HPE Community
Operating System - HP-UX
1834643 Members
3271 Online
110069 Solutions
New Discussion

Re: OpenSSH Installation

 
VVS
Regular Advisor

‎09-30-2008 08:17 PM

‎09-30-2008 08:17 PM

OpenSSH Installation

Hi All,

I want to install the OpenSSH pack on my HP-UX server. So I download the neessary patches and pre-requisite from the site as below.

zlib-1.2.3 : A general purpose compression library based on gzip
tcp_wrappers-7.6: The TCP/IP network services wrapper package
openssl-0.9.8i: Cryptography toolkit implementing SSL and TLS
db-4.7.25: Berkeley DB database engine
openssh-5.0p1: A suite of network connectivity tools.

My server already have Openssl-0.7 pack. So after installing the openssl-0.9 pack, Is it going to affect current configuration of openssl?

And Please provide me the steps/configuration of OPenSSH after installation.


Regrds,

VVS
Work is life, you know, and without it, there's nothing but fear and insecurity.
0 Kudos
5 REPLIES 5
Sandeep_Chaudhary
Trusted Contributor

‎09-30-2008 09:04 PM

‎09-30-2008 09:04 PM

Re: OpenSSH Installation

if u want to preserver ur current configuration of openssl better backup configuration file.

install openssh

configure openssh


go to /etc/opt/ssh



suxde032 # cat sshd_config
# $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin:/opt/ssh/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
Protocol 2
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /opt/ssh/etc/ssh_host_key
# HostKeys for protocol version 2
#HostKey /opt/ssh/etc/ssh_host_rsa_key
#HostKey /opt/ssh/etc/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes #permit direct root login
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /opt/ssh/etc/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
KerberosAuthentication yes
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes #enable X11 forwarding
#X11DisplayOffset 10
X11UseLocalhost no
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#ClientAliveInterval 0
ClientAliveInterval 900 #configured by me
#ClientAliveCountMax 3
ClientAliveCountMax 3 #configured by me
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem sftp /opt/ssh/libexec/sftp-server


# sftp-server logging
#LogSftp no
#SftpLogFacility AUTH
#SftpLogLevel INFO

# sftp-server umask control
#SftpUmask

#SftpPermitChmod yes
#SftpPermitChown yes
0 Kudos
VVS
Regular Advisor

‎09-30-2008 11:30 PM

‎09-30-2008 11:30 PM

Re: OpenSSH Installation

Thanks Sandeep,

I want to configure sftp, so please tell me the necessary changes requires in the configuration file.

Hoe can I start sftp on the system?


Regards,

VVS
Work is life, you know, and without it, there's nothing but fear and insecurity.
0 Kudos
Sandeep_Chaudhary
Trusted Contributor

‎10-01-2008 01:59 AM

‎10-01-2008 01:59 AM

Re: OpenSSH Installation

The server configuration is in /opt/ssh/etc/sshd_config and privied that the subsystem entry for sftp is present, then this should work.

suxde900 # cat /etc/services|grep sftp
sftp 115/tcp # Simple File Transfer Protocol
sandchau as root@suxde900 [/etc]
suxde900 #
0 Kudos
VVS
Regular Advisor

‎10-01-2008 02:05 AM

‎10-01-2008 02:05 AM

Re: OpenSSH Installation

Hi all,

Just want to redefine my question, to get better clarity.

I want to install Openssh application on my production system having HP-Ux 11i v1 (PA-RISC).

I got this application from http://hpux.cs.utah.edu - openssh-5.0p1 and its dependencies.

Now, for testing purpose I decided to install it on my dev server.
For prerequisite I checked all dependencies on my system in which Openssl 0.9.7 is already installed. Hence, assuming it suite the current openssl version we installed all dependencies and Openssh successfully.

Then in my post-configuration step I am generating host-key using "ssh-host-key-setup" but, I am getting below error:
[dev2]: /usr/local/bin # ssh-host-key-setup
OpenSSL version mismatch. Built against 90807f, you have 90704f
OpenSSL version mismatch. Built against 90807f, you have 90704f
OpenSSL version mismatch. Built against 90807f, you have 90704f
[dev2]: /usr/local/bin # swlist -l patch |grep -i openssl
# openssl A.00.09.07-d.002 Secure Network Communications Protocol
# openssl.OPENSSL-CER A.00.09.07-d.002 OpenSSL Certs Files
# openssl.OPENSSL-CONF A.00.09.07-d.002 OpenSSL Configure File
# openssl.OPENSSL-DOC A.00.09.07-d.002 OpenSSL Document Files
# openssl.OPENSSL-INC A.00.09.07-d.002 OpenSSL Header Files
# openssl.OPENSSL-LIB A.00.09.07-d.002 OpenSSL Library Files
# openssl.OPENSSL-MAN A.00.09.07-d.002 OpenSSL Manual pages
# openssl.OPENSSL-MIS A.00.09.07-d.002 OpenSSL Miscellaneous Files
# openssl.OPENSSL-PRNG A.00.09.07-d.002 OpenSSL Prng Files
# openssl.OPENSSL-PVT A.00.09.07-d.002 OpenSSL Private Files
# openssl.OPENSSL-RUN A.00.09.07-d.002 OpenSSL Executable Files
# openssl.OPENSSL-SRC A.00.09.07-d.002 OpenSSL Source Files

Now, I am stuck with below questions:

1) How do i come to know whether the current openssl is configured and in use for any special task?
2) Where are the configuration file of Openssl I need to take care / backup?
3) Is that I need to upgrade Openssl to current version "openssl-0.9.8i"? and is it screw up my system?
4) Any other info also appreciated for this issue.

Thanks in advance.

regards,

VVS.
Work is life, you know, and without it, there's nothing but fear and insecurity.
0 Kudos
VVS
Regular Advisor

‎10-02-2008 10:31 AM

‎10-02-2008 10:31 AM

Re: OpenSSH Installation

Thanks All
Work is life, you know, and without it, there's nothing but fear and insecurity.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.