공룡호가 사는 세상 이야기

SSH setting for Solaris 8

Introduction:
Secure shell (SSH) is a protocol that provides a secure, remote connection to any device with ssh support. SSH is a substitute to Berkeley r-tools like telnet, rlogin, rsh and rcp which are not secure. SSH provides more security to any data that is being transported to the Internet by providing more authentication, encryption and authorization procedures. There are currently two versions of SSH available, SSH Version 1 and SSH Version 2

Required packages:
All of the required packages of this tutorial is available from http://www.sunfreeware.com

openssh
openssl (SSL)
prngd (Psuedo Random Generator Daemon)
zlib (Z library)

Installation:
#pkgadd -d openssl-0.9.6c-sol8-sparc-local

The following packages are available:
1 SMCosslc openssl
(sparc) 0.9.6c

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:

#pkgadd -d prngd-0.9.23-sol8-sparc-local

The following packages are available:
1 SMCprngd prngd
(sparc) 0.9.23

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:

#pkgadd -d zlib-1.1.4-sol8-sparc-local

The following packages are available:
1 SMCzlib zlib
(sparc) 1.1.4

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:

#pkgadd -d openssh-3.1p1-sol8-sparc-local

The following packages are available:
1 SMCossh openssh
(sparc) 3.1p1

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:

Startup Scripts:
Create a startup script for the ssh daemon.
/etc/init.d/ssh

#! /bin/sh
#
# start/stop the secure shell daemon

case "$1" in

'start')
     # Start the ssh daemon
     if [ -f /usr/local/sbin/sshd ]; then
          echo "starting SSHD daemon"
          /usr/local/sbin/sshd &
     fi
     ;;

'stop')
     # Stop the ssh deamon
     PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep sshd | /usr/bin/awk '{print $1}'`
     if [ ! -z "$PID" ] ; then
          /usr/bin/kill ${PID} >/dev/null 2>&1
     fi
     ;;

*)
     echo "usage: /etc/init.d/sshd {start|stop}"
     ;;

esac

Make the script executable and create a startup script on run level 2.

#chmod +x /etc/init.d/sshd
#ln 뻮 /etc/init.d/sshd /etc/rc2.d/S99sshd

Create a startup script for the pseudo random generator daemon.
/etc/init.d/prngd

#! /bin/sh
#
# start/stop the pseudo random generator daemon

case "$1" in

'start')
     # Start the ssh daemon
     if [ -f /usr/local/bin/prngd ]; then
          echo "starting PRNG daemon"
          /usr/local/bin/prngd /var/spool/prngd/pool&
     fi
     ;;

'stop')
     # Stop the ssh deamon
     PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep prngd | /usr/bin/awk '{print $1}'`
     if [ ! -z "$PID" ] ; then
          /usr/bin/kill ${PID} >/dev/null 2>&1
     fi
     ;;

*)
     echo "usage: /etc/init.d/prngd {start|stop}"
     ;;

esac

Make the script executable and create a startup script on run level 2.

#chmod +x /etc/init.d/prngd
#ln 뻮 /etc/init.d/prngd /etc/rc2.d/S99prngd

# /etc/init.d/prngd start
starting PRNG daemon
Info: Random pool not (yet) seeded
Could not bind socket to /var/spool/prngd/pool: No such file or directory
# mkdir -p /var/spool/prngd
#/etc/init.d/prngd start
starting PRNG daemon
# Info: Random pool not (yet) seeded
#
Next is to start the actual ssh daemon,
# /etc/init.d/sshd start
starting SSHD daemon
Could not load host key: /usr/local/etc/ssh_host_key
Could not load host key: /usr/local/etc/ssh_host_rsa_key
Could not load host key: /usr/local/etc/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
#

The errors above are due to the fact that we didn't create any key pairs for our ssh server.

Create a public key pair to support the new, DSA-based version 2 protocol

# /usr/local/bin/ssh-keygen -d -f /usr/local/etc/ssh_host_dsa_key -N ""

Generating public/private dsa key pair.
Your identification has been saved in /usr/local/etc/ssh_host_dsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_dsa_key.pub.
The key fingerprint is:
00:91:f5:8a:55:7c:ac:ff:b7:08:1f:ce:23:aa:f2:79 root@solaris8

Create a public key pair to support the old, RSA-based version 1 protocol

# /usr/local/bin/ssh-keygen -b 1024 -f /usr/local/etc/ssh_host_rsa_key -t rsa -N ""
Generating public/private rsa1 key pair.
Your identification has been saved in /usr/local/etc/ssh_host_rsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_rsa_key.pub.
The key fingerprint is:
8e:b0:1d:8a:22:f2:d2:37:1f:92:96:02:e8:74:ca:ea root@solaris8

Edit ssh daemon configuration file /usr/local/etc/sshd_config, enable protocol 2 and 1
Uncomment the line, that says

protocol 2,1

# /etc/init.d//sshd start
starting SSHD daemon
#

Your ssh server is now ready to accept a ssh session.