[Next] [Previous] [Up] [Top] [Contents]

CHAPTER 29 Secure Shell, SSH

29.6 Installation

The source can be obtained from a number of places, including ftp://ftp.net.ohio-state.edu/pub/security/ssh, with the latest version being 1.2.14. For version 1.2.13 the source and Solaris 2.4 compiled files are at: ftp://www-wks.acs.ohio-state.edu/pub/solaris2/src/ssh-1.2.13.tar.gz.
To compile the source and install the software do the following:

zcat ssh-1.2.13.tar.gz | tar -xvBf - ; cd ssh-1.2.13 # Open up the files

Configure the setup, (see the files README, OVERVIEW, INSTALL and the man pages). The default is to put the client files will be installed in the bin directory under the prefix (default is /usr/local) and the server in sbin, e.g.:
./configure --prefix=/opt/local --with-rsh=/bin/rsh

make

make install

Set the daemon up to run at boot. The following script should do this for you. It can be found as: ftp://sunos-wks.acs.ohio-state.edu/pub/solaris2/src/setup_ssh.sh. This script will:

enable the daemon to be started at boot time

generate the host key for the machine

sets up default configuration files for clients and server

log server connections using LOCAL6 through syslogd to /var/log/sshd_log

start the server
Later you can edit the control files as desired. Should you change entries in /etc/sshd_config you will need to send a HUP signal to sshd so that it will reread this file.

#!/bin/sh

# Frank Fiamingo March 15, 1996

# Script to setup sshd

# name: ssh

# vers: 1.2.13

# source: ftp://ftp.net.ohio-state.edu/pub/security/ssh

date=`date +%m/%d/%y`

top=/usr

OS=`uname -s`

OSlevel=`uname -r|cut -c1`

if [ "$OSlevel" = "5" ]; then

if [ "$OS" = "SunOS" ]; then

top=/opt

fi

fi

if [ "$OSlevel" = "5" ]; then # Solaris 2.X or IRIX 5.X

if [ ! -f /etc/init.d/sshd ];then

cat << EOF_init.d > /etc/init.d/sshd

#!/bin/sh

#

# start up sshd, installed by $USER, $date

#

case "\$1" in

'start')

if [ -x $top/local/sbin/sshd ]; then

$top/local/sbin/sshd && \\

echo "Starting sshd daemon, takes about 1 minute... "

fi

;;

'stop')

[ ! -f /etc/sshd.pid ] && exit 0

syspid=\`cat /etc/sshd.pid\`

if [ "\$syspid" -gt 0 ]; then

echo "Stopping the sshd daemon."

kill -15 \$syspid 2>&1 | /bin/grep -v "no such process"

fi

;;

*)

echo "Usage: /etc/init.d/sshd { start | stop }"

;;

esac

exit 0

EOF_init.d

chmod 755 /etc/init.d/sshd

(cd /etc/rc2.d ; ln -s ../init.d/sshd S99sshd )

fi

fi # end if for OSlevel=5

if [ "$OSlevel" = "4" ]; then # Solaris 1.X

if [ -f /etc/rc.local ]; then

grep $top/local/sbin/sshd /etc/rc.local >/dev/null 2>&1 ||

cat << EOF_rc.local >> /etc/rc.local

#

# sshd daemon, installed by $USER, $date

if [ -x $top/local/sbin/sshd ]; then

$top/local/sbin/sshd && echo ' Starting sshd '

fi

EOF_rc.local

else

echo "/etc/rc.local not found ..."

fi

fi # end if for OSlevel=4

if [ ! -f /etc/ssh_host_key ];then

echo ""

echo "We're now going to generate the host key for this machine."

echo "We'll use a null passphrase."

echo "This will take a little while ..."

rm -f /.ssh/identity /.ssh/identity.pub

(echo /.ssh/identity | ssh-keygen -N "" ) && echo "Done."

cp /.ssh/identity /etc/ssh_host_key && chmod 600 /etc/ssh_host_key

cp /.ssh/identity.pub /etc/ssh_host_key.pub

fi

# Configure the client service with the file /etc/ssh_config

if [ ! -f /etc/ssh_config ];then

cat << EOF_ssh > /etc/ssh_config

# This is the ssh client system-wide configuration file.

# It provides the defaults, whose values can be changed in

# the user's own configuration file or on the command line.

RhostsAuthentication no

RhostsRSAAuthentication no

RSAAuthentication yes

PasswordAuthentication yes

StrictHostKeyChecking yes

EOF_ssh

fi

# Configure the daemon with the file /etc/sshd_config

if [ ! -f /etc/sshd_config ];then

cat << EOF_sshd > /etc/sshd_config

# This is the ssh server system-wide configuration file.

Port 22

AllowHosts 128.146.226.* 128.146.116.*

ListenAddress 0.0.0.0

HostKey /etc/ssh_host_key

ServerKeyBits 768

LoginGraceTime 600

KeyRegenerationInterval 3600

PermitRootLogin yes

QuietMode no

FascistLogging no

PrintMotd no

SyslogFacility LOCAL6

RhostsAuthentication no

RhostsRSAAuthentication no

RSAAuthentication yes

PasswordAuthentication no

EOF_sshd

fi

# If the daemon configuration file was set up at install, make sure

# that we log to local6

grep "SyslogFacility LOCAL6" /etc/sshd_config >/dev/null 2>&1 ||

if sed -e 's/DAEMON/LOCAL6/' /etc/sshd_config > tmp_sshd_config

then

mv tmp_sshd_config /etc/sshd_config

else

echo "SyslogFacility LOCAL6" >> /etc/sshd_config

fi

# If the daemon's currently running, stop it.

if [ -f /etc/sshd.pid ];then

kill -15 `cat /etc/sshd.pid`

fi

# Make sure that syslog logs sshd reports to a separate file

# In the following we use tabs, not spaces, as separators.

grep local6 /etc/syslog.conf >/dev/null 2>&1 ||

(echo "local6.debug /var/log/sshd_log" >> /etc/syslog.conf;\

touch /var/log/sshd_log; \

kill -HUP `cat /etc/syslog.pid` )

# Start the daemon

$top/local/sbin/sshd

echo ""

echo "This host should now be running the sshd daemon."

echo "You will still need to edit /etc/ssh_known_hosts to put the "

echo "desired public host keys for the machines you want to trust."

Unix System Administration - 8 AUG 1996
[Next] [Previous] [Up] [Top] [Contents]