I deal with a large number of internal machines that have not been updated for a while and which I am not at liberty to update. They run Fedora 20 which includes openssh 6.4p1. For various reasons, I'd like to put a more recent version on these machines but, of course, no package is available for that. Trying the portable version of openssh 7.9p1, I found that I can easily make it work by building my own package with rpmbuild. But it appears that the program is not actually built, just packaged, which leaves me with only the default options selected. As this is Fedora, I need to enable PAM. Has anyone done something similar? Can anyone offer some clues on how to proceed? -- Dave Close "They who dream by day are cognizant of many things which escape those who dream only by night." --Edgar Allan Poe
On Fri, 8 Feb 2019, CLOSE Dave wrote:> I deal with a large number of internal machines that have not been > updated for a while and which I am not at liberty to update. They run > Fedora 20 which includes openssh 6.4p1. For various reasons, I'd like to > put a more recent version on these machines but, of course, no package > is available for that. > > Trying the portable version of openssh 7.9p1, I found that I can easily > make it work by building my own package with rpmbuild. But it appears > that the program is not actually built, just packaged, which leaves me > with only the default options selected. As this is Fedora, I need to > enable PAM. Has anyone done something similar? Can anyone offer some > clues on how to proceed?You could try building a RPM using the contrib/openssh.spec in the source distribution. It includes PAM support by default. -d
On 2019-02-07 20:14, Damien Miller wrote:> You could try building a RPM using the contrib/openssh.spec in the > source distribution. It includes PAM support by default.Thank you, Damien. That is exactly the clue I needed. It works great. -- Dave Close, Thales InFlyt Experience, Irvine California USA. cell +1 949 394 2124, dave.close at us.thalesgroup.com "They who dream by day are cognizant of many things which escape those who dream only by night." --Edgar Allan Poe
On Thu, Feb 7, 2019 at 11:16 PM Damien Miller <djm at mindrot.org> wrote:> > On Fri, 8 Feb 2019, CLOSE Dave wrote: > > > I deal with a large number of internal machines that have not been > > updated for a while and which I am not at liberty to update. They run > > Fedora 20 which includes openssh 6.4p1. For various reasons, I'd like to > > put a more recent version on these machines but, of course, no package > > is available for that. > > > > Trying the portable version of openssh 7.9p1, I found that I can easily > > make it work by building my own package with rpmbuild. But it appears > > that the program is not actually built, just packaged, which leaves me > > with only the default options selected. As this is Fedora, I need to > > enable PAM. Has anyone done something similar? Can anyone offer some > > clues on how to proceed? > > You could try building a RPM using the contrib/openssh.spec in the > source distribution. It includes PAM support by default.That .spec file is not well maintained. The Source URL for x11-ssh-askpass, for example, is not valid, and it uses SysV init rather than systemd. Try using the .spec file from the latest Fedora SRPM, commenting out patches that have already been applied. I used to do this for RHEL and CentOS, and had to stop with the leading edge OpenSSH as OpenSSL requirements for OpenSSH diverged from being compatible with the relatively old version in RHEL releases. I've not had an opportunity to try it with RHEL 8 beta.