Modifying 7.9p1 to use PAM

[Nico Kadel-Garcia]

On Wed, Feb 13, 2019 at 11:04 PM Nico Kadel-Garcia <nkadel at gmail.com> wrote:
>
> On Thu, Feb 7, 2019 at 11:16 PM Damien Miller <djm at mindrot.org> wrote:
> >
> > On Fri, 8 Feb 2019, CLOSE Dave wrote:
> >
> > > I deal with a large number of internal machines that have not been
> > > updated for a while and which I am not at liberty to update. They run
> > > Fedora 20 which includes openssh 6.4p1. For various reasons, I'd like to
> > > put a more recent version on these machines but, of course, no package
> > > is available for that.
> > >
> > > Trying the portable version of openssh 7.9p1, I found that I can easily
> > > make it work by building my own package with rpmbuild. But it appears
> > > that the program is not actually built, just packaged, which leaves me
> > > with only the default options selected. As this is Fedora, I need to
> > > enable PAM. Has anyone done something similar? Can anyone offer some
> > > clues on how to proceed?
> >
> > You could try building a RPM using the contrib/openssh.spec in the
> > source distribution. It includes PAM support by default.
>
> That .spec file is not well maintained. The Source URL for
> x11-ssh-askpass, for example, is not valid, and it uses SysV init
> rather than systemd.

It's better than I thought. It apparently had not been updated for
RHEL 7, but it did work for RHEL 6. I submitted some patches at
https://github.com/openssh/openssh-portable/pull/117

These do not necessarily match the sshd_config and ssh_config from
RHEL, but it seems to work.