[ssh_x509] Compilation of PKIXSSH 12.3 on AIX: post documenting the process and code modifications needed

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Fri May 22 10:21:41 EEST 2020


Hi Jose,


ssh_x509 at roumenpetrov.info wrote:
> C1 - Non sensitive
>
> Hi everyone,
>
> I have just compiled PKIXSSH 12.3 for AIX 7.1 (on powerpc) and I have made a little post on my blog documenting the process.
>
> Two things to highlight:
> - The key for compiling on AIX is using the variable LIBPATH, equivalent to LD_LIBRARY_PATH on Linux (between others)
Please explain this part.  I have very limited AIX knowledge .

I'm not convinced that LD_LIBRARY_PATH should be used in compilation phase.
There is some configuration flags that help in builds with non-system paths.


> - Source code modifications have been needed in two files: configure and session.c. This modifications are available at my github https://github.com/Ciges/pkixssh-12.3

So first modification is to prefer project bindir to the "user path" (if bindir is not in "user path"). Currently is appended and so perhaps system scp will be used.
Note that scp is obsolete utility. Preferred is sftp.
Let say that this modification makes sense.


Second modification has two components.
One is to set always PATH to the "user path". Second is to ignore PATH from "environment" file. Second is not acceptable as is subject of configuration - https://securebox.termoneplus.com/man5/sshd_config.5.html#PermitUserEnvironment .

Please explain why to modify code.

At this line https://gitlab.com/secsh/pkixssh/-/blob/master/session.c#L1065 on AIX is expected path to NULL and so be set to "user path".
I assume that HAVE_LOGIN_CAP and HAVE_ETC_DEFAULT_LOGIN are not defined.


>
> The post is "Compilation of OpenSSH 8.1 on AIX":  http://tech.ciges.net/blog/compilation-of-openssh-8-1-on-aix/

For  PKIX-SSH to use full functionality OpenSSL is preferred .
LibreSSL drops loadable modules and so you cannot use keys from "engines" or "store".
Engines includes e_nss , engine_pkcs11 and TPM (?) .
Store allows load of keys from formats not directly supported like PKCS#12.


You set blibpath environment variable. Ok but why you set it in |LDFLAGS? Configure script should detect how to compile with ||blibpath.
||

|
> Best regards!

Regards,
Roumen Petrov




More information about the ssh_x509 mailing list