Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Dev
OpenSSH 1.2.3 Configure
dghespri at sprintparanet
Mar 11, 2000, 12:47 AM
Post #1 of 2 (380 views)
Permalink
It's *very* late here (or very early, depending on how you look at it), so
please forgive me if this is incoherent. I thought I'd put this out there
and perhaps save a few people some frustration.

The configure script is much improved, but I still had problems with the
OpenSSL detection. Had to tweak it a bit:

*** configure-1.2.3pre1 Sat Mar 11 03:29:00 2000
--- configure Sat Mar 11 03:15:55 2000
***************
*** 1887,1895 ****
fi
echo $ac_n "checking for OpenSSL/SSLeay directory""... $ac_c" 1>&6
echo "configure:1890: checking for OpenSSL/SSLeay directory" >&5
! for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl
/usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
if test ! -z "$ssldir" ; then
! LIBS="$saved_LIBS -L$ssldir -lcrypto"
CFLAGS="$CFLAGS -I$ssldir/include"
if test "x$need_dash_r" = "x1" ; then
LIBS="$LIBS -R$ssldir/lib"
--- 1887,1896 ----
fi
echo $ac_n "checking for OpenSSL/SSLeay directory""... $ac_c" 1>&6
echo "configure:1890: checking for OpenSSL/SSLeay directory" >&5
! #for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl
/usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
! for ssldir in "" $tryssldir ; do
if test ! -z "$ssldir" ; then
! LIBS="$saved_LIBS -L$ssldir/lib -lcrypto"
CFLAGS="$CFLAGS -I$ssldir/include"
if test "x$need_dash_r" = "x1" ; then
LIBS="$LIBS -R$ssldir/lib"

Checking for all the alternate locations is a bit excessive - cutting down
on the search path reduces the time it takes those test to complete
dramatically, asking the user to provide something like
"--with-ssl-dir=/usr/local/ssl" isn't too bad, IMHO. The rsaref2 defetection
appeared to work fine.

Manuals are still complete hash on my Solaris 7 box. Any pointers on what's
causing it and how to fix would be appreciated.

Oh, hey - how about adding a configuration file token for setting the
connection banner (assuming my request isn't violating any protocol specs)?
Giving away the version number is convenient, but not very secure. It'd be
nice to be able to say, put "Banner "sshd (you can't have my version
number)"" in the sshd_config, and connect to port 22 and see that, rather
than "SSH-1.5-OpenSSH-1.2.3" (which is a good default, but not my first
choice for a production box)...


Thanks,
-David Hesprich
Re: OpenSSH 1.2.3 Configure [ In reply to ]
markus.friedl at informatik
Mar 12, 2000, 11:34 PM
Post #2 of 2 (369 views)
Permalink
On Sat, Mar 11, 2000 at 03:47:23AM -0500, David G. Hesprich wrote:
> Oh, hey - how about adding a configuration file token for setting the
> connection banner (assuming my request isn't violating any protocol specs)?

this would be very confusing.

> Giving away the version number is convenient, but not very secure. It'd be
> nice to be able to say, put "Banner "sshd (you can't have my version
> number)"" in the sshd_config, and connect to port 22 and see that, rather
> than "SSH-1.5-OpenSSH-1.2.3" (which is a good default, but not my first
> choice for a production box)...

you chould edit version.h, but i do not recommend this at all.
i don't see a reason why openssh should say: SSH-1.5-ssh-1.2.27 or
SSH-1.5-OpenSSH-1.2.3 if you still run 1.2.2. Changing the version
number does not fix bugs. Note that the SSH-1.5 prefix is obligatory.
Additionally, clients may use the vendor suffix for
bug/feature-compatibility, so it's a bad idea to change this.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal