Prev Up (Under construction)

OpenSSH

End-to-end encrypted replacement of applications such as telnet, rlogin, and ftp

Compilation

V6.6p1

OpenSSH uses a couple of auxiliary libraries, some of which are mandatory (zlib, OpenSSL), others are optional (tcp-wrappers, libedit, ...).
Straightforward.
               # AIX 7.1 / C 12.1
   ./configure --prefix=/tmp/openssh-6.6p1 CC=cc CPPFLAGS="-D_LARGE_FILES -D_THREAD_SAFE" CFLAGS="-O2"
   --with-audit=debug
   --with-md5-passwords
   --with-ssl-dir=/bio/local/openssl-1.0.1g
   --with-zlib=/bio/local/zlib-1.2.7
   --with-tcp-wrappers=/bio/local/tcp_wrappers_7.6-ipv6.4
   --with-libedit=/bio/local/libedit-3.1
   --with-pie
   --with-ssl-engine

   make
   make install

V4.x

AIX 4.x

OpenSSH-4.3p2 relies heavily on OpenSSL and prngd, i.e. the respective header and library files must exist. An extensive description is here

Unpack the source distribution. Consult README.privsep how to enable privilege separation, if so desired.

   export CC=cc;                                                # use native compiler 
   export CFLAGS="-O2 -I/nfs/local/42// -I/opt/"; # location of headers for ssl and zlib
   export LDFLAGS="-L/nfs/local/42/lib -L/opt/lib"              # location of libraries for ssl and zlib 
   ./configure --prefix=/opt/openssh-4.3p2 --with-prngd-socket=/dev/egd-pool # --sysconfdir=/etc/ssh
   make clean
   make
                           # as root:
   make install

Installation/Configuration

AIX 4.x

Assume a freshly compiled or unpacked package in /opt/openssh-4.3p2
  1. It is convenient to place appropriate symbolic links to the actual directories in /opt/bin, /opt/lib, etc, by some stow procedure.
  2. Customize /opt/openssh-4.3p2/etc/ssh_config:
       ForwardX11 yes
       ForwardX11Trusted yes   # for OpenSSH 4.x, to avoid 'BadAtom' error
    
  3. Customize /opt/openssh-4.3p2/etc/sshd_config:
       XAuthLocation /usr/bin/X11/xauth
       X11Forwarding yes
       UsePrivilegeSeparation no
       PidFile /var/run/sshd.pid
       Subsystem       sftp    /opt/openssh-4.3p2/libexec/sftp-server
    
    In case X11 connections fail with the message
       X11 connection rejected because of wrong authentication
    
    strangely the entry
       X11UseLocalhost no
    
    might help
  4. Generate keys
       ssh-keygen -t rsa1 -f /opt/openssh-4.3p2/etc/ssh_host_key -N ""
       ssh-keygen -t rsa -f /opt/openssh-4.3p2/etc/ssh_host_rsa_key -N ""
       ssh-keygen -t dsa -f /opt/openssh-4.3p2/etc/ssh_host_dsa_key -N ""
    
  5. Generate subsystem
       /usr/bin/mkssys -s sshd -p /opt/openssh-4.3p2/sbin/sshd -a '-D' -u 0 -S -n 15 -f 9 -R -G local
    
    and in /etc/rc.local place (and execute once for immediate startup)
       startsrc -s sshd
    

AIX 5.x,6.1

Comes shrink-wrapped with the OSs extra CDs.
  1. Install OpenSSL first
  2. Stop any old OpenSSH subsystems:
    stopsrc -s sshd
    
  3. De-install Kerberos5 and any old OpenSSH filesets, if applicable
  4. unset LIBPATH
  5. Install OpenSSH
  6. Customize /etc/ssh/ssh_config:
       ForwardX11 yes
       ForwardX11Trusted yes   # for OpenSSH 4.x, to avoid 'BadAtom' error
    
  7. Customize /etc/ssh/sshd_config:
       PermitRootLogin no      # if applicable, e.g. for exposed machines
       ReverseMappingCheck yes # if applicable, e.g. for exposed machines
       UseDNS yes              # if applicable, e.g. for exposed machines
       XAuthLocation /usr/bin/X11/xauth
       X11Forwarding yes
       UsePrivilegeSeparation no
       ClientAliveInterval 300 # don't disconnect session
       PidFile /var/run/sshd.pid
       Subsystem       sftp    /usr/sbin/sftp-server
    
  8. For automatic startup on boot sshd needs the following line to be enabled in /etc/inittab
       l2:2:wait:/etc/rc.d/rc 2
    

HP-UX 10.x/11.x

Install the TWWfsw depots, e.g. version 4.2. If it does not configure automatically (config files are in /etc/opt/TWWfsw/openssh42/), put the startup script in the HP-UX-usual places
   /sbin/init.d/TWWopenssh42                                         #  calls /opt/TWWfsw/openssh42/sbin/sshd
   cd /sbin/rc1.d; ln -s /sbin/init.d/TWWopenssh42 K268TWWopenssh42  # shutdown
   cd /sbin/rc2.d; ln -s /sbin/init.d/TWWopenssh42 S662TWWopenssh42  # startup

HP-UX 11.11

  1. Customize /opt/ssh/etc/ssh_config:
       ForwardX11 yes
       ForwardX11Trusted yes   # for OpenSSH 4.x, to avoid 'BadAtom' error
    
  2. Customize /opt/ssh/etc/sshd_config:
       XAuthLocation /usr/bin/X11/xauth
       X11Forwarding yes
       UsePrivilegeSeparation no
       Subsystem     sftp    /opt/ssh/libexec/sftp-server
    

Solaris 10, 9

  1. Customize /etc/ssh_config (or /etc/ssh/ssh_config):
       ForwardX11 yes
    
  2. Customize /etc/sshd_config (or /etc/ssh/sshd_config):
       PermitRootLogin yes     # if applicable
       X11Forwarding yes
    

Last updated: Mon Apr 7 16:39:42 CED 2014 , M.Kraemer