Installing HPN-SSH

From CITA Computing

  • Download the hpn-ssh patches from here: https://www.psc.edu/hpn-ssh. The SciNet version is 5.8p1-hpn13v11 but we use the latest patch openssh-7_5_P1-hpn-14.13.diff
  • Download the openssh package for the version of the patch here: openssh-5.8p1.tar.gz (https://openbsd.cs.toronto.edu/pub/OpenBSD/OpenSSH/portable/openssh-7.5p1.tar.gz)
  • Untar the openssh package and the apply the patch:
mkdir openssh
cd openssh
(copy the patch openssh-7_5_P1-hpn-14.13.diff here)
tar xvfz openssh-7.5p1.tar.gz
cd openssh-7.5p1
patch -p1 ../openssh-7_5_P1-hpn-14.13.diff
  • Build the openssh package on making sure to enable PAM:
./configure --prefix=/usr/local/hpn-ssh/7.5p1-hpn14v13 --with-pam
make -j 8
make install
  • Copy any old keys from the original ssh installation in /etc/ssh into /usr/local/hpn-ssh/7.5p1-hpn14v13/etc
  • Edit /usr/local/hpn-ssh/7.5p1-hpn14v13/etc/sshd_config to enable PAM and the None cipher and permit root login:
UsePAM yes
NoneEnabled yes
PermitRootLogin yes
X11Forwarding yes
  • Edit /etc/init.d/sshd to point to the new ssh installation keys
 # Some functions to make the below more readable
 KEYGEN=/usr/local/hpn-ssh/7.5p1-hpn14v13/bin/ssh-keygen
 SSHD=/usr/local/hpn-ssh/7.5p1-hpn14v13/sbin/sshd
 RSA1_KEY=/usr/local/hpn-ssh/7.5p1-hpn14v13/etc/ssh_host_key
 RSA_KEY=/usr/local/hpn-ssh/7.5p1-hpn14v13/etc/ssh_host_rsa_key
 DSA_KEY=/usr/local/hpn-ssh/7.5p1-hpn14v13/etc/ssh_host_dsa_key
  • Finally, restart the sshd service
service sshd restart
  • Test it out by logging from another machine