Versions Compared

Old Version 23

changes.mady.by.user Stefan Paetow

Saved on

compared with

New Version 24

changes.mady.by.user Stefan Paetow

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel

RHEL 6 / CentOS 6 / Scientific Linux 6 (RHEL/CentOS/SL 6) does not ship with a version of OpenSSH that is compatible with Moonshot (they ship with a non-Moonshot-enabled v5.3 of OpenSSH). To get Moonshot support for it, you must install a specific Moonshot-enabled version (v5.9). We do not yet have a precompiled version available in our repositories, so you will need to re-compile it by hand.

Contents

Table of Contents

...

Note

The instructions on this page will replace the system provided OpenSSH packages with the Moonshot enabled ones (don't worry, standard SSH things will still work!).

Info

We currently have patching available for RHEL/CentOS/SL 6.4, 6.5, and 6.6.

Info

Following the instructions on this page will give you a Moonshot-enabled OpenSSH Server only.

Numberedheadings

System Preparation

Add the Moonshot libraries.

If you have not already done so, you first need to follow the instructions on how to .

Install prerequisites

You will need various packages installed in order to build OpenSSH from scratch. Install them via yum:

bash

Add the Moonshot OpenSSH Repository

  1. We've moved the OpenSSH packages from the main Moonshot repository into their own, so add the Moonshot RedHat OpenSSH repository to your system by creating a new file at /etc/yum.repos.d/moonshot.repo with the following content:

    true

Ensure that your hostname is correct

The channel bindings check requires that the hostname of your SSH server match the hostname people are SSHing to. That is, the output of the "hostname" and "hostname -f" command commands should match the FQDN of the server. If it doesn't, change the relevant line in /etc/sysconfig/network to make it so.

Installation Instructions

Get the sources and patches

If you do not have any rpmbuild directories already, create them now.

bash

  • Download the OpenSSH sources for your particular minor version of RHEL/CentOS/SL into the SOURCES directory. The sources are available at the following locations:

    • Navigate to the SOURCES directory and extract the source from the RPM.

    bash

    Download the Moonshot patches into the SOURCES directory.

    bash
  • Navigate to the SPECS directory and download the Moonshot-enabled OpenSSH spec file for your particular version of RHEL/CentOS/SL. The sources are available at the following locations:
    1. CentOS 6.6: http://iam.cf.ac.uk/moonshot/patches/openssh/openssh-6.6-104.spec
    2. CentOS 6.5: http://iam.cf.ac.uk/moonshot/patches/openssh/openssh-6.5-94.spec
    3. CentOS 6.4: http://iam.cf.ac.uk/moonshot/patches/openssh/openssh-6.4-84.spec

    • Rename the file you downloaded to "openssh.spec", overwriting the existing copy:

    (For CentOS 6.6)

    Build OpenSSH

    Now we're ready to build the Moonshot-enabled version of OpenSSH.

    Make sure you're in the SPECS directory and execute an RPM build.

    If the build was successful, in your /rpmbuild/RPMS/x86_64 directory you should find RPMs for the following:

      • openssh
      • openssh-askpass
      • openssh-clients
      • openssh-ldap
      • openssh-server
      • pam_ssh_agent_auth

    Installing your new RPMs

    Now we're ready to install the new Moonshot-enabled OpenSSH packages.

    Remove the existing OpenSSH packages

    If you've already customised your OpenSSH server configuration, you may wish to back up that configuration now.

     

    Remove the existing OpenSSH packages using yum.

    bash

    Install the new OpenSSH packages

    1. Install the new OpenSSH packages using rpm.

      If you backed up your existing configuration, restore it now.Install the Moonshot-enabled pre-compiled OpenSSH packages using yum. This will replace the system provided OpenSSH.

      bash

    Configuration Instructions

    Once installed, the Moonshot-enabled OpenSSH server will still need a few quick tweaks in order to turn on the Moonshot support.

    1. Configure the OpenSSH server to use Moonshot by editing /etc/ssh/sshd_config. Check the following lines are present and uncommented:

      true

    2. Now restart the OpenSSH server

    3. Configure the .