Setting Up OpenSSH

Download from: www.openssh.com

Requirements:
-zlib
-openssl

Zlib
Fortunately, zlib was already installed on all of our machines. All that was required was to create the following links, which should have been created when zlib was installed, but weren't.

ln -s /opt/zlib/lib/libz.a /usr/lib/libz.a
ln -s /opt/zlib/lib/libz.sl /usr/lib/libz.sl
ln -s /opt/zlib/include/zconf.h /usr/include/zconf.h
ln -s /opt/zlib/include/zlib.h /usr/include/zlib.h

OpenSSL
After downloading openssl from www.openssl.org , unzip and untar it. Then from its home directory, run the following to set everything up.

(as your normal user self)
./config
make
(as root)
make install

The above procedure puts the files in /usr/local, which is where they should go on linux machines. For the Hp-ux machines, make the following change, which will put the files to /opt/openssl.

./config --prefix=/opt/openssl

For linux machines, openssl installation is now finished. For hp-ux machines, some links need to be created. Basically, from /usr/local/bin to /opt/openssl/bin first. Then from /usr/lib to /opt/openssl/lib and from /usr/include to /opt/openssl/include.

OpenSSH
It works much in the same way as openssl. Unzip and untar and run the following commands:

(as your normal user self)
./configure --prefix=/opt/openssh --with-tcp-wrappers
make
(as root)
make install

The above is the exact syntax for hp-ux, if using linux, leave off the --prefix=/opt/openssh part. The --with-tcp-wrappers flag is because we want to tcp-wrappers support. This of course means that tcp-wrappers must be installed. Specifically, it is looking for the files, /usr/include/tcpd.h and /usr/lib/libwrap.a. Make sure these are there or that there are links pointing to wherever they are. Also, note that the config command won't run unless perl5 has been installed. perl -v will give you the version of perl that you are running.

On linux, the installation went smoothly with no major problems. Hp-ux, on the other hand, had lots of difficulties. However, they were all solved by installing binutils and gcc. For some reason, the HP C compiler wouldn't compile openssh, but gcc worked fine. Binutils and gcc for hp-ux can be downloaded from the Software Porting and Archive Centre for HP-UX.

Since the root directory on the HPs was changed to /opt/openssh.., the PATH needs to be changed to reflect this location. However, since the path here in the shop is already ridiculously long, links will be created in /usr/local/bin and /usr/local/sbin. So next a link was created in /usr/local/bin for each program in /opt/openssh/bin. And a link was created in /usr/local/sbin/sshd to /opt/openssh/sbin/sshd.

The last step was to make a change to enable X11 Forwarding, which will automatically set the DISPLAY variable when logging in using ssh. This is done by editing /usr/local/etc/ssh_config and /usr/local/etc/sshd_config on the linux machines and /opt/openssh/etc/ssh_config and /opt/openssh/etc/sshd_config on the hp-ux machines. The files should have a line like the following:

ssh_config
ForwardX11 yes

sshd_config
X11Forwarding yes

That's it. Run /usr/local/sbin/sshd as root to start it. If you log in to a machine that you previously logged in to, you may get an error about someone doing something nasty. To stop this error, edit ~/.ssh/known_hosts and delete the line with the hostname in question.

EDG Shop Specifics

Make sure to change the default path so that the good gcc is used and not the somewhat hindered one provided by Mentor Graphics. Path to good gcc is /opt/gcc/bin/gcc.

Since the root directory on the HPs was changed to /opt/openssh.., the PATH needs to be changed to reflect this location. However, since the path here in the shop is already ridiculously long, links will be created in /usr/local/bin and /usr/local/sbin. So next a link was created in /usr/local/bin for each program in /opt/openssh/bin. And a link was created in /usr/local/sbin/sshd to /opt/openssh/sbin/sshd.