OpenSSH
•SunSolve random patches 112438-01
#patchadd 112438-01
•Install /dev/random
#pkgadd -d ANDIrand-0.7-5.8-sparc-1.pkg
(www.cosy.sbg.ac.at/~andi/)
•Install
openssh-3.p1-sol8-sparc-local
openssl-0.9.6d-sol8-sparc-local
tcp_wrapper-7.6-sol8-sparf-local
zlib.1.1.4-sol8-sparc-local
optional:
perl-5.6.1-sol8-sparc-local
prngd-0.9.25-sol8-sparc-local
egd-0.8.-sol8-sparc-local
•Put /usr/local/bin /usr/local/sbin in the path
•Setup sshd user and the /var/emty directory
#mkdir /var/empty
#chown root:sys /var/empty
#chmod 755 /var/empty
#groupadd sshd
#useradd -g sshd -c ‘sshd privsep’ -d /var/empty -s /bin/false sshd
•Setup tcp wrappers
/etc/hosts.deny: sshd:ALL
/etc/hosts.allow:
•Install ssh and sshd
#ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N “”
#ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N “”
#ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N “”
•Setup scripts to start sshd
vi /etc/init.d/sshd
#chmod 555 /etc/init.d/sshd
#ln -s /etc/init.d/sshd /etc/rc2.d/S98sshd
Lazy ssh authentication (ssh2)
* Login the source machine and cd to home directory.
* dev$ ssh-keygen -t rsa
* dev$ scp .ssh/id_rsa.pub jmli@oakdev1:~/.ssh
* Login the target machine and cd to home directory.
* sev$ cd ./ssh
* sev$ cat id_rsa.pub >> authorized_keys2
* sev$ chmod go-w authorized_keys2
• Usage Examples
scp file.jar jmli@oakdev1:/tmp
•sshd_config
(For Linx)
UsePrivilegeSeparation no