How to compile SSH on Jaguar (Mac OS X), technical question

Wed Dec 10 23:54:25 EST 2003

Dear Mr. Farmer.
Dear community.
Am 09.12.2003 um 17:42 schrieb Andrew Farmer:
>
> Well, OS X doesn't depend on sshd being active -- all I think file 
> sharing
> depends on is a working ssh client.
Fine. Thank you.

> Again, though, what's wrong with the implementation that's already
> installed?

Well, there are many reasons to use a strict set of security rules in a 
company. Say you have several users permittet do login as root. The 
Admin may become ill or you develop mac products and share a whole mac 
pool between a handful programmers.

Then you certainly want to have strict settings of what is allowed with 
ssh and what not. When time becomes an sparse you may certainly don't 
want to open doors by config errors to your computer you or your (maybe 
less experienced) collegues don't want. You do some changes, do them 
fast and voilà, an error occured -> a door is open.

There is another point I want you to think about: How do I find out, 
which options Apple used during compile? Did they enable everything? I 
fear yes, for users convenience.

Me, I only use public key auth and I am playing around with port 
forwarding Linux<->Mac. So I disable everything, rsh encryption, 
unencryted transmissions but I like to keep tcp wrappers becourse they 
make X Forwarding more flexible, since they allow a third computer to 
use my frowarded ssh session on second computer to server computer one 
with the GatewayPorts keyword (or the -g option). That looks like:

Server (IMAP) --- ssh--- client --- ssh client in different room.

The latter could also use frowarded www pages which are hosted on 
company but forbidden by proxy so they would only be visible in the 
companies LAN. So I can watch the pages at home in my working room AND 
by a second ssh session from a second (and even more computers) 
standing elsewhere. If I allow, even from a local coffee shop, assuming 
they have linux installed (the easiest) or a mac which has tcp wrappers 
compiled into OpenSSH. (Or from a laptop via WAP / Telephone-Internet 
connection assuming you are on hollidays and want to see the latest 
announcements).

My HOWTO is nothing for Mac users in the consumer segment, more for 
professionals who already know OpenSSH and want to know how to easily 
integrate a customized OpenSSH into OS X. I won't advertize certain 
compile options, I just tell the one I use and why. I will suggest 
reading the book: "SSH Secure Shell by Barett, Daniel J., O'Reilly" and 
the man pages. For a everyda setup, the man pages are sufficient but 
then you almost certainly don't want to compile OpenSSH yourself.

I hope I clarified my standpoint and I convinced you. I use OpenSSH for 
about 8 Months now and I am certainly not an expert. But I am a Mac 
expert, I have written Software for Mac for several years now. If you 
still are not convinced, answer this posting, please so we can discuss. 
I love discussions and I love to learn.

Greetings,
Robert Welz