Tuesday, July 11, 2006

SSH installation for Solaris 8

Introduction:

Secure shell (SSH) is a protocol that provides a secure, remote connection to any device with ssh support. SSH is a substitute to Berkeley r-tools like telnet, rlogin, rsh and rcp which are not secure. SSH provides more security to any data that is being transported to the Internet by providing more authentication, encryption and authorization procedures. There are currently two versions of SSH available, SSH Version 1 and SSH Version 2.

Required packages:

All of the required packages of this tutorial is available from http://www.sunfreeware.com/

openssh
openssl (SSL)
prngd (Psuedo Random Generator Daemon)
zlib (Z library)

Installation:

#pkgadd -d openssl-0.9.6c-sol8-sparc-local

The following packages are available:

1 SMCosslc openssl (sparc) 0.9.6c

Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]:

#pkgadd -d prngd-0.9.23-sol8-sparc-local

The following packages are available: 1 SMCprngd prngd (sparc) 0.9.23

Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]:

#pkgadd -d zlib-1.1.4-sol8-sparc-local

The following packages are available: 1 SMCzlib zlib (sparc) 1.1.4

Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]:

#pkgadd -d openssh-3.1p1-sol8-sparc-local

The following packages are available: 1 SMCossh openssh (sparc) 3.1p1

Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]:

Startup Scripts:

Create a startup script for the ssh daemon.

/etc/init.d/ssh

#! /bin/sh
#
# start/stop the secure shell daemon

case "$1" in
'start')
# Start the ssh daemon
if [ -f /usr/local/sbin/sshd ]; then
echo "starting SSHD daemon"
/usr/local/sbin/sshd &
fi
;;
'stop')
# Stop the ssh deamon
PID=`/usr/bin/ps -e -u 0 /usr/bin/fgrep sshd /usr/bin/awk '{print $1}'`
if [ ! -z "$PID" ] ; then
/usr/bin/kill ${PID} >/dev/null 2>&1
fi
;;
*)
echo "usage: /etc/init.d/sshd {startstop}"
;;
esac

Make the script executable and create a startup script on run level 2.

#chmod +x /etc/init.d/sshd
#ln –s /etc/init.d/sshd /etc/rc2.d/S99sshd

Create a startup script for the pseudo random generator daemon.

/etc/init.d/prngd

#! /bin/sh
#
# start/stop the pseudo random generator daemon

case "$1" in

'start')
    # Start the ssh daemon
    if [ -f /usr/local/bin/prngd ]; then
         echo "starting PRNG daemon"
         /usr/local/bin/prngd /var/spool/prngd/pool&
    fi
    ;;

'stop')
    # Stop the ssh deamon
    PID=`/usr/bin/ps -e -u 0  /usr/bin/fgrep prngd  /usr/bin/awk '{print $1}'`
    if [ ! -z "$PID" ] ; then
         /usr/bin/kill ${PID} >/dev/null 2>&1
    fi
    ;;

*)
    echo "usage: /etc/init.d/prngd {startstop}"
    ;;

esac
Make the script executable and create a startup script on run level 2.

#chmod +x /etc/init.d/prngd
#ln –s /etc/init.d/prngd /etc/rc2.d/S99prngd

# /etc/init.d/prngd start

starting PRNG daemon

Info: Random pool not (yet) seeded
Could not bind socket to /var/spool/prngd/pool: No such file or directory

# mkdir -p /var/spool/prngd
#/etc/init.d/prngd start

starting PRNG daemon
# Info: Random pool not (yet) seeded
#

Next is to start the actual ssh daemon,

# /etc/init.d/sshd start
starting SSHD daemon

Could not load host key: /usr/local/etc/ssh_host_key
Could not load host key: /usr/local/etc/ssh_host_rsa_key
Could not load host key: /usr/local/etc/ssh_host_dsa_key

Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
#

The errors above are due to the fact that we didn't
create any key pairs for our ssh server.

Create a public key pair to support the new, DSA-based version
2 protocol

# /usr/local/bin/ssh-keygen -d -f /usr/local/etc/ssh_host_dsa_key -N ""

Generating public/private dsa key pair.

Your identification has been saved in /usr/local/etc/ssh_host_dsa_key.

Your public key has been saved in /usr/local/etc/ssh_host_dsa_key.pub.

The key fingerprint is:

00:91:f5:8a:55:7c:ac:ff:b7:08:1f:ce:23:aa:f2:79 root@solaris8

Create a public key pair to support the old, RSA-based version
1 protocol

# /usr/local/bin/ssh-keygen -b 1024 -f /usr/local/etc/ssh_host_rsa_key -t rsa -N ""

Generating public/private rsa1 key pair.

Your identification has been saved in /usr/local/etc/ssh_host_rsa_key.

Your public key has been saved in /usr/local/etc/ssh_host_rsa_key.pub.

The key fingerprint is:

8e:b0:1d:8a:22:f2:d2:37:1f:92:96:02:e8:74:ca:ea root@solaris8
Edit ssh daemon configuration file /usr/local/etc/sshd_config, enable protocol
2 and 1

Uncomment the line, that says

protocol 2,1

# /etc/init.d//sshd start

starting SSHD daemon

#

Your ssh server is now ready to accept a ssh session.
You will also need to perform following steps for openssh-3.9p1

# mkdir /var/empty
# chown root:sys /var/empty
# chmod 755 /var/empty
# groupadd sshd
# useradd -g sshd -c 'sshd privsep' -d /var/empty -s

/bin/false sshd

/var/empty should not contain any files.

It's described here http://www.sunfreeware.com/README.privsep.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)