System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Installing SSH (OpenSSH) on HP-UX 11.00 and 10.20

Jared Rudy
Advisor

Installing SSH (OpenSSH) on HP-UX 11.00 and 10.20

HP doesn't supply SecureShell (HP's renamed OpenSSH) for versions older then HP-UX 11iv1. HP cannot call it OpenSSH for legal reasons so they simple call it SecureShell. To install OpenSSH on older version of HP-UX follow the following instructions. Note this document was written using HP-UX 11i (B.11.00).

1. Visit Merijn's HP-UX software download page:
http://www.cmve.net/merijn/downloads.html
Locate section for your particular setup and download zlib, OpenSSL and OpenSSH:
For HP-UX 11.00 32 bit:
zlib-1.2.3.sl
OpenSSH 4.0p1
OpenSSL 0.9.7d

2. Install libz.sl
Extract zlib-1.2.3.sl and rename to libz.sl
Move to correct directory: mv libz.sl /usr/local/lib/
SSH looks for libz.sl in /pro/local/lib which most likely doesn't exist on your system. To fix this create a symbolic for /pro to /usr: ln -s /usr/ /pro
Update to correct permissions: chmod 755 /usr/local/bin/libz.sl

3. Install openssl then openssh:
swinstall -s /full/path/openssl-0.9.7d-11.00.sd
swinstall -s /root/temp/openssh-4.0p1-11.00.sd

4. OpenSSH uses a random number generator to create unique keys. HP-UX 10.20 and 11.00 don't have a strong random number generator so if one attempts to use ssh after installing the above software will receive error: PRNG is not seeded. It might be possible in your environment to download, compile and install a strong random number generator; but most likely not, so to seed PRNG manually do the following:

echo â j;ldsajf;lkjaf;ladsjf;l_a whole bunch of garbage_ kdja;lfjdasl;fjaâ > /dev/random
echo â j;ldsajf;lkjaf;ladsjf;l_a whole bunch of garbage_ kdja;lfjdasl;fjaâ > /dev/urandom

5. You now can connect to a UNIX or Linux server using ssh

Starting the SSH server:
1. Need to create keygen (from normal user):
ssh-keygen -t rsa -b 2048 -f /usr/local/etc/ssh_host_rsa_key
or
ssh-keygen -t dsa -b 2048 -f /usr/local/etc/ssh_host_dsa_key
2. Add following line to /etc/passwd (Takes care of error: Privilege separation user sshd does not exist)
echo "sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin" >> /etc/passwd
Create â emptyâ Directory and set proper permissions:
mkdir /var/empty
chown root:root /var/empty
chmod 744 /var/empty

3. Start service: /usr/local/sbin/sshd &

Hopefully this will be useful to any of the poor fools like me who are stuck keeping one of these aging systems going.

Cheers.