[ssh_x509] About building binary rpm on centos 7

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Thu Jan 19 16:41:59 EET 2017


Hi,

I have some progress but ran into a problem. I have ssh_config file from
way back and can't figure out what I should replace these options with:

/etc/ssh/ssh_config: line 38: Bad configuration option: x509rsasigtype
/etc/ssh/ssh_config: line 45: Bad configuration option:
usercacertificatefile
/etc/ssh/ssh_config: line 47: Bad configuration option: usercarevocationfile

I have read the readme.x509v3 file several times and have seen these
options in regards with sshd_config only.

$ ssh -V
PKIX-SSH 9.3, OpenSSH_7.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013

Is there a way to test if the compiled ssh indeed has x.509 support?

Regards,
Indrek

On Thu, Jan 19, 2017 at 12:06 AM <ssh_x509 at roumenpetrov.info> wrote:

> Hi,
>
> ssh_x509 at roumenpetrov.info wrote:
> > Hi,
> >
> > I'm trying to build binary rpm packages of pkixssh-9.3 because I need to
> > install this on a machine that has no dev tools or internet access. Each
> > time I try to build it is looking for OpenSSH source tar.gz file and
> builds
> > rpm packages against it if I provide the file.
> >
> > Steps I have taken:
> > 1. wget the pkixssh-9.3.tar.gz
> > 2. tar zxvf pkixssh
> > 3. modify contrib/redhat/openssh.spec file:
> hmm, actuality spec files are not updated.
>
> Regression tests are performed on centos with following configuration:
> ./configure  \
>    --with-pam \
>    --enable-ldap --with-ldap-libexecdir=/usr/sbin \
>    --enable-openssl-fips
>
> > 3.1. sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass
> 1/g"
> > openssh.spec
> > 3.2. sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g"
> > openssh.spec
> > 3.3. sed -i -e "s/BuildPreReq/BuildRequires/g" openssh.spec
> > 4. execute rpmbuild -ba contrib/redhat/openssh.spec
> >
> > Created rpm packages still lack the x.509 support I need.
> It should work.
> Only ldap and fips has to be activated explicitly.
>
> > Regards,
> > Indrek Paas
> Roumen
>
> _______________________________________________
> ssh_x509 mailing list
> ssh_x509 at roumenpetrov.info
> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info
>



More information about the ssh_x509 mailing list