Date: Fri, 9 Feb 2001 20:59:23 -0500 (EST) From: Bob K <melange@yip.org> To: freebsd-stable@freebsd.org Subject: OpenSSH 2.1 compiling questions Message-ID: <Pine.BSF.4.21.0102092012270.96645-100000@yip.org>
next in thread | raw e-mail | index | archive | help
I'd like to start with the disclaimer that I'm not a programmer, and am stumbling through this with a very, very, very basic knowledge of C. If this is more appropriate for -questions, feel free to let me know. Here's the situation: I have a FreeBSD box running a 4.1-20001016-STABLE snapshot (appropriate security patches applied), with no serial console, in a different city; consequently, I've been trying to avoid upgrading to 4.2-STABLE for as long as possible. Today I found out about the ssh1 vulnerability at http://razor.bindview.com/publish/advisories/adv_ssh1crc.html . It's running OpenSSH 2.1. The machine has a fair number of users that use ssh1 to connect to it, so the workaround of disabling ssh1 compatibility would be very painful (the users are spread out across the globe as opposed to, say, a single office). So here's what was done. Line 84 of src/crypto/openssh/deattack.c was modified in accordance with the advisory shown above. make depend dies very quickly with this: ===> lib "Makefile", line 18: Malformed conditional ((${KERBEROS} == "yes")) "Makefile", line 18: Missing dependency operator "Makefile", line 20: Malformed conditional ((${AFS} == "yes")) "Makefile", line 20: Missing dependency operator "Makefile", line 23: if-less endif "Makefile", line 23: Need an operator "Makefile", line 24: if-less endif "Makefile", line 24: Need an operator make: fatal errors encountered -- cannot continue *** Error code 1 Stop in /var/src/crypto/openssh. This would happen no matter what make target was specified. After lots of puzzling, I found that adding -DKERBEROS -DAFS -DSKEY -DTCP_WRAPPERS would allow make to function. The depend completed fine, but when I actually tried to build, it bombed out with this: cc -O -pipe -I/var/src/crypto/openssh/sshd/.. -c /var/src/crypto/openssh/sshd/../session.c cc -O -pipe -I/var/src/crypto/openssh/sshd/.. -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o auth.o auth1.o auth2.o session.o -L/var/src/crypto/openssh/sshd/../lib/ -lssh -lcrypto -lutil -lz auth-passwd.o: In function `auth_password': auth-passwd.o(.text+0x82): undefined reference to `crypt' *** Error code 1 Stop in /var/src/crypto/openssh/sshd. *** Error code 1 Stop in /var/src/crypto/openssh. After a man -k crypt, I guessed that it was looking for skey_crypt(3). So I went into sshd/ and tried running the cc command again, except I added -lskey at the end, which compiled without errors: pi# cc -O -pipe -I/var/src/crypto/openssh/sshd/.. -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o auth.o auth1.o auth2.o session.o -L/var/src/crypto/openssh/sshd/../lib/ -lssh -lcrypto -lutil -lz -lskey pi# Thinking I was pretty clever, I went up a directory and attempted to complete the make. I was dismayed to find that I wasn't that clever: pi# make -DKERBEROS -DAFS -DSKEY -DTCP_WRAPPERS ===> lib Warning: Object directory not changed from original /var/src/crypto/openssh/lib ===> ssh Warning: Object directory not changed from original /var/src/crypto/openssh/ssh ===> sshd Warning: Object directory not changed from original /var/src/crypto/openssh/sshd make: don't know how to make sshd.1. Stop *** Error code 2 Stop in /var/src/crypto/openssh. Ok, now on to the actual questions. Is there some big, obvious thing I'm missing when compiling individual components out of the source tree, specifically this? Should I attempt to fetch 4.2-STABLE's crypto sources and simply build OpenSSH-2.3p1 from that instead? And the most torturous question of all: An sshd executable did manage to get built, once -lskey was added to the command line, which is really all that I'm after. Do you think that would be safe to drop in and use? -- Bob <melange@yip.org> | iNFp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0102092012270.96645-100000>