Securing-Optimizing-RH-Linux-1_2_172
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
172
CFLAGS="-O9 -funroll-loops -ffast-math -malign-double -mcpu=pentiumpro -march=pentiumpro -fomit-
frame-pointer -fno-exceptions" \
./configure \
--prefix=/usr \
--with-etcdir=/etc/ssh \
--without-idea \
--enable-warnings \
--without-rsh \
--with-libwrap \
--disable-server-port-forwardings \
--disable-client-port-forwardings \
--disable-server-x11-forwarding \
--disable-client-x11-forwarding \
--disable-suid-ssh
This tells SSH1 to set itself up for this particular hardware setup with:
- Avoids patent problems in commercial use.
- Enable the -Wall (warning) option if using gcc/egcs.
- Do not use rsh under any conditions.
- Compile in libwrap (tcp_wrappers) support.
- Disable all port forwardings in server (except X11).
- Disable all port forwardings in client (except X11).
- Disable X11 forwarding in server.
- Disable X11 forwarding in client.
- Install ssh without suid bit.
[root@deep ssh-1.2.27]# make clean
[root@deep ssh-1.2.27]# make
[root@deep ssh-1.2.27]# make install
The "make clean", erase all previous traces of a compilation so as to avoid any mistakes, then
make compile all source files into executable binaries, and finally make install install the
binaries and any supporting files into the appropriate locations.
Cleanup after work
[root@deep /]# cd /var/tmp
[root@deep tmp]# rm -rf ssh1-version/ ssh-version.tar.gz
The rm command will remove all the source files we have used to compile and install SSH1. It
will also remove the SSH1 compressed archive from the /var/tmp directory.
Configurations
All software we describe in this book has a specific directory and subdirectory in a tar
compressed archive named floppy.tgz containing file configurations for the specific program. If
you get this archive file, you wouldnt be obliged to reproduce the different configuration files
bellow manually or cut and past them to create your configuration files. Whatever your decide to
copy manually or get the files made to your convenience from the archive compressed files, it will
be to your responsibility to modify, adjust for your needs and place the files related to SSH1
software to their appropriated places on your server machine, like show bellow. The server
configuration files archive to download is located at the following Internet address:
http://pages.infinit.net/lotus1/opendocs/floppy.tgz
·
To run SSH1 Client/Server, the following files are require and must be create or copied to
their appropriated directories on your server.