(주)레디시스템
Home
홈으로 회사소개 시스템 웹 사이트맵 헬프데스크
 
 
작성일 : 10-05-25 17:37
solaris 2.6 openssh 설치
 글쓴이 : 관리자
조회 : 4,766  
   http://www.sunfreeware.com/openssh26-7.html [779]

[server][/][1] ldd /usr/local/bin/ssh
        libresolv.so.2 =>        /lib/libresolv.so.2
        libcrypto.so.0.9.7 =>    /usr/local/ssl/lib/libcrypto.so.0.9.7
        libposix4.so.1 =>        /lib/libposix4.so.1
        libz.so =>       /usr/local/lib/libz.so
        libsocket.so.1 =>        /lib/libsocket.so.1
        libnsl.so.1 =>   /lib/libnsl.so.1
        libc.so.1 =>     /lib/libc.so.1
        libdl.so.1 =>    /lib/libdl.so.1
        libgcc_s.so.1 =>         /usr/local/lib/libgcc_s.so.1
        libaio.so.1 =>   /lib/libaio.so.1
        libmp.so.2 =>    /lib/libmp.so.2
        /usr/platform/SUNW,Ultra-Enterprise/lib/libc_psr.so.1
[server][/][2]


현재 www.sunfreeware .com 에 올라와 있는 openssh-5.1p1-sol26-sparc-local.gz 패키지는


openssl 버젼이 1.0.0 이상이 설치 되어 있어야 된다. 이하 버젼이 설치 되어 있을 경우

위 libcrypto.so.0.9.8 을 찾기 때문에 ssh 실행 되지 않는다. libcrypto.so.0.9.7 맞는 버젼은


http://www.sunfreeware.com/ftp/pub/freeware/sparc/5.6/ 사이트에서


openssh-4.1p1-sol26-sparc-local.gz 이하 패키지을 다운 받아 설치 하면 된다.

1. openssh 설치 위한 http://www.sunfreeㄴware.com 에 나와 있는 의존성 패키지들을 설치해 준다.

2. prngd 설정

 #cat /var/adm > /usr/local/etc/prngd/prngd-seed
 #vi /etc/services 등록

    prngd           708/tcp         # prngd/EGD system service
    prngd-user      4840/tcp        # prngd/EGD user service

 #mkdir /var/spool/prngd

3.prngd 실행 테스트
 
 #/usr/local/sbin/prngd /var/spool/prngd/pool

#!/bin/sh


pid=`/usr/bin/ps -e | /usr/bin/grep prngd | /usr/bin/sed -e 's/^ *//' -e 's/ .*//'`
case $1 in
'start')
/usr/local/sbin/prngd /var/spool/prngd/pool
;;
'stop')
if [ "${pid}" != "" ]
then
/usr/bin/kill ${pid}
fi
;;
*)
echo "usage: /etc/init.d/prngd {start|stop}"
;;
esac

placed in /etc/init.d with file name prngd and then as root run


# chown root /etc/init.d/prngd
# chgrp sys /etc/init.d/prngd
# chmod 555 /etc/init.d/prngd
# ln -s /etc/init.d/prngd /etc/rc2.d/S98prngd

# /etc/rc2.d/S98prngd start

will start the process if you want to do it by hand and

# /etc/rc2.d/S98prngd stop

will stop the prngd daemon. You can test that this script actually starts the prngd daemon at boot time by rebooting your system and then doing

ps -e | grep prngd

to see if the process is started.

Step Four: Setting up the sshd user and the /var/empty directory

In openssh 3.5p1, a new security method is setup called privilege separation. The details can be found in the README.privsep file in the openssh source distribution. This method is now the default in openssh. Before doing anything else, you should read the above document and if you agree, implement these steps as root:

# mkdir /var/empty

# chown root:sys /var/empty
# chmod 755 /var/empty
# groupadd sshd
# useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd

/var/empty should not contain any files.

The default sshd_config file /usr/local/etc has the last line

Subsystem sftp /usr/libexec/sftp-server

This may need to be changed to

Subsystem sftp /usr/local/libexec/sftp-server

If you do not do this and attempt to start up sshd, you will get error messages and the daemon will not start.


Step Five: Setting up tcp_wrappers

The next step it to setup tcp_wrappers. First read the README.tcpwrappers so that you know what tcp_wrappers does and how. Basically, tcp_wrappers is used to restrict to some limited group of machines access to your communication ports such as the port 22 that the sshd program uses. If you have tcp_wrappers running already, then you will only need to make sure that the sshd daemon entry is placed in the /etc/hosts.allow and /etc/hosts.deny files in a way that is appropriate to your setup. If you are not currently running tcp_wrappers, you can first create the file /etc/hosts.deny and put the single line

sshd: ALL

in it. Then, create the file /etc/hosts.allow file and put a line, for example, like

sshd: ... a list of the IP numbers of machine you want to be able to communicate with your machine separated by commas ...

in the file. We will test these entries later.

Step Six: Installing ssh and sshd

This is the final step. You should have read the README.openssl and INSTALL.openssl documents and you should also have read the openssh documents README.openssh and INSTALL.openssh.

Each machine that you want to communicate with via the ssh client will need to have an sshd daemon running. But first, you need to run the following three lines to create the key information for the server machine. Again, make sure you have /usr/local/bin and /usr/local/sbin in your PATH. If you have been running sshd before and have keys in /usr/local/etc, running these commands will overwrite them. As root, enter

# ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N ""

# ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N ""
# ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N ""

and wait until each is done - this may take a few minutes depending on the speed of your machine.


You might also want to study the /usr/local/etc/ssh_config and /usr/local/etc/sshd_config files to see if there is anything you want to configure differently.

Now we can set up scripts to start the sshd daemon. I use the script below which I place in /etc/init.d as sshd, but you are free to devise others to match your needs. There have been some comments on the net recently in the sun-managers mailing list that this script should be replaced. See the post below for details.

#!/bin/sh


pid=`/usr/bin/ps -e | /usr/bin/grep sshd | /usr/bin/sed -e 's/^ *//' -e 's/ .*//'`
case $1 in
'start')
/usr/local/sbin/sshd
;;
'stop')
if [ "${pid}" != "" ]
then
/usr/bin/kill ${pid}
fi
;;
*)
echo "usage: /etc/init.d/sshd {start|stop}"
;;
esac



Alternative script comments


Date: Mon, 13 Jan 2003 14:43:53 -0600 (CST)

From: "Mike's List"
To: sunmanagers@sunmanagers.org
Subject: SUMMARY: sshd weirdness

Lots of responses on this one, I used the basic script below (from Luc).
Most responded that the script for the sunfreeware.com is badly written
and that the error or non-existence PID is from the grep to kill sshd.
I'm no script expert, only reporting what others replied.

Some recommends search for the /var/run/sshd.pid, this way your ssh
terminal won't get zap while sshd daemon is re-hup or stop/start.

Thanks all.


- Mike


case "$1" in
'start')
if [ -x /usr/local/sbin/sshd ]; then
echo "Starting the secure shell daemon"
/usr/local/sbin/sshd &
fi
;;

'stop')
echo "Stopping the secure shell daemon "
pkill -TERM sshd
;;
*)
echo "Usage: /etc/init.d/sshd { start | stop }"
;;
esac
exit 0


On Fri, 10 Jan 2003, Mike's List wrote:

> Ok, quite a few asked to see the script (below) --Solaris 8 2/02 running
> sunfreeware.com openssh 3.5p1 --a couple of suggestions below doing
>
> /bin/sh -x /etc/init.d/sshd stop
>
> ...to see what's going on, I'm in the server remotely right now so I can't
> stop/start (because stop would just kills all the sshd processes and I
> can't get back in to start).
>
>
> - Mike
>
>
> #!/bin/sh
> pid=`/usr/bin/ps -e | /usr/bin/grep sshd | /usr/bin/sed -e 's/^ *//' -e 's/ .*//'`
> case $1 in
> 'start')
> /usr/local/sbin/sshd
> ;;
> 'stop')
> if [ "${pid}" != "" ]
> then
> /usr/bin/kill ${pid}
> fi
> ;;
> *)
> echo "usage: /etc/init.d/sshd {start|stop}"
> ;;
> esac

End of alternative script comment

I then do

# chown root /etc/init.d/sshd
# chgrp sys /etc/init.d/sshd
# chmod 555 /etc/init.d/sshd
# ln -s /etc/init.d/sshd /etc/rc2.d/S98sshd

# /etc/rc2.d/S98sshd start

will start the process if you want to do it by hand and

# /etc/rc2.d/S98sshd stop

will stop the sshd daemon. You can check this with

# ps -e | grep sshd

자세 사항은 아래 링크 참조.


 
 

Total 185
번호 제   목 글쓴이 날짜 조회
185 E250 해상도 변경
관리자
2010/07/14 5849
184 sendmail collect: I/O error on connection
관리자
2010/06/25 10208
183 ldd 명령 이용한 라이브러리 확인 하기
관리자
2010/06/14 14992
182 solaris 2.6 openssh 설치
관리자
2010/05/25 4767
181 solaris 10 sendmail
관리자
2010/05/17 10628
180 solaris 10 sendmail online 관련
관리자
2010/05/14 6005
179 M3000 - xscf network 설정
관리자
2010/04/26 18623
178 v440 on-board differential scsi
관리자
2009/11/10 10890
177 solaris display 관련
관리자
2009/10/16 10682
176 T2000 OS 설치시 px1: spurious interrupt from ino
관리자
2009/09/04 10156
175 T2000 설치시 consconfig_dacf 에러 발생시
관리자
2009/09/04 11592
174 solaris 8 nfs ~~~ 관련해서...
관리자
2009/05/14 10008
173 sorry no swap space to grow ~
관리자
2008/09/24 8038
172 /etc/path_to_inst 인한 부팅 문제시
관리자
2008/08/14 9619
171 sendmail
관리자
2008/06/30 7399
 1  2  3  4  5  6  7  8  9  10    
 
문서 상단으로
 
 
Administrator Login
웹마스터