Since it is developed by the OpenBSD Project, the main version of OpenSSH is specifically for the OpenBSD Unix operating system, and is in fact included in the base OpenBSD installation. As a separate but related effort, another team maintains a "portable" version that compiles on a variety of Unix flavors and tracks the main development effort. The supported platforms include Linux, Solaris AIX, IRIX, HP/UX, FreeBSD, and NetBSD (OpenSSH is included in FreeBSD as well). The portable version carries a "p" suffix. For example, 2.1.1p4 is the fourth release of the portable version of OpenSSH 2.1.1.
OpenSSH depends on two other software packages: OpenSSL and zlib. OpenSSL is a cryptographic library available at http://www.openssl.com/; all the cryptography used in OpenSSH is pulled from OpenSSL. zlib is a library of data-compression routines, available at http://www.info-zip.org/pub/infozip/zlib/. Before compiling OpenSSH, you must obtain and install these packages.
Building OpenSSH is similar to building SSH1 and SSH2, with the same configure; make; make install sequence. In some versions of OpenSSH prior to 2.2.0, though, make install didn't generate and install the host keys automatically. If your host keys are missing, you can install them with make host-key.
By default, OpenSSH uses PAM for password authentication. PAM, the Pluggable Authentication Modules system, is a generic framework for authentication, authorization, and accounting (AAA). The idea is that programs call PAM to perform AAA functions, leaving the sysadmin free to configure individual programs to use various kinds of authentication, via dynamically loaded libraries. Visit http://www.kernel.org/pub/linux/libs/pam/ for more information on PAM.
PAM configuration for SSH is usually just a matter of copying the appropriate sshd.pam file from the distribution's contrib directory into place as /etc/pam.d/sshd. Sample files are included for various flavors of Unix.
Note that you don't need to restart sshd when you change the PAM configuration; the configuration files are checked on every use of PAM.
The main OpenSSH code base relies on the host operating system to provide a source of entropy, or randomness, via a device driver accessed through /dev/urandom. This is because the OpenBSD operating system has this device. If you build OpenSSH on a platform lacking such a device, such as Solaris, it needs an alternative source of randomness. There are two choices:
OpenSSH defaults to the first choice, the internal system, unless you configure it with EGD. The internal system uses a configurable set of commands that monitor changing aspects of the system operation, mixing their output together. You can control which commands are used and how, with the file /etc/ssh_prng_cmds.
4.3.5. Compilation Flags
Copyright © 2002 O'Reilly & Associates. All rights reserved.