11

I want to build a certain OpenSSH version with a specific OpenSSL version from sources, but I get the following error:

mkdir /tmp/ssh
cp openssh-6.7p1.tar.gz /tmp/ssh
cp openssl-1.0.1l.tar.gz /tmp/ssh
cd /tmp/ssh
tar zxvf openssl-1.0.1l.tar.gz
cd openssl-1.0.1l
./config --prefix=/tmp/ssh
make
make install
cd ..
tar zxvf openssh-6.7p1.tar.gz
cd openssh-6.7p1
./configure --with-ssl-dir=/tmp/ssh --prefix=/tmp/ssh

...
checking openssl/opensslv.h usability... no
checking openssl/opensslv.h presence... no
checking for openssl/opensslv.h... no
configure: error: *** OpenSSL headers missing - please install first or check config.log ***

Is there a bug in openSSH's configure script or do I have to change any command?

name
  • 141
  • 1
  • 1
  • 6

4 Answers4

12

Here's a way without sending flags to ./configure You need to install OpenSSL first. Get the latest tarball here.

./config
make
make test
make install

Then install libssl-dev

apt-get install libssl-dev

Then you can retry installing OpenSSH:

cd openssh-[version]
./configure
make
make install
Ann Kilzer
  • 1,266
  • 3
  • 16
  • 39
3

ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/INSTALL says:

LibreSSL/OpenSSL should be compiled as a position-independent library (i.e. with -fPIC) otherwise OpenSSH will not be able to link with it. If you must use a non-position-independent libcrypto, then you may need to configure OpenSSH --without-pie.

The following commands do not result in the "OpenSSL headers missing" error anymore:

tar zxvf openssl-1.0.1l.tar.gz
cd openssl-1.0.1l
./config --prefix=/tmp/ssh
make
make install
cd ..
tar zxvf openssh-6.7p1.tar.gz
cd openssh-6.7p1
./configure --with-ssl-dir=/tmp/ssh --prefix=/tmp/ssh --without-pie
name
  • 141
  • 1
  • 1
  • 6
  • 1
    Alternatively it is possible to use "./config --prefix=/tmp/ssh shared" and "LD_LIBRARY_PATH=/tmp/ssh/lib ./configure --prefix=/tmp/ssh --with-ssl-dir=/tmp/ssh". – name May 19 '15 at 23:45
  • I do as your code and the `./configure` is successfull, no matter with `--without-pie` or not. But during the `make` it came out that: – shih alex Oct 12 '20 at 09:45
  • ```cipher.h:69:17: error: field ‘evp’ has incomplete type EVP_CIPHER_CTX evp; ^ Makefile:152: recipe for target 'ssh_api.o' failed``` – shih alex Oct 12 '20 at 09:45
  • I just can't locate the problem. Could you help me with this? My purpose is to install openssh-server witrh a non-sudo prvilege user, my GPU Server is something like that, and I want to enable SSH and SFTP so that I can use the server as a SSH-remote-interpreter in Jetbrains Pycharm. – shih alex Oct 12 '20 at 09:47
1

Here is solution to this OpenSSL headers missing error.

git clone https://github.com/openssl/openssl.git
cd openssl
./Configure
make
make install

Now OpenSSL will be installed and you will no longer get OpenSSL headers missing message.

0

Is there a bug in openSSH's configure script or do I have to change any command?

According to Installing OpenSSL and OpenSSH:

If 'configure' can't find ssl, change the configure command to:

./configure --prefix=/usr --with-ssl-dir=/usr/local/ssl --with-tcp-wrappers

The above means the OpenSSL headers are located at /usr/local/ssl/include and the libraries are located at /usr/local/ssl/lib. I think you need to change the path to /tmp/ssh.

From:

cd openssl-1.0.1l
./config --prefix=/tmp/ssh
...

I think you should use:

cd openssl-1.0.1l
./config --openssldir=/tmp/ssh/openssl
...

Also see Compilation and Installation on the OpenSSL wiki. You might want to use other options, like enable-ec_nistp_64_gcc_128.

With OpenSSL in /tmp/ssh/openssl, then:

cd openssh-6.7p1
./configure --with-ssl-dir=/tmp/ssh/openssl --prefix=/tmp/ssh
...

Using the non-system provided OpenSSL can cause trouble. So you might also want to check out Build OpenSSL with RPATH?. You might also want to build OpenSSH with RPATHs too.

Community
  • 1
  • 1
jww
  • 97,681
  • 90
  • 411
  • 885
  • Changing "./config --prefix=/tmp/ssh" to "./config --openssldir=/tmp/ssh/openssl" and changing "./configure --with-ssl-dir=/tmp/ssh --prefix=/tmp/ssh" to "./configure --with-ssl-dir=/tmp/ssh/openssl --prefix=/tmp/ssh" results in the same "OpenSSL headers missing" error. – name May 19 '15 at 21:54