcpd and pam!)
2. get openssh-3.9p1-1.src.rpm (by example)
3. configure it, like this:
configure --prefix=/usr --sysconfdir=/etc/ssh
--datadir=/usr/share/openssh --with-pam
--with-gnome-askpass --with-tcp-wrappers
--with-ipv4-default --libexecdir=/usr/lib/ssh --with-md5-passwords
(=one LINE!)
You'll get something like this:
OpenSSH has been configured with the following options:
User binaries: /usr/bin
System binaries: /usr/sbin
Configuration files: /etc/ssh
Askpass program: /usr/lib/ssh/ssh-askpass
Manual pages: /usr/man/manX
PID file: /var/run
Privilege separation chroot path: /var/empty
sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin
Manpage format: doc
PAM support: yes
KerberosV support: no
Smartcard support: no
S/KEY support: no
TCP Wrappers support: yes
MD5 password support: yes
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source: OpenSSL internal ONLY
Host: i686-pc-linux-gnu
Compiler: gcc
Compiler flags: -g -O2 -Wall -Wpointer-arith -Wno-uninitialized
Preprocessor flags:
Linker flags:
Libraries: -lwrap -lpam -ldl -lresolv -lcrypto -lutil -lz
-lnsl -lcrypt
PAM is enabled. You may need to install a PAM control file
for sshd, otherwise password authentication may fail.
Example PAM control files can be found in the contrib/
subdirectory
4. check with "nm", if there are symbols in openssh
[DTucker told this! thanks!]
nm sshd | grep refuse
You'll get: U refuse
5. than go on with installing with YOUR personal compiled package ;-)
make and make install
hope, there's no error
Yours
klaus
- Next message: Mike: "Re: ADSL connection dropping randomly"
- Previous message: Richard E. Silverman: "Re: No DISPLAY set in -X Tunneling"
- Next in thread: Nico Kadel-Garcia: "Re: HowTo: to enable tcpwrapper in openssh for SUSE(linux)"
- Reply: Nico Kadel-Garcia: "Re: HowTo: to enable tcpwrapper in openssh for SUSE(linux)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
