installing ssh

Naturally, I could just copy ssh from my regular ubuntu-installation, but that wouldn't as rewarding, and it is nice to be able to exclude features I don't need.

OpenSSL

To build ssh, we first need openssl. I set PREFIX to a separate directory, to be able to run make install with full control over which files is included in the distribution.

mkdir /home/build/firewall/dist
PREFIX=/home/build/firewall/dist
cd openssl-1.0.0c/
./config --prefix=$PREFIX
make -j 3
make install

OpenSSH is statically linked with OpenSSL, so no openssl-files are actually needed on the firewall. The openssl client utilities are meant for manipulating certificates or testing ssl connections. This functionality will not be needed on the firewall.

OpenSSH

Openssh built in a similar fashion:

cd ../openssh-5.6p1/
./configure --help
./configure --with-ssl-dir=$PREFIX --prefix=$PREFIX --with-privsep-user=sshd --with-4in6
./configure --help
make -j 3
make install

From the dist-directory I made a selective installation of just some utilities:

• ssh
• ssh-add
• ssh-agent
• ssh-keygen
• ssh-keyscan

all installed in /usr/bin, and sshd installed in /usr/sbin. Configurationfiles are taylored and put in /etc/ssh. The daemon is started from inittab using:

::respawn:/usr/sbin/sshd -f /etc/ssh/sshd_config