Sunday, May 21, 2006
SSH installation for Solaris 8
Ssh installation for Solaris 8
Introduction
Secure shell (SSH) is a protocol that provides a secure, remote connection to any device with ssh support. SSH is a substitute to Berkeley r-tools like telnet, rlogin, rsh and rcp which are not secure. SSH provides more security to any data that is being transported to the Internet by providing more authentication, encryption and authorization procedures. There are currently two versions of SSH available, SSH Version 1 and SSH Version 2 .
Required packages
openssh
openssl (SSL)
prngd (Psuedo Random Generator Daemon)
zlib (Z library)
Installation
#pkgadd -d openssl-0.9.6c-sol8-sparc-local
The following packages are available:
1 SMCosslc openssl
(sparc) 0.9.6c
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
#pkgadd -d prngd-0.9.23-sol8-sparc-local
The following packages are available:
1 SMCprngd prngd
(sparc) 0.9.23
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
#pkgadd -d zlib-1.1.4-sol8-sparc-local
The following packages are available:
1 SMCzlib zlib
(sparc) 1.1.4
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
#pkgadd -d openssh-3.1p1-sol8-sparc-local
The following packages are available:
1 SMCossh openssh
(sparc) 3.1p1
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
Startup Scripts:
Create a startup script for the ssh daemon.
/etc/init.d/ssh
#! /bin/sh
#
# start/stop the secure shell daemon
case "$1" in
'start')
# Start the ssh daemon
if [ -f /usr/local/sbin/sshd ]; then
echo "starting SSHD daemon"
/usr/local/sbin/sshd &
fi
;;
'stop')
# Stop the ssh deamon
PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep sshd | /usr/bin/awk '{print $1}'`
if [ ! -z "$PID" ] ; then
/usr/bin/kill ${PID} >/dev/null 2>&1
fi
;;
*)
echo "usage: /etc/init.d/sshd {start|stop}"
;;
esac
Make the script executable and create a startup script on run level 2.
#chmod +x /etc/init.d/sshd
#ln –s /etc/init.d/sshd /etc/rc2.d/S99sshd
Create a startup script for the pseudo random generator daemon.
/etc/init.d/prngd
#! /bin/sh
#
# start/stop the pseudo random generator daemon
case "$1" in
'start')
# Start the ssh daemon
if [ -f /usr/local/bin/prngd ]; then
echo "starting PRNG daemon"
/usr/local/bin/prngd /var/spool/prngd/pool&
fi
;;
'stop')
# Stop the ssh deamon
PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep prngd | /usr/bin/awk '{print $1}'`
if [ ! -z "$PID" ] ; then
/usr/bin/kill ${PID} >/dev/null 2>&1
fi
;;
*)
echo "usage: /etc/init.d/prngd {start|stop}"
;;
esac
Make the script executable and create a startup script on run level 2.
#chmod +x /etc/init.d/prngd
#ln –s /etc/init.d/prngd /etc/rc2.d/S99prngd
# /etc/init.d/prngd start
starting PRNG daemon
Info: Random pool not (yet) seeded
Could not bind socket to /var/spool/prngd/pool: No such file or directory
# mkdir -p /var/spool/prngd
#/etc/init.d/prngd start
starting PRNG daemon
# Info: Random pool not (yet) seeded
#
Next is to start the actual ssh daemon,
# /etc/init.d/sshd start
starting SSHD daemon
Could not load host key: /usr/local/etc/ssh_host_key
Could not load host key: /usr/local/etc/ssh_host_rsa_key
Could not load host key: /usr/local/etc/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
#
The errors above are due to the fact that we didn't create any key pairs for our ssh server.
Create a public key pair to support the new, DSA-based version 2 protocol
# /usr/local/bin/ssh-keygen -d -f /usr/local/etc/ssh_host_dsa_key -N ""
Generating public/private dsa key pair.
Your identification has been saved in /usr/local/etc/ssh_host_dsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_dsa_key.pub.
The key fingerprint is:
00:91:f5:8a:55:7c:ac:ff:b7:08:1f:ce:23:aa:f2:79 root@solaris8
Create a public key pair to support the old, RSA-based version 1 protocol
# /usr/local/bin/ssh-keygen -b 1024 -f /usr/local/etc/ssh_host_rsa_key -t rsa -N ""
Generating public/private rsa1 key pair.
Your identification has been saved in /usr/local/etc/ssh_host_rsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_rsa_key.pub.
The key fingerprint is:
8e:b0:1d:8a:22:f2:d2:37:1f:92:96:02:e8:74:ca:ea root@solaris8
Edit ssh daemon configuration file /usr/local/etc/sshd_config, enable protocol 2 and 1
Uncomment the line, that says
protocol 2,1
# /etc/init.d//sshd start
starting SSHD daemon
#
Your ssh server is now ready to accept a ssh session.
Error
----
# /etc/init.d/sshd start
starting SSHD daemon
Could not load host key: /usr/local/etc/ssh_host_key
# Disabling protocol version 1. Could not load host key
/var/empty must be owned by root and not group or world-writable.
fix:
Run the fol
# ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N ""
Generating public/private rsa1 key pair.
Your identification has been saved in /usr/local/etc/ssh_host_key.
Your public key has been saved in /usr/local/etc/ssh_host_key.pub.
The key fingerprint is:
cc:a2:71:07:20:2c:07:dd:a4:ef:a2:05:6d:04:87:96 root@dfm-quickview-svr
Also, I changed the ownership and permission of /var/empty as follows:
# chown root:sys empty
# chmod 755 empty
then I start ssh daemon and it is working now
# /etc/init.d/sshd start
starting SSHD daemon
Privilege separation user sshd does not exist
By : perh ( Tue Mar 16 06:04:53 2004 )
add following line in /etc/passwd
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
Introduction
Secure shell (SSH) is a protocol that provides a secure, remote connection to any device with ssh support. SSH is a substitute to Berkeley r-tools like telnet, rlogin, rsh and rcp which are not secure. SSH provides more security to any data that is being transported to the Internet by providing more authentication, encryption and authorization procedures. There are currently two versions of SSH available, SSH Version 1 and SSH Version 2 .
Required packages
openssh
openssl (SSL)
prngd (Psuedo Random Generator Daemon)
zlib (Z library)
Installation
#pkgadd -d openssl-0.9.6c-sol8-sparc-local
The following packages are available:
1 SMCosslc openssl
(sparc) 0.9.6c
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
#pkgadd -d prngd-0.9.23-sol8-sparc-local
The following packages are available:
1 SMCprngd prngd
(sparc) 0.9.23
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
#pkgadd -d zlib-1.1.4-sol8-sparc-local
The following packages are available:
1 SMCzlib zlib
(sparc) 1.1.4
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
#pkgadd -d openssh-3.1p1-sol8-sparc-local
The following packages are available:
1 SMCossh openssh
(sparc) 3.1p1
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
Startup Scripts:
Create a startup script for the ssh daemon.
/etc/init.d/ssh
#! /bin/sh
#
# start/stop the secure shell daemon
case "$1" in
'start')
# Start the ssh daemon
if [ -f /usr/local/sbin/sshd ]; then
echo "starting SSHD daemon"
/usr/local/sbin/sshd &
fi
;;
'stop')
# Stop the ssh deamon
PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep sshd | /usr/bin/awk '{print $1}'`
if [ ! -z "$PID" ] ; then
/usr/bin/kill ${PID} >/dev/null 2>&1
fi
;;
*)
echo "usage: /etc/init.d/sshd {start|stop}"
;;
esac
Make the script executable and create a startup script on run level 2.
#chmod +x /etc/init.d/sshd
#ln –s /etc/init.d/sshd /etc/rc2.d/S99sshd
Create a startup script for the pseudo random generator daemon.
/etc/init.d/prngd
#! /bin/sh
#
# start/stop the pseudo random generator daemon
case "$1" in
'start')
# Start the ssh daemon
if [ -f /usr/local/bin/prngd ]; then
echo "starting PRNG daemon"
/usr/local/bin/prngd /var/spool/prngd/pool&
fi
;;
'stop')
# Stop the ssh deamon
PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep prngd | /usr/bin/awk '{print $1}'`
if [ ! -z "$PID" ] ; then
/usr/bin/kill ${PID} >/dev/null 2>&1
fi
;;
*)
echo "usage: /etc/init.d/prngd {start|stop}"
;;
esac
Make the script executable and create a startup script on run level 2.
#chmod +x /etc/init.d/prngd
#ln –s /etc/init.d/prngd /etc/rc2.d/S99prngd
# /etc/init.d/prngd start
starting PRNG daemon
Info: Random pool not (yet) seeded
Could not bind socket to /var/spool/prngd/pool: No such file or directory
# mkdir -p /var/spool/prngd
#/etc/init.d/prngd start
starting PRNG daemon
# Info: Random pool not (yet) seeded
#
Next is to start the actual ssh daemon,
# /etc/init.d/sshd start
starting SSHD daemon
Could not load host key: /usr/local/etc/ssh_host_key
Could not load host key: /usr/local/etc/ssh_host_rsa_key
Could not load host key: /usr/local/etc/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
#
The errors above are due to the fact that we didn't create any key pairs for our ssh server.
Create a public key pair to support the new, DSA-based version 2 protocol
# /usr/local/bin/ssh-keygen -d -f /usr/local/etc/ssh_host_dsa_key -N ""
Generating public/private dsa key pair.
Your identification has been saved in /usr/local/etc/ssh_host_dsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_dsa_key.pub.
The key fingerprint is:
00:91:f5:8a:55:7c:ac:ff:b7:08:1f:ce:23:aa:f2:79 root@solaris8
Create a public key pair to support the old, RSA-based version 1 protocol
# /usr/local/bin/ssh-keygen -b 1024 -f /usr/local/etc/ssh_host_rsa_key -t rsa -N ""
Generating public/private rsa1 key pair.
Your identification has been saved in /usr/local/etc/ssh_host_rsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_rsa_key.pub.
The key fingerprint is:
8e:b0:1d:8a:22:f2:d2:37:1f:92:96:02:e8:74:ca:ea root@solaris8
Edit ssh daemon configuration file /usr/local/etc/sshd_config, enable protocol 2 and 1
Uncomment the line, that says
protocol 2,1
# /etc/init.d//sshd start
starting SSHD daemon
#
Your ssh server is now ready to accept a ssh session.
Error
----
# /etc/init.d/sshd start
starting SSHD daemon
Could not load host key: /usr/local/etc/ssh_host_key
# Disabling protocol version 1. Could not load host key
/var/empty must be owned by root and not group or world-writable.
fix:
Run the fol
# ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N ""
Generating public/private rsa1 key pair.
Your identification has been saved in /usr/local/etc/ssh_host_key.
Your public key has been saved in /usr/local/etc/ssh_host_key.pub.
The key fingerprint is:
cc:a2:71:07:20:2c:07:dd:a4:ef:a2:05:6d:04:87:96 root@dfm-quickview-svr
Also, I changed the ownership and permission of /var/empty as follows:
# chown root:sys empty
# chmod 755 empty
then I start ssh daemon and it is working now
# /etc/init.d/sshd start
starting SSHD daemon
Privilege separation user sshd does not exist
By : perh ( Tue Mar 16 06:04:53 2004 )
add following line in /etc/passwd
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
# posted by singampuli @ 8:48 pm 
