# Compiling from Source - OpenSSH/OpenSSL



## ecpeachy (Jan 10, 2011)

Hello,

First of all I consider myself a FreeBSD newbie, Following guides and reading documentation helps a lot, but nothing beats hands on experience.

Building from source is inevitable, some packages are harder than others, but I find OpenSSH/OpenSSL to be simple enough although crucial to security so I started by them 

However I need some input on how I did it, like am I missing something, or are there any implications....... etc.

So here are the steps I followed on a fresh 8.1 RELEASE:

```
#freebsd-update fetch install
# portsnap fetch extract
# pkg_add -r makedepend perl pkg-config xproto
# echo "OPENSSL_OVERWRITE_BASE=yes" >> /etc/make.conf
# echo "NO_OPENSSH=yes" >> /etc/make.conf
# echo "NO_OPENSSL=yes" >> /etc/make.conf
# cd /usr/ports/security/openssl
# make PREFIX=/usr install clean
# cp /usr/openssl/openssl.cnf.sample /usr/openssl/openssl.cnf
```
After Downloading and extracting OpennSSH portable

```
#./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib=/usr --with-ssl-dir=/usr --with-tcp-wrappers --with-ssl-engine --
with-pam --with-md5-passwords && make && make install clean
```

So I overwrote the base OpenSSL with the one in ports, and OpenSSH with the portable version from the Openssh website.

Your Input is very much appreciated


----------



## MissileSilo (Jan 10, 2011)

You should install OpenSSH portable through the ports instead of compiling directly from source.


```
cd /usr/ports/security/openssh-portable
make install clean
```


----------



## ecpeachy (Jan 11, 2011)

MissileSilo said:
			
		

> You should install OpenSSH portable through the ports instead of compiling directly from source.
> 
> 
> ```
> ...



Why is this better 

Thanks


----------



## wblock@ (Jan 11, 2011)

ecpeachy said:
			
		

> Why is this better



Why is a port better than bare source?  Look at /usr/ports/security/openssh-portable/files/.  Those are mostly patch files you won't get with the bare source.  They may be to make the port act correctly on FreeBSD, like keeping config files in /usr/local/etc.  Or they may be needed to prevent security problems or make the program work at all.

Each of those files was created by someone who knew specifics about that software and about FreeBSD.

So a port is like a bare source install, but with patches written by experts to make it work correctly on FreeBSD.  It's easier to install, easier to cleanly deinstall, and easier to upgrade.  Sometimes there are reasons to prefer a bare source install, but it's rare.


----------



## ecpeachy (Jan 11, 2011)

Thank you for clarifying this for me

So I'm better off sticking to the ports collection unless there is a compelling need for a vanilla source 

Thanks


----------



## chrismccoy (Feb 22, 2011)

MissileSilo said:
			
		

> You should install OpenSSH portable through the ports instead of compiling directly from source.
> 
> 
> ```
> ...



I noticed that the port version of openssh is only at 5.2p1 and the currennt version is 5.8p1. Is it not being updated anymore? Curious if this will force me to update from source.


----------

