Building OpenSSH Server on Debian 9 from source

Owned by Alex Perez Mendez
Last updated: Feb 15, 2018
2 min read

Debian 9 does not ship with a version of OpenSSH that is compatible with Moonshot. To get Moonshot support for it, you must install a specific Moonshot-enabled version. The following instructions will guide you through the package building process.

Contents

All of the instructions below assume that you have root access, and will work as the root user (either directly or using sudo).

The instructions on this page will replace the system provided OpenSSH packages with the Moonshot enabled ones (don't worry, standard SSH things will still work!)

Following the instructions on this page will give you a Moonshot-enabled OpenSSH Server only.

1. System Preparation

1.1. Add the Moonshot libraries.

If you have not already done so, you first need to follow the instructions on how to install the Moonshot Libraries on Debian 9.

1.2. Prepare the building environment

  1. Install the required packages.

    apt-get install build-essential dpkg-dev fakeroot gnupg lintian patch patchutils strace unzip pbuilder debian-builder quilt automake autoconf debhelper dh-make devscripts libgtk2.0-dev libedit-dev libselinux1-dev
apt-get source openssh
apt-get build-dep openssh

2. Building instructions

  1. Download the gssapi-generic.patch and the openssh-nulluser-7.4p1.patch to your /tmp directory, then build the packages.

     cd openssh-7.4p1
 cp /tmp/debian-gssapi-generic.patch debian/patches
 cp /tmp/openssh-nulluser-7.4p1.patch debian/patches
 echo "debian-gssapi-generic.patch" >> debian/patches/series
 echo "openssh-nulluser-7.4p1.patch" >> debian/patches/series
 debuild -us -uc

3. Installation Instructions

  1. The new packages can be installed with dpkg.

    $ dpkg -i ../openssh-server_7.4p1-X_<arch>.deb

4. Configuration Instructions

4.1. Configure APT

Debian 9 currently ships with OpenSSH 7.4p1 as well. So that you can install our OpenSSH, and not have it reverted back to the non-Moonshot-enabled system-provided OpenSSH next time you do an apt-get upgrade, we must tell apt that the manually-installed version has precedence over the official Debian repositories.

  1. Create a file called /etc/apt/preferences.d/moonshot, with the following content:

    Package: *
Pin: release o=moonshot
Pin-Priority: 1200
 
Package: openssh*
Pin: release o=Debian
Pin-Priority: -10

4.2. Configure OpenSSH

Once installed, the Moonshot-enabled OpenSSH server will still need a few quick tweaks in order to turn on the Moonshot support.

Follow the configuration instructions on the OpenSSH Server page to configure the server.