[Bug 3461] General observations

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Jul 14 09:55:41 AEST 2022


https://bugzilla.mindrot.org/show_bug.cgi?id=3461

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net

--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to ricky.tigg from comment #0)
[...]
> Source | https://github.com/openssh/openssh-portable
> 
> "libcrypto from either LibreSSL or OpenSSL may also be used, but
> OpenSSH may be built without it supporting a subset of crypto
> algorithms.
> 
> **Installed components**

libcrypto is the file.  Depending on the platform and library type it
can end in .so, .a, .sl or maybe something else.  On Linuxes, the name
of the package it's in varies with the distro.  In Redhat-derived
distros it's usually "openssl-libs":

$ rpm -qf /usr/lib/libcrypto.so.3
openssl-libs-3.0.5-1.fc36.i686

To build software against it, you'll also need to install its headers. 
Again, the name of the package varies with distro.  Quoting from
README.platform:

"""
Some Linux distributions (including Red Hat/Fedora/CentOS) include
headers and library links in the -devel RPMs rather than the main
binary RPMs. If you get an error about headers, or complaining about a
missing prerequisite then you may need to install the equivalent
development packages.  On Redhat based distros these may be
openssl-devel,
zlib-devel and pam-devel, on Debian based distros these may be
libssl-dev, libz-dev and libpam-dev.
"""

> Above outputs indicate LibreSSL and OpenSSL as being not installed
> which is attested as well.

That is not the case.

> Unknown is the object "supporting a subset of crypto algorithms" refers to.

It means an OpenSSH built --without-openssl will support only a subset
of the public-key and symmetric cryptographic algorithms (basically
just ed25519 and AES) that one built with OpenSSL would.  I'll try to
clarify the text.

> _Note_: In `configure --help`,as we can notice it, the syntax of the
> command is invalid; I guess that the correct syntax was intended
> instead, as it is elsewhere there, which is then `./configure
> --help`, otherwise as expected the following would be produced:

Whether you need "configure" or "./configure" is a function of your
shell and its paths.  That said, in the help output generated by the
current versions of autoconf include the "./":

$ ./configure --help | head -3
`configure' configures OpenSSH Portable to adapt to many kinds of
systems.

Usage: ./configure [OPTION]... [VAR=VALUE]...

I did find one instance of "configure --help" without the ./ in
README.md which I'll change.

> In `./configure --disable-FEATURE` the obvious is noticeable; the
> lack of mention of such features or link to them. No mentions at
> https://www.openssh.com/features.html neither.

I'm not sure what you're referring to here.  Could you please
elaborate?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list