OpenSSH 1.2.3 Configure

David G. Hesprich dghespri at sprintparanet.com
Sat Mar 11 19:47:23 EST 2000


It's *very* late here (or very early, depending on how you look at it), so
please forgive me if this is incoherent. I thought I'd put this out there
and perhaps save a few people some frustration.

The configure script is much improved, but I still had problems with the
OpenSSL detection. Had to tweak it a bit:

*** configure-1.2.3pre1 Sat Mar 11 03:29:00 2000
--- configure   Sat Mar 11 03:15:55 2000
***************
*** 1887,1895 ****
  fi
  echo $ac_n "checking for OpenSSL/SSLeay directory""... $ac_c" 1>&6
  echo "configure:1890: checking for OpenSSL/SSLeay directory" >&5
! for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl
/usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
        if test ! -z "$ssldir" ; then
!               LIBS="$saved_LIBS -L$ssldir -lcrypto"
                CFLAGS="$CFLAGS -I$ssldir/include"
                if test "x$need_dash_r" = "x1" ; then
                        LIBS="$LIBS -R$ssldir/lib"
--- 1887,1896 ----
  fi
  echo $ac_n "checking for OpenSSL/SSLeay directory""... $ac_c" 1>&6
  echo "configure:1890: checking for OpenSSL/SSLeay directory" >&5
! #for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl
/usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
! for ssldir in "" $tryssldir ; do
        if test ! -z "$ssldir" ; then
!               LIBS="$saved_LIBS -L$ssldir/lib -lcrypto"
                CFLAGS="$CFLAGS -I$ssldir/include"
                if test "x$need_dash_r" = "x1" ; then
                        LIBS="$LIBS -R$ssldir/lib"

Checking for all the alternate locations is a bit excessive - cutting down
on the search path reduces the time it takes those test to complete
dramatically, asking the user to provide something like
"--with-ssl-dir=/usr/local/ssl" isn't too bad, IMHO. The rsaref2 defetection
appeared to work fine.

Manuals are still complete hash on my Solaris 7 box. Any pointers on what's
causing it and how to fix would be appreciated.

Oh, hey - how about adding a configuration file token for setting the
connection banner (assuming my request isn't violating any protocol specs)?
Giving away the version number is convenient, but not very secure. It'd be
nice to be able to say, put "Banner "sshd (you can't have my version
number)"" in the sshd_config, and connect to port 22 and see that, rather
than "SSH-1.5-OpenSSH-1.2.3" (which is a good default, but not my first
choice for a production box)...


Thanks,
-David Hesprich






More information about the openssh-unix-dev mailing list