openssh unix dev - Jul 2011 - How to compile OpenSSH on HP-UX10

I did this as a project back in the early 2002, and I had a nice
little how-to to walk me through it.  Many work places and moves, and
I've lost it.  I have a friend who asked me about this recently, and I
can't seem to find anything on the web, or the how-to I used (not
surprised).

If I remember correctly, you needed an up-to-date zlib, egd (or prng),
OpenSSL, tcpwrappers, and OpenSSH.

Have I forgotten anything?  I remember you had to build zlib, then
egd, then it gets fuzzy.

He wants to enable FIPS as well.  I've built OpenSSL/OpenSSH with fips
for Windows, but is something like that possible with HP-UX?

if anyone has a how-to with directions, my friend (and I) would
appreciate.  I don't have access to that horrid OS anymore, so I can't
help him short of what I gave him...  which isn't much..

> If I remember correctly, you needed an up-to-date zlib, egd (or prng),
> OpenSSL, tcpwrappers, and OpenSSH.
It's been quite a few years since I touched HP-UX, but here is what comes 
to mind:
> Have I forgotten anything?  I remember you had to build zlib, then
> egd, then it gets fuzzy.
You do need zlib and openssl.  tcp-wrappers are not required, so you need 
this only if you want to use them.  Openssh does not absolutely need 
egd/prng - it can generate entropy from a predefined set of system 
processes (ps, netstat, etc.) - but if you can, you should get prng.

Besides, you will need a compiler and related tools.  The compilermust be 
other than the one used for the kernel.  So it is either HP-UX C compiler, 
if you have a license for it, or GCC.  If you do not have HP-UX C 
compiler, in all likelihood you also miss all header files.  They are not 
installed by default unless you install buy and install the compiler.  So 
you have to install header files separately.

On the other hand, I remember there used to be very good repositories of 
precompiled freeware tools for HP-UX.  It might be easier to use them.
Here is one: 
ftp://ftp.thewrittenword.com/packages/by-architecture/hppa1.1-hp-hpux10.20/

Regards,

Andy
>
> He wants to enable FIPS as well.  I've built OpenSSL/OpenSSH with fips
> for Windows, but is something like that possible with HP-UX?
>
> if anyone has a how-to with directions, my friend (and I) would
> appreciate.  I don't have access to that horrid OS anymore, so I
can't
> help him short of what I gave him...  which isn't much..
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>

Dr Andy Tsouladze
Sr Unix/Storage SysAdmin

On Tue, 12 Jul 2011, Andy Tsouladze wrote:
> Openssh does not absolutely need egd/prng - it
> can generate entropy from a predefined set of system processes (ps,
netstat,
> etc.) - but if you can, you should get prng.
While that is true for the released versions so far, you will need
a random number generator for 5.9 and later. The entropy gathering bits
have been ripped out.

-- 
Tim Rice
tim at multitalents.net

On 7/12/2011 8:33 PM, Bryan wrote:
> I did this as a project back in the early 2002, and I had a nice
> little how-to to walk me through it.  Many work places and moves, and
> I've lost it.  I have a friend who asked me about this recently, and I
> can't seem to find anything on the web, or the how-to I used (not
> surprised).
>
> If I remember correctly, you needed an up-to-date zlib, egd (or prng),
> OpenSSL, tcpwrappers, and OpenSSH.
>
> Have I forgotten anything?  I remember you had to build zlib, then
> egd, then it gets fuzzy.
>
> He wants to enable FIPS as well.  I've built OpenSSL/OpenSSH with fips
> for Windows, but is something like that possible with HP-UX?
>
> if anyone has a how-to with directions, my friend (and I) would
> appreciate.  I don't have access to that horrid OS anymore, so I
can't
> help him short of what I gave him...  which isn't much..


For what it is worth, my configure/build scripts from OpenSSH-5.1
had this for HPUX, but I never build 5.1 for HP. The scripts where
carried over from previous versions and still had the HP parameters:
[...]
MYCFLAGS="-O"
MYCPPFLAGS=""
MYLDFLAGS=""
MYPAM="yes"
MYRAND=""

{...]
MYK5= (to krb5 directory)
MYZLIB= (to zlib)
MYWRAPPER= (to  wrapper)
MYSSL= (to OpenSSL)

[...]
# configure tests SSL and Kerberos and we need to make sure
# the libs we want to build against are in LD_LIBRARY_PATH
# Note: on Linux LD_LIBRARY_PATH does not override -rpath!!!
# This can cause problems in configure testing the header and libs
# and both 0.9.7d and 0.9.7e are called 0.9.7
# hp_ux102 has similar problems.

LD_LIBRARY_PATH=$MYSSL/lib:$MYK5/lib
SHLIB_PATH=$MYSSL/lib:$MYK5/lib
LIBPATH=$MYSSL/lib:$MYK5/lib
DYLD_LIBRARY_PATH=$MYSSL/lib:$MYK5/lib
export LD_LIBRARY_PATH
export SHLIB_PATH
export LIBPATH
export DYLD_LIBRARY_PATH

[...]
case $SYS in
[... other system types]
         hp_ux102)
                 MYLDFLAGS="$MYLDFLAGS -Wl,+vnocompatwarnings,+b,/krb5/lib
-Wl,+cdp,$MYSSL/lib:/krb5/lib,+cdp,$MYK5/lib:/krb5/lib"
                 MYWRAPPER="no"
                 MYRAND=""
                 MYPAM="no"
                 MYCPPFLAGS="$MYCPPFLAGS -DUNSUPPORTED_POSIX_THREADS_HACK
-D__hpux"
                 ;;
         hp_ux*)
                 MYLDFLAGS="$MYLDFLAGS -Wl,+vnocompatwarnings,+b,/krb5/lib
-Wl,+cdp,$MYSSL/lib:/krb5/lib,+cdp,$MYK5/lib:/krb5/lib"
                 MYWRAPPER="no"
                 MYRAND="--with-prngd-socket=yes"
                 MYCPPFLAGS="$MYCPPFLAGS -DUNSUPPORTED_POSIX_THREADS_HACK
-D__hpux"
                 ;;
         ia64_hpux112*)
                 MYLDFLAGS="$MYLDFLAGS -Wl,+vnocompatwarnings,+b,/krb5/lib
-Wl,+cdp,$MYSSL/lib:/krb5/lib,+cdp,$MYK5/lib:/krb5/lib"
                 MYWRAPPER="no"
                 MYRAND="--with-prngd-socket=yes"
# hpux 11.23 had xom.h, used to need to fix rpcsec_gss.h
#               MYCPPFLAGS="$MYCPPFLAGS -DUSE_POSIX_THREADS -D__hpux
-Dgss_OID_desc_struct=OM_object_identifier"
                 MYCPPFLAGS="$MYCPPFLAGS -DUNSUPPORTED_POSIX_THREADS_HACK
-D__hpux"
                 ;;

esac

[...]
../src/configure \
     --with-cflags="$MYCFLAGS" \
         --with-ldflags="$MYLDFLAGS" \
     --with-cppflags="$MYCPPFLAGS" \
     --prefix=/krb5 \
     --sysconfdir=/etc/ssh \
     --localstatedir=/var \
     --with-zlib=$MYZLIB \
     --with-ssl-dir=$MYSSL \
     --with-kerberos5=$MYK5 \
     --with-tcp-wrappers=$MYWRAPPER \
     --with-mantype=man \
     --with-pam=$MYPAM \
     --with-rsh=/krb5/bin/rsh \
     $MYRAND \
         --with-rpath=no \
     --disable-suid-ssh



> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>
-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444