unixwerk1. Juli 2003
Installation von openssh unter Solaris 8
Inhalt
- Installation folgender Pakete
- Erzeugen der Entropie
- Generierung der ssh-Hostkeys
- Änderungen am System
- System-V-Init-Skript
- Erzeugen der Links für den System-Start und -Stopp
I. Installation folgender Pakete:
sunny# pkginfo -c application application SMCegd egd application SMClibgcc lgcc application SMCossh openssh application SMCossl openssl application SMCperl perl application SMCprngd prngd application SMCzlib zlib |
Falls diese noch nicht installiert sind, müssen sie nachinstalliert werden. Alle Pakete sind z.B. bei www.sunfreeware.com (Deutscher Mirror: sunsite.informatik.rwth-aachen.de) zu bekommen:
sunny# pkgadd -d zlib-1.1.4-sol8-sparc-local sunny# pkgadd -d tar-1.13.19-sol8-sparc-local sunny# pkgadd -d libgcc-3.3-sol8-sparc-local sunny# pkgadd -d openssl-0.9.7b-sol8-sparc-local sunny# pkgadd -d openssh-3.6.1p1-sol8-sparc-local sunny# pkgadd -d egd-0.8-sol8-sparc-local sunny# pkgadd -d prngd-0.9.25-sol8-sparc-local sunny# pkgadd -d perl-5.8.0-sol8-sparc-local |
II. Erzeugen der Entropie:
sunny# cat /var/log/syslog > /usr/local/etc/prngd/prngd-seed sunny# mkdir /var/spool/prngd sunny# /usr/local/sbin/prngd /var/spool/prngd/pool sunny# /usr/local/bin/egc.pl /var/spool/prngd/pool get sunny# /usr/local/sbin/prngd sunny# ln -s /var/spool/prngd/pool /dev/egd-pool |
III. Generierung der ssh-Hostkeys:
sunny# ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/root/.ssh/id_dsa): /usr/local/etc/ssh_host_dsa_key Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /usr/local/etc/ssh_host_dsa_key. Your public key has been saved in /usr/local/etc/ssh_host_dsa_key.pub. The key fingerprint is: ba:cd:ef:4b:1e:29:c7:e3:92:42:05:f4:2a:40:cc:09 root@sunny sunny# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): /usr/local/etc/ssh_host_rsa_key Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /usr/local/etc/ssh_host_rsa_key. Your public key has been saved in /usr/local/etc/ssh_host_rsa_key.pub. The key fingerprint is: 80:b2:c5:9b:ef:d9:0c:ae:e3:98:50:34:e9:8a:c0:c2 root@sunny sunny# ssh-keygen -t rsa1 Generating public/private rsa1 key pair. Enter file in which to save the key (/root/.ssh/identity): /usr/local/etc/ssh_host_key Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /usr/local/etc/ssh_host_key. Your public key has been saved in /usr/local/etc/ssh_host_key.pub. The key fingerprint is: 6c:1f:38:21:40:56:85:c6:e0:67:e4:5c:5b:72:42:33 root@sunny |
IV. Änderungen am System:
sunny# mkdir /var/empty sunny# chown root:sys /var/empty sunny# chmod 755 /var/empty sunny# groupadd sshd sunny# useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd |
V. System-V-Init-Skript:
Damit der SSH-Dämon beim Systemstart automatisch mitgestartet wird, muss noch ein Init-Skript geschrieben werden (/etc/init.d/sshd), das z.B. wie folgt aussehen könnte:
#!/bin/sh
_ps="/usr/bin/ps"
_grep="/usr/bin/grep"
_sed="/usr/bin/sed"
_sort="/usr/bin/sort"
_head="/usr/bin/head"
_kill="/usr/bin/kill"
PRNGD_PID=`$_ps -e | $_grep prngd | $_grep -v grep | $_sed -e 's/^ *//' -e 's/ .*//'`
SSHD_PID=`$_ps -e | $_grep sshd | $_grep -v grep | $_sort | $_sed -e 's/^ *//' -e 's/ .*//'`
case"$1" in
"start")
test -z "$PRNGD_PID" && /usr/local/sbin/prngd /var/spool/prngd/pool
test -z "$SSHD_PID" && /usr/local/sbin/sshd
;;
"stop")
test -n "$PRNGD_PID" && $_kill $PRNGD_PID
test -n "$SSHD_PID" || break
for PID in $SSHD_PID
do
$_kill $PID
done
;;
*)
echo "usage: $0 start|stop"
;;
esac
|
VI. Erzeugen der Links für den System-Start und -Stopp:
sunny# cd /etc/init.d/rc2.d sunny# ln ../init.d/sshd S89sshd sunny# cd /etc/init.d/rc0.d/ sunny# ln ../init.d/sshd K39sshd sunny# cd /etc/init.d/rc1.d sunny# ln ../init.d/sshd K39sshd sunny# cd /etc/init.d/rcS.d sunny# ln ../init.d/sshd K39sshd |