On Thu, Feb 7, 2019 at 11:16 PM Damien Miller <djm@xxxxxxxxxxx> wrote: > > On Fri, 8 Feb 2019, CLOSE Dave wrote: > > > I deal with a large number of internal machines that have not been > > updated for a while and which I am not at liberty to update. They run > > Fedora 20 which includes openssh 6.4p1. For various reasons, I'd like to > > put a more recent version on these machines but, of course, no package > > is available for that. > > > > Trying the portable version of openssh 7.9p1, I found that I can easily > > make it work by building my own package with rpmbuild. But it appears > > that the program is not actually built, just packaged, which leaves me > > with only the default options selected. As this is Fedora, I need to > > enable PAM. Has anyone done something similar? Can anyone offer some > > clues on how to proceed? > > You could try building a RPM using the contrib/openssh.spec in the > source distribution. It includes PAM support by default. That .spec file is not well maintained. The Source URL for x11-ssh-askpass, for example, is not valid, and it uses SysV init rather than systemd. Try using the .spec file from the latest Fedora SRPM, commenting out patches that have already been applied. I used to do this for RHEL and CentOS, and had to stop with the leading edge OpenSSH as OpenSSL requirements for OpenSSH diverged from being compatible with the relatively old version in RHEL releases. I've not had an opportunity to try it with RHEL 8 beta. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev