()ý
Home
Ȩ ȸҰ ý Ʈ ũ
 
 
ۼ : 10-05-25 17:37
solaris 2.6 openssh ġ
 ۾ :
ȸ : 5,781  
   http://www.sunfreeware.com/openssh26-7.html [1153]

[server][/][1] ldd /usr/local/bin/ssh
        libresolv.so.2 =>        /lib/libresolv.so.2
        libcrypto.so.0.9.7 =>    /usr/local/ssl/lib/libcrypto.so.0.9.7
        libposix4.so.1 =>        /lib/libposix4.so.1
        libz.so =>       /usr/local/lib/libz.so
        libsocket.so.1 =>        /lib/libsocket.so.1
        libnsl.so.1 =>   /lib/libnsl.so.1
        libc.so.1 =>     /lib/libc.so.1
        libdl.so.1 =>    /lib/libdl.so.1
        libgcc_s.so.1 =>         /usr/local/lib/libgcc_s.so.1
        libaio.so.1 =>   /lib/libaio.so.1
        libmp.so.2 =>    /lib/libmp.so.2
        /usr/platform/SUNW,Ultra-Enterprise/lib/libc_psr.so.1
[server][/][2]


www.sunfreeware .com ö ִ openssh-5.1p1-sol26-sparc-local.gz Ű


openssl 1.0.0 ̻ ġ Ǿ ־ ȴ. ġ Ǿ

libcrypto.so.0.9.8 ã ssh ʴ´. libcrypto.so.0.9.7 ´


http://www.sunfreeware.com/ftp/pub/freeware/sparc/5.6/ Ʈ


openssh-4.1p1-sol26-sparc-local.gz Ű ٿ ޾ ġ ϸ ȴ.

1. openssh ġ http://www.sunfreeware.com ִ Ű ġ ش.

2. prngd

 #cat /var/adm > /usr/local/etc/prngd/prngd-seed
 #vi /etc/services

    prngd           708/tcp         # prngd/EGD system service
    prngd-user      4840/tcp        # prngd/EGD user service

 #mkdir /var/spool/prngd

3.prngd ׽Ʈ
 
 #/usr/local/sbin/prngd /var/spool/prngd/pool

#!/bin/sh


pid=`/usr/bin/ps -e | /usr/bin/grep prngd | /usr/bin/sed -e 's/^ *//' -e 's/ .*//'`
case $1 in
'start')
/usr/local/sbin/prngd /var/spool/prngd/pool
;;
'stop')
if [ "${pid}" != "" ]
then
/usr/bin/kill ${pid}
fi
;;
*)
echo "usage: /etc/init.d/prngd {start|stop}"
;;
esac

placed in /etc/init.d with file name prngd and then as root run


# chown root /etc/init.d/prngd
# chgrp sys /etc/init.d/prngd
# chmod 555 /etc/init.d/prngd
# ln -s /etc/init.d/prngd /etc/rc2.d/S98prngd

# /etc/rc2.d/S98prngd start

will start the process if you want to do it by hand and

# /etc/rc2.d/S98prngd stop

will stop the prngd daemon. You can test that this script actually starts the prngd daemon at boot time by rebooting your system and then doing

ps -e | grep prngd

to see if the process is started.

Step Four: Setting up the sshd user and the /var/empty directory

In openssh 3.5p1, a new security method is setup called privilege separation. The details can be found in the README.privsep file in the openssh source distribution. This method is now the default in openssh. Before doing anything else, you should read the above document and if you agree, implement these steps as root:

# mkdir /var/empty

# chown root:sys /var/empty
# chmod 755 /var/empty
# groupadd sshd
# useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd

/var/empty should not contain any files.

The default sshd_config file /usr/local/etc has the last line

Subsystem sftp /usr/libexec/sftp-server

This may need to be changed to

Subsystem sftp /usr/local/libexec/sftp-server

If you do not do this and attempt to start up sshd, you will get error messages and the daemon will not start.


Step Five: Setting up tcp_wrappers

The next step it to setup tcp_wrappers. First read the README.tcpwrappers so that you know what tcp_wrappers does and how. Basically, tcp_wrappers is used to restrict to some limited group of machines access to your communication ports such as the port 22 that the sshd program uses. If you have tcp_wrappers running already, then you will only need to make sure that the sshd daemon entry is placed in the /etc/hosts.allow and /etc/hosts.deny files in a way that is appropriate to your setup. If you are not currently running tcp_wrappers, you can first create the file /etc/hosts.deny and put the single line

sshd: ALL

in it. Then, create the file /etc/hosts.allow file and put a line, for example, like

sshd: ... a list of the IP numbers of machine you want to be able to communicate with your machine separated by commas ...

in the file. We will test these entries later.

Step Six: Installing ssh and sshd

This is the final step. You should have read the README.openssl and INSTALL.openssl documents and you should also have read the openssh documents README.openssh and INSTALL.openssh.

Each machine that you want to communicate with via the ssh client will need to have an sshd daemon running. But first, you need to run the following three lines to create the key information for the server machine. Again, make sure you have /usr/local/bin and /usr/local/sbin in your PATH. If you have been running sshd before and have keys in /usr/local/etc, running these commands will overwrite them. As root, enter

# ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N ""

# ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N ""
# ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N ""

and wait until each is done - this may take a few minutes depending on the speed of your machine.


You might also want to study the /usr/local/etc/ssh_config and /usr/local/etc/sshd_config files to see if there is anything you want to configure differently.

Now we can set up scripts to start the sshd daemon. I use the script below which I place in /etc/init.d as sshd, but you are free to devise others to match your needs. There have been some comments on the net recently in the sun-managers mailing list that this script should be replaced. See the post below for details.

#!/bin/sh


pid=`/usr/bin/ps -e | /usr/bin/grep sshd | /usr/bin/sed -e 's/^ *//' -e 's/ .*//'`
case $1 in
'start')
/usr/local/sbin/sshd
;;
'stop')
if [ "${pid}" != "" ]
then
/usr/bin/kill ${pid}
fi
;;
*)
echo "usage: /etc/init.d/sshd {start|stop}"
;;
esac



Alternative script comments


Date: Mon, 13 Jan 2003 14:43:53 -0600 (CST)

From: "Mike's List"
To: sunmanagers@sunmanagers.org
Subject: SUMMARY: sshd weirdness

Lots of responses on this one, I used the basic script below (from Luc).
Most responded that the script for the sunfreeware.com is badly written
and that the error or non-existence PID is from the grep to kill sshd.
I'm no script expert, only reporting what others replied.

Some recommends search for the /var/run/sshd.pid, this way your ssh
terminal won't get zap while sshd daemon is re-hup or stop/start.

Thanks all.


- Mike


case "$1" in
'start')
if [ -x /usr/local/sbin/sshd ]; then
echo "Starting the secure shell daemon"
/usr/local/sbin/sshd &
fi
;;

'stop')
echo "Stopping the secure shell daemon "
pkill -TERM sshd
;;
*)
echo "Usage: /etc/init.d/sshd { start | stop }"
;;
esac
exit 0


On Fri, 10 Jan 2003, Mike's List wrote:

> Ok, quite a few asked to see the script (below) --Solaris 8 2/02 running
> sunfreeware.com openssh 3.5p1 --a couple of suggestions below doing
>
> /bin/sh -x /etc/init.d/sshd stop
>
> ...to see what's going on, I'm in the server remotely right now so I can't
> stop/start (because stop would just kills all the sshd processes and I
> can't get back in to start).
>
>
> - Mike
>
>
> #!/bin/sh
> pid=`/usr/bin/ps -e | /usr/bin/grep sshd | /usr/bin/sed -e 's/^ *//' -e 's/ .*//'`
> case $1 in
> 'start')
> /usr/local/sbin/sshd
> ;;
> 'stop')
> if [ "${pid}" != "" ]
> then
> /usr/bin/kill ${pid}
> fi
> ;;
> *)
> echo "usage: /etc/init.d/sshd {start|stop}"
> ;;
> esac

End of alternative script comment

I then do

# chown root /etc/init.d/sshd
# chgrp sys /etc/init.d/sshd
# chmod 555 /etc/init.d/sshd
# ln -s /etc/init.d/sshd /etc/rc2.d/S98sshd

# /etc/rc2.d/S98sshd start

will start the process if you want to do it by hand and

# /etc/rc2.d/S98sshd stop

will stop the sshd daemon. You can check this with

# ps -e | grep sshd

ڼ Ʒ ũ .


 
 

Total 185
ȣ     ۾ ¥ ȸ
185 E250 ػ
2010/07/14 6447
184 sendmail collect: I/O error on connection
2010/06/25 10902
183 ldd ̿ ̺귯 Ȯ ϱ
2010/06/14 16074
182 solaris 2.6 openssh ġ
2010/05/25 5782
181 solaris 10 sendmail
2010/05/17 11250
180 solaris 10 sendmail online
2010/05/14 6998
179 M3000 - xscf network
2010/04/26 19583
178 v440 on-board differential scsi
2009/11/10 11509
177 solaris display
2009/10/16 11255
176 T2000 OS ġ px1: spurious interrupt from ino
2009/09/04 10780
175 T2000 ġ consconfig_dacf ߻
2009/09/04 12337
174 solaris 8 nfs ~~~ ؼ...
2009/05/14 10684
173 sorry no swap space to grow ~
2008/09/24 8646
172 /etc/path_to_inst
2008/08/14 10233
171 sendmail
2008/06/30 8042
 1  2  3  4  5  6  7  8  9  10    
 
 
 
Administrator Login