topic Re: secure shell in Operating System - HP-UX

secure shell

Ramesh_1 — Thu, 27 Dec 2001 13:06:26 GMT

Hi,

I installed secure shell from the http://hpux.connect.org.uk/ and the installation went fine.
But I'm stuck there. The configuration are not clear. How do I configure the ssh on the server ?
btw, my server is on hp-ux 10.20

I tried starting the ssh by issuing a /opt/openssh2/sbin/sshd start but it threw an error " couldn't read entropy commands file /opt/openssh2/etc/ssh_prng_cmds: No such file or directory"
I'm totally lost . Would really appreciate some help. Thanx in advance.

Cheers
Ramesh

Re: secure shell

Craig Rants — Thu, 27 Dec 2001 14:15:04 GMT

Ramesh,

Below is my /sbin/init.d/sshd script for starting secure shell. You call it just like any other startup script. You will need to also create a /etc/rc.config.d/sshd file with a 0 and 1 toggle. As far as configuration goes, /opt/openssh2/etc/sshd.conf is the file you want to look at. I would get O'Reily's SSH book, it has a lot of great info about ssh. This forum is not big enough to tell all about configuring ssh. If there is a specific configuration question please let us know.

HH,
C

PATH=/usr/sbin:/usr/bin:/sbin
export PATH

# NOTE: If your script executes in run state 0 or state 1, then /usr might
# not be available. Do not attempt to access commands or files in
# /usr unless your script executes in run state 2 or greater. Other
# file systems typically not mounted until run state 2 include /var
# and /opt.

rval=0

# Check the exit value of a command run by this script. If non-zero, the
# exit code is echoed to the log file and the return value of this script
# is set to indicate failure.

set_return() {
x=$?
if [ $x -ne 0 ]; then
echo "EXIT CODE: $x"
rval=1 # script FAILed
fi
}

case $1 in
'start_msg')
# Emit a _short_ message relating to running this script with
# the "start" argument; this message appears as part of the checklist.
# the following line was the standard line. replaced by the next line.
# echo "Starting the subsystem"
echo "Starting the Secure Shell Daemon"
;;

'stop_msg')
# Emit a _short_ message relating to running this script with
# the "stop" argument; this message appears as part of the checklist.
# echo "Stopping the subsystem"
echo "Stopping the Secure Shell Daemon"
;;

'start')

# source the system configuration variables
if [ -f /etc/rc.config.d/sshd ] ; then
. /etc/rc.config.d/sshd
else
echo "ERROR: /etc/rc.config.d/sshd defaults file MISSING"
fi

# Check to see if this script is allowed to run...
if [ $SSHD != 1 ]; then
rval=2
else
echo "Starting Secure Shell Daemon"
/opt/openssh2/sbin/sshd
set_return
fi
;;

'stop')
# source the system configuration variables
if [ -f /etc/rc.config.d/sshd ] ; then
. /etc/rc.config.d/sshd
else
echo "ERROR: /etc/rc.config.d/sshd defaults file MISSING"
fi

# Check to see if this script is allowed to run...
if [ $SSHD != 1 ]; then
rval=2
else
echo "Stopping Secure Shell Daemon"
KSSH=`cat /var/run/sshd.pid`
kill -9 $KSSH
set_return
:
# Execute the commands to stop your subsystem

fi
;;

*)
echo "usage: $0 {start|stop}"
rval=1
;;
esac

exit $rval

Re: secure shell

Jeff Machols — Thu, 27 Dec 2001 14:32:20 GMT

did you configure the keys?

# /opt/openssh2/bin/ssh-keygen -t rsa1 -f /opt/openssh2/etc/ssh_host_key -N ""
# /opt/openssh2/bin/ssh-keygen -t rsa -f /opt/openssh2/etc/ssh_host_rsa_key -N ""
# /opt/openssh2/bin/ssh-keygen -t dsa -f /opt/openssh2/etc/ssh_host_dsa_key -N ""

Start the background daemon on the local host to make sure that the keys have been generated successfully.

# /opt/openssh2/sbin/sshd &

To set up the automatic startup of 'sshd' after each reboot, get a copy of these files from the source
download from http://www.openssh.org

# cp /home/openssh_config/sshd.rc /sbin/init.d
# cp /home/openssh_config/sshd /etc/rc.config.d

# ln -s /sbin/init.d/sshd.rc /sbin/rc2.d/S110sshd
# ln -s /sbin/init.d/sshd.rc /sbin/rc1.d/K890sshd

As your own user id generate a key for 'ssh' from you own home directory:

e.g.
$ cd /home/myuser
$ /opt/openssh2/bin/ssh-keygen
Enter file and press return (/home/myuser/.ssh/identity)
Enter Passphrase (not required, just press return)

Make a directory on the server at the other end to contain the authority key. This file is the same as just generated as your own user id except that is must be called /home/myuser/.ssh/authorized_keys

Before this key will work, the destination server also needs to have the 'zlib' and 'openssh' filesets installed and the 'sshd' daemon running as per the above procedures.

Re: secure shell

Jeff Machols — Thu, 27 Dec 2001 14:32:46 GMT

You did install zlib, correct?

Re: secure shell

Uday_S_Ankolekar — Thu, 27 Dec 2001 14:35:54 GMT

Hi,
Have a look at this doc..

How to Install and Configure Openssh (simple method)

Pre-requisite: You must install a product called 'zlib' prior to attempting to install 'openssh' or the installation will fail.
both 'zlib' and 'openssh' are available from the porting centre. http://hpux.connect.org.uk/

Run the 'swinstall' interactive program to install the 'zlib' filesets. Once installed the following files need to be copied:

# cp /opt/zlib/include/zlib.h /usr/include
# cp /opt/zlib/include/zconf.h /usr/include
# cp /opt/zlib/lib/libz.a /usr/lib

Run the 'swinstall' interactive program to install 'openssh'.

Once the two products have been installed a small amount of configuration will still be necessary.

# /opt/openssh2/bin/ssh-keygen -t rsa1 -f /opt/openssh2/etc/ssh_host_key -N ""
# /opt/openssh2/bin/ssh-keygen -t rsa -f /opt/openssh2/etc/ssh_host_rsa_key -N ""
# /opt/openssh2/bin/ssh-keygen -t dsa -f /opt/openssh2/etc/ssh_host_dsa_key -N ""

Start the background daemon on the local host to make sure that the keys have been generated successfully.

# /opt/openssh2/sbin/sshd &

To set up the automatic startup of 'sshd' after each reboot, get a copy of these files from the source
download from http://www.openssh.org

# cp /home/openssh_config/sshd.rc /sbin/init.d
# cp /home/openssh_config/sshd /etc/rc.config.d

# ln -s /sbin/init.d/sshd.rc /sbin/rc2.d/S110sshd
# ln -s /sbin/init.d/sshd.rc /sbin/rc1.d/K890sshd

As your own user id generate a key for 'ssh' from you own home directory:

e.g.
$ cd /home/myuser
$ /opt/openssh2/bin/ssh-keygen
Enter file and press return (/home/myuser/.ssh/identity)
Enter Passphrase (not required, just press return)

Make a directory on the server at the other end to contain the authority key. This file is the same as just generated as your own user id except that is must be called /home/myuser/.ssh/authorized_keys

Before this key will work, the destination server also needs to have the 'zlib' and 'openssh' filesets installed and the 'sshd' daemon running as per the above procedures.

Re: secure shell

Craig Rants — Thu, 27 Dec 2001 14:52:18 GMT

Ramesh,
I found my install/configuration notes for that version. Some steps that only apply to my company have been removed. Hope this helps.

Installing on a 11.00 box, for 10.20 subsititute the 10.20 name as needed
If this is a clean install instead of an upgrade, skip to step 4

4) Install openssh and dependecies
swinstall -s depotservername:/var/spool/sw/openssh
select all three packages (zlib, openssl, and openssh and proceed with install/analysis) *it should be noted that I created a bundle just for these three products

5) Generate /opt/openssh2/etc/ssh_host_key
/opt/openssh2/bin/ssh-keygen -b 1024 -f /opt/openssh2/etc/ssh_host_key -N ''

6) Generate root's key
/opt/openssh2/bin/ssh-keygen
press enter when prompted for file location
press enter when prompted for passphrase

7) Add /opt/openssh2/bin to root's .profile
cd
vi .profile
PATH=/usr/sbin:$PATH:/sbin:/opt/openssh2/bin:(make sure these entries match)

8) cd /opt/openssh2/etc
vi sshd_config
#HostKey /opt/openssh2/etc/ssh_host_dsa_key
IgnoreRhosts no
RhostsAuthentication yes
RhostsRSAAuthentication yes

9) Create the /usr/local/sbin/sshd startup (which you already have)

10) Start Secure Shell
/sbin/init.d/sshd start

11)Link scp to avoid potential scp errors with the depot version
On the client:
ln -s /opt/openssh2/bin/scp /usr/sbin/scp

GL,
C

Re: secure shell

Ramesh_1 — Fri, 28 Dec 2001 04:38:53 GMT

Hi,

It seems that the /opt/openssh2/etc directory
and the contents of the directory are not created during the installation.
The swinstall went fine but no /opt/openssh2/etc .

Ramesh