This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Successful build of ssh from openssh w. MIT kerberos
- From: ht at inf dot ed dot ac dot uk (Henry S. Thompson)
- To: cygwin at cygwin dot com
- Date: Mon, 06 Jul 2009 17:30:38 +0100
- Subject: Successful build of ssh from openssh w. MIT kerberos
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There's been a lot of interest in this over the years, but I've found
no reports of success. The following involves a number of hacks, but
it works, which may be of use to some.
1) Download and install MIT Kerberos for Windows -- I used
kfw-3-2-2.exe
2) Use Cygwin setup to install openssh source -- I used
openssh-5.1p1-10-src
3) > cd /usr/src/openssh-5.1p1-10
> sed 's/gssapi_krb5/gssapi32/' -i configure
> sed 's/-lkrb5/-lkrb5_32/;s/ -lk5crypto//' -i configure
> LDFLAGS=-L/c/Progra~1/MIT/Kerberos/bin CPPFLAGS='-I/c/Progra~1/MIT/Kerberos/inc/krb5/krb5 -I/c/Progra~1/MIT/Kerberos/inc/krb5 -I/c/Progra~1/MIT/Kerberos/inc/krb5/gssapi' ./configure --with-kerberos5=/c/Progra~1/MIT/Kerberos --prefix=/usr --sysconfdir=/etc --libexecdir='${sbindir}' --localstatedir=/var --datadir='${prefix}/share' --mandir='${datadir}/man' --infodir='${datadir}/info'
> make
This will fail when trying to link ssh itself. Just do
4) > gcc -Wl,--enable-auto-import,--enable-stdcall-fixup -o ssh.exe ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o sshconnect2.o mux.o /c/Program\ Files/MIT/Kerberos/bin/gssapi32.dll -L. -Lopenbsd-compat/ -L/c/Progra~1/MIT/Kerberos/lib/i386 -lssh -lopenbsd-compat -lgssapi32 -lresolv -lcrypto -lz
I realise this last step looks clunky, but I tried and failed to find
a clean way to get rid of all the linking problems using other
approaches. Improvements would of course be welcome.
Stopping here of course means the other components don't get built --
sorry -- all I wanted was ssh itself. . .
Then once you've followed the instructions to get yourself set up with
Kerberos for Windows and you have a valid certificate for your
destination, and you've added something along the lines of
GSSAPIAuthentication yes
PreferredAuthentications gssapi-with-mic
to your ssh config file, you should be good to go.
ht
- --
Henry S. Thompson, School of Informatics, University of Edinburgh
Half-time member of W3C Team
10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440
Fax: (44) 131 651-1426, e-mail: ht@inf.ed.ac.uk
URL: http://www.ltg.ed.ac.uk/~ht/
[mail really from me _always_ has this .sig -- mail without it is forged spam]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFKUiaukjnJixAXWBoRAl5HAJ9d/9+ij3m4B841SOFWVhhTxWnczgCfZNwB
D7ipku0RUy4sF9IHVYBurNY=
=jSxH
-----END PGP SIGNATURE-----
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple