how to build ssh2

belsebubben

Registered
Just finished building ssh2. Main problem is that os x comes with open ssl 0.9.5a libraries but no headers.

1) Download latest zlib from
http://www.freesoftware.com/pub/infozip/zlib/
unpack it...
cd into the dir
run these three

./configure --prefix=/usr/local/zlib-1.1.3
make
sudo make install

2) Download open ssl 0.9.5a (not the latest one) from
http://www.openssl.org/
unpack it...
(In theory we won't need to build this since the libs are already there.. I didn't get it to work easily though and couldn't be bothered to figure out why)

edit the "Configure" file with a text editor of your choice.
find the row
#### Solaris x86 setups
before that row insert:

"Darwin","cc:-DTIMES -DNO_GMTIME_R -O3::-D_REENTRANT:::::::::::::darwin-shared:-
dynamic",

(you can put it in somewhere else, it just happened to be there for me, and the quotes should be there)
cd into the directory...
run these three

./config
make
sudo make install

manually copy this file (why is that missing?)

sudo cp [openssl-unpack-dir]/crypto/bf/blowfish.h /usr/local/ssl/include/openssl

3) Download open ssh 2.5.2p2 from
http://www.openssh.com

run these three

./configure --with-md5-passwords --with-open-ssl-dir=/usr/local/ssl
make
sudo make install

And that is that...
you should now have a /usr/local/bin/ssh to run... I haven't tried the sshd...



[Edited by belsebubben on 03-25-2001 at 09:33 AM]
 
firstly, thanks for posting this.

secondly, i'd like to make a correction to your last configure line. instead of "--open-ssl-dir=/usr/local/ssl" you should put in "--with-ssl-dir=/usr/local/ssl".

looks like you just made a typing error when making your post.
 
Originally posted by mattyb77
firstly, thanks for posting this.

secondly, i'd like to make a correction to your last configure line. instead of "--open-ssl-dir=/usr/local/ssl" you should put in "--with-ssl-dir=/usr/local/ssl".

looks like you just made a typing error when making your post.

You're right... that's a typo.. thanks... I'm changing the original post.
 
Okay, so, this recipe will work you want to run the older version of openssl; but how will we get openssl 0.9.6 and so on to work down the road?

My problem at the moment is that openssl the application itself won't link:

cc -o openssl -DMONOLITH -I../include -dynamic -DTHREADS -D_REENTRANT -DTIMES -DNO_GMTIME_R -O3 openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o -L. -L.. -L../.. -L../../.. -L.. -lssl -L.. -lcrypto
/usr/bin/ld: Undefined symbols:
_X509_STORE_CTX_set_flags
_X509_STORE_CTX_trusted_stack
_sk_new_null
_ASN1_parse_dump
_ERR_error_string_n
_X509_CRL_digest
_d2i_RSA_NET
_i2d_RSA_NET
_ASN1_UTCTIME_cmp_time_t
_X509_email_free
_X509_get1_email
_MD4
_ftime
_X509_NAME_print_ex
_d2i_PUBKEY_bio


Now those are all defined in libcrypto, just fine, and the location is correct (-L.. relative to the apps dir), but, as you can see, it won't do it.

What's the magic here?

I wonder how long it will be before someone makes a Darwinized /usr/ports for such things. :)

Thanks for any further pointers...

 
That's great that someone has built a package for SSH, but, in my opinion, this isn't something that I'd ever want to trust. Security-centric applications such as SSH can easily be built with backdoors and one should never ever trust a precompiled binary for something that could essentially give complete system control/access such as this.

Over the last couple of months there have been a number of SSH attacks and whilst it is unlikely that this particular package has any weaknesses in it, it's of more practical use to know exactly what is needed to port something like this to Darwin/OS-X so that others can do so on their own in the future without having rely on third parties to build for them.

Just my 0.02, of course, but when it comes to security software, I'd just never want to risk it.

 
I got the SSH from versiontracker. How do I get sshd running? It says it can find a key file (I think). Looking at the man page I didn't see an obvious way to generate one. I also tried launching it via sudo.

I ddidn't find any doc with the distrubution.

Thanks for any help,
Mike
 
Nevermind, got it working. Used NetInfo, but after that was able to kill and restart from console.


Had to edit /etc/sshd_config to disable rootlogin. Prob
not a good idea that is on by default.

Mike
 
The way I made OpenSSL 0.9.6a build was, before building, to move /usr/lib/libcrypto.0.9.dylib and /usr/lib/libssl.0.9.dylib out of /usr/lib, then do the build. Unfortunately, when the link stage occurs, it finds those libraries before the ones just build with the new OpenSSL. Afterwards, just move them back.
 
Originally posted by stovak
Why couldn't have apple just built ssh into the OS like it was in the Pubic Beta?
I have this dumb gut feeling that they will do this in the next update... or at least by the end of summer.

Certainly this will be a required feature of OS X Server...

This all just seems too complicated for me at the moment, so I hope my gut feeling is right... In the meantime I'll stick with telnet at work (where I have some solace knowing I'm behind a firewall) and keep this all turned off at home...

However I totally appreaciate knowing that you all are digging into this. I am confident that one of you will release this in a nice installer that the most novice among us can use. I also trust that you'l release all of the code so that others can make sure you did not sneak anything vile into the code.
 
10.0.1 update (4L13) adds SSH to X. I have heard conflicting reports as to wether it replaces telnet as the option in sharing (the text hasn't changed but I have heard that it activates the SSH Daemon instead of telnet's).
 
Before "Allow(ing) remote login":
Code:
[localhost:~] tommywilb% ssh tommywilb@localhost
Secure connection to localhost refused.
After "Allow(ing) Remote login":
Code:
[localhost:~] tommywilb% !!
ssh tommywilb@localhost
tommywilb@localhost's password: ********
Welcome to Darwin!
Woo hoo!!!
 
In my 4L13 update, turning on "allow remote access" turned on SSH and left telnet turned off.

'Course it overwrote my 2.5.2 version of OpenSSH, but that's easily remedied.

-Rob
 
Back
Top