Fwd: Re: openssh on a non-PAM system?

Niels Provos provos at outguess.org
Tue Dec 7 09:54:36 EST 1999

FYI.  Maybe ppl with access to Solaris can look at this.


From: mark at salfrd.ac.uk (Mark Powell)
Newsgroups: comp.security.ssh
Subject: Re: openssh on a non-PAM system?
Date: 6 Dec 1999 14:10:21 -0000
Message-ID: <82gg4d$15ta$1 at plato.salford.ac.uk>

In article <x7zovrqhrv.fsf at bombadil.nic.net>,
Dan Lowe  <dan at bombadil.nic.net> wrote:
>mark at salfrd.ac.uk (Mark Powell) writes:
>This is what I did:
>   1. Install OpenSSL and EGD as recommended by the Install docs at
>      http://violet.ibs.com.au/openssh/files/INSTALL
>      and started up "/usr/local/bin/egd.pl /etc/egd.pool"
>      (Don't forget to drop this in a startup script that runs prior
>      to sshd being started).
>   2. Grabbed the tar.gz noted above, untarred etc.
>   3. Ran ./configure --with-egd-pool=/etc/egd.pool --prefix=/usr/local
>   4. Edited Makefile, removing "-lpam" from the "LIBS=" line.
>   5. Edited config.h, commenting out the "#define HAVELIBPAM 1" line.

I tried the same, although, I think the --without-pam switch would remove
the need for steps 4 and 5? Although, it doesn't :)

>   6. Ran "make"

Using gmake, it falls over straight away on 2.5.1 (gcc-2.95.1) and
2.7 (gcc-2.95), with:

gcc -O2 -fomit-frame-pointer -Wall -I/usr/local/ssl/include
-DETCDIR=\"/usr/local/etc\" -DSSH_PROGRAM=\"/usr/local/bin/ssh\"
-DHAVE_CONFIG_H   -c authfd.c -o authfd.o
In file included from ssh.h:25,
                 from authfd.c:19:
rsa.h:40: parse error before `__P'
rsa.h:42: parse error before `__P'
rsa.h:44: parse error before `__P'
rsa.h:45: parse error before `__P'

a quick:

#define __P(p)	p

in rsa.h fixes that.
  Then falls over linking ssh, with:

gcc -o ssh ssh.o sshconnect.o log-client.o readconf.o clientloop.o
libssh.a  -lpam -ldl -lsocket -lnsl -lz -lcrypto  -L/usr/local/ssl/lib
-lssl -lcrypto 
Undefined                       first referenced
 symbol                             in file
daemon                              ssh.o
ld: fatal: Symbol referencing errors. No output written to ssh
collect2: ld returned 1 exit status
make: *** [ssh] Error 1

a manual link adding bsd_daemon.o on 2.7 fixes this.
  2.5.1 additionally complains of missing:

snprintf                            ssh.o
vsnprintf                           log-client.o

which it doesn't have <sigh>. I continued on the 2.7 machine...

>   7. I found that "make install" was broken so I manually copied all the
>      files into place.  You can do this easily by hand by reading the
>      steps for the install target in Makefile and doing them yourself.
>      Or if you figure out what I should have done to fix my Makefile let
>      me know. :)

Simply s/m644/m 644/ made it work, but as you note it doesn't make the
host_key for you.

>   8. /usr/local/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N ''

I thought the whole idea of '--prefix=/usr/local' was to have everything
under /usr/local? Why it still wants to find it there <hmmm>

>   9. /usr/local/sbin/sshd
>SunOS bombadil 5.6 Generic_105181-15 sun4u sparc SUNW,UltraSPARC-IIi-Engine

After much fiddling, I find it still won't process /etc/default/login at
login, leaving the environment different from a standard login. I'm going
back to ssh-1.2.27.

Mark Powell - UNIX System Administrator - Clifford Whitworth Building
A.I.S., University of Salford, Salford, Manchester, UK.
Tel: +44 161 295 5936  Fax: +44 161 295 5888  www.pgp.com for PGP key
M.S.Powell at ais.salfrd.ac.uk (spell salford correctly to reply to me)

More information about the openssh-unix-dev mailing list