forked from openssh/openssh-portable
-
Notifications
You must be signed in to change notification settings - Fork 1
/
README_wolfssl
76 lines (67 loc) · 2.7 KB
/
README_wolfssl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
wolfSSL library can be used in replacement of OpenSSL in the OpenSSH 7.1-p1
version. In that case, only the protocol version 2 is supported by OpenSSH. We
describe here the installation procedure for wolfSSL and OpenSSH.
-----------------------
MAC OS X, Fedora 32bits
-----------------------
I. Make wolfSSL with the support of extra functions
1. configure wolfSSL:
a. ./autogen.sh
b. ./configure --enable-openssh --prefix=/usr/local
2. compile the library:
make clean && make
3. do the test suite:
make test
4. install the library:
sudo make install
II. Make OpenSSH with the support of wolfSSL in replacement of OpenSSL
1. configure OpenSSH:
a. autoreconf
b. ./configure --with-wolfssl=/usr/local --with-pam
2. compile ssh tools:
make clean && make
3. do the test suite:
a. make tests
b. to re-run with tests that use SUDO, uncomment the line #SUDO=`which sudo` in regress/test-exec.sh
4. install the tools (optional)
sudo make install
--------------------------------
Extra configuration for MAC OS X
--------------------------------
The OS X sandbox for renderer processes does not allow /dev/urandom to be opened.
wolfSSL relies on /dev/urandom for entropy, including the generation of keys used
for the peer-to-peer SSH negotiation/session establishment. If you would use the
sandboxing mechanism, you must explictly enable the access on /dev/urandom.
Add the two lines :
(allow file-read* (literal \"/dev/random\")"
(literal \"/dev/urandom\"))"
at the end of file '/System/Library/Sandbox/Profiles/org.openssh.sshd.sb'.
Remark: The OpenSSH testsuite include a test (connect-privsep.sh) that use
sandboxing. This one will failed if you don't update previously the MAC OS X
system file
--------------
Fedora 64 bits
--------------
I. Make wolfSSL with the support of extra functions. It is required to the
specifiy the library installation directory because the default one is not
included in the LIBRARY_PATH of Fedora 64 bits
1. configure wolfSSL:
a. ./autogen.sh
b. ./configure --enable-openssh --prefix=/usr/local --libdir=/lib64
2. compile the library:
make clean && make
3. do the test suite:
make test
4. install the library:
sudo make install
II. Make OpenSSH with the support of wolfSSL in replacement of OpenSSL
1. configure OpenSSH:
a. autoreconf
b. ./configure --with-wolfssl=/usr/local --with-pam
2. compile ssh tools:
make clean && make
3. do the test suite:
a. to activate tests that used SUDO, uncomment the line #SUDO=`which sudo` in regress/test-exec.sh
b. make tests
4. install the tools (optional)
sudo make install