Home | History | Annotate | Download | only in openssh
      1 This file contains notes about OpenSSH on specific platforms.
      2 
      3 AIX
      4 ---
      5 As of OpenSSH 3.8p1, sshd will now honour an accounts password expiry
      6 settings, where previously it did not.  Because of this, it's possible for
      7 sites that have used OpenSSH's sshd exclusively to have accounts which
      8 have passwords expired longer than the inactive time (ie the "Weeks between
      9 password EXPIRATION and LOCKOUT" setting in SMIT or the maxexpired
     10 chuser attribute).
     11 
     12 Accounts in this state must have their passwords reset manually by the
     13 administrator.  As a precaution, it is recommended that the administrative
     14 passwords be reset before upgrading from OpenSSH <3.8.
     15 
     16 As of OpenSSH 4.0, configure will attempt to detect if your version
     17 and maintenance level of AIX has a working getaddrinfo, and will use it
     18 if found.  This will enable IPv6 support.  If for some reason configure
     19 gets it wrong, or if you want to build binaries to work on earlier MLs
     20 than the build host then you can add "-DBROKEN_GETADDRINFO" to CFLAGS
     21 to force the previous IPv4-only behaviour.
     22 
     23 IPv6 known to work: 5.1ML7 5.2ML2 5.2ML5
     24 IPv6 known broken: 4.3.3ML11 5.1ML4
     25 
     26 If you wish to use dynamic libraries that aren't in the normal system
     27 locations (eg IBM's OpenSSL and zlib packages) then you will need to
     28 define the environment variable blibpath before running configure, eg
     29 
     30 blibpath=/lib:/usr/lib:/opt/freeware/lib ./configure \
     31   --with-ssl-dir=/opt/freeware --with-zlib=/opt/freeware
     32 
     33 If sshd is built with the WITH_AIXAUTHENTICATE option (which is enabled
     34 by default) then sshd checks that users are permitted via the
     35 loginrestrictions() function, in particular that the user has the
     36 "rlogin" attribute set.  This check is not done for the root account,
     37 instead the PermitRootLogin setting in sshd_config is used.
     38 
     39 
     40 Cygwin
     41 ------
     42 To build on Cygwin, OpenSSH requires the following packages:
     43 gcc, gcc-mingw-core, mingw-runtime, binutils, make, openssl,
     44 openssl-devel, zlib, minres, minires-devel.
     45 
     46 
     47 Darwin and MacOS X
     48 ------------------
     49 Darwin does not provide a tun(4) driver required for OpenSSH-based
     50 virtual private networks. The BSD manpage still exists, but the driver
     51 has been removed in recent releases of Darwin and MacOS X.
     52 
     53 Nevertheless, tunnel support is known to work with Darwin 8 and
     54 MacOS X 10.4 in Point-to-Point (Layer 3) and Ethernet (Layer 2) mode
     55 using a third party driver. More information is available at:
     56 	http://www-user.rhrk.uni-kl.de/~nissler/tuntap/
     57 
     58 
     59 Linux
     60 -----
     61 
     62 Some Linux distributions (including Red Hat/Fedora/CentOS) include
     63 headers and library links in the -devel RPMs rather than the main
     64 binary RPMs. If you get an error about headers, or complaining about a
     65 missing prerequisite then you may need to install the equivalent
     66 development packages.  On Redhat based distros these may be openssl-devel,
     67 zlib-devel and pam-devel, on Debian based distros these may be
     68 libssl-dev, libz-dev and libpam-dev.
     69 
     70 
     71 Solaris
     72 -------
     73 If you enable BSM auditing on Solaris, you need to update audit_event(4)
     74 for praudit(1m) to give sensible output.  The following line needs to be
     75 added to /etc/security/audit_event:
     76 
     77 	32800:AUE_openssh:OpenSSH login:lo
     78 
     79 The BSM audit event range available for third party TCB applications is
     80 32768 - 65535.  Event number 32800 has been choosen for AUE_openssh.
     81 There is no official registry of 3rd party event numbers, so if this
     82 number is already in use on your system, you may change it at build time
     83 by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding.
     84 
     85 
     86 Platforms using PAM
     87 -------------------
     88 As of OpenSSH 4.3p1, sshd will no longer check /etc/nologin itself when
     89 PAM is enabled.  To maintain existing behaviour, pam_nologin should be
     90 added to sshd's session stack which will prevent users from starting shell
     91 sessions.  Alternatively, pam_nologin can be added to either the auth or
     92 account stacks which will prevent authentication entirely, but will still
     93 return the output from pam_nologin to the client.
     94 
     95 
     96 $Id: README.platform,v 1.10 2009/08/28 23:14:48 dtucker Exp $
     97