Home | Switchboard | Unix Administration | Red Hat | TCP/IP Networks | Neoliberalism | Toxic Managers |
May the source be with you, but remember the KISS principle ;-) Skepticism and critical thinking is not panacea, but can help to understand the world better |
News | Redbooks | IBM Links | Recommended Links | Recommended eBooks and Papers | Reference |
Tips | Etc |
The OpenSSH software is shipped on the AIX 5.3 Expansion Pack. This version of OpenSSH is compiled and packaged as installp packages using the openssh-3.8.p1 level of source code. The installp packages include the man pages and the translated message filesets. The OpenSSH program contained in the Expansion Pack CD-ROM media is licensed under the terms and conditions of the IBM® International Program License Agreement (IPLA) for Non-Warranted Programs.
Before installing the OpenSSH installp format packages, you must install the Open Secure Sockets Layer (OpenSSL) software that contains the encrypted library. OpenSSL is available in RPM packages on the AIX Toolbox for Linux® Applications CD, or you can also download the packages from the following AIX Toolbox for Linux Applications Web site:
Aix toolbox free download. Buildaix BUILDAIX is a set of scripts that largely automate compiling and packaging software as AIX LPP (inst. MacOS, iOS, Android and Linux applications. Previous You're on page 1; Next Related Searches. Matlab code for image classification using svm.
Because the OpenSSL package contains cryptographic content, you must register on the Web site to download the packages. You can download the packages by completing the following steps:
- Click the AIX Toolbox Cryptographic Content link on the right side of the AIX Toolbox for Linux Applications Web site.
- Click I have not registered before.
- Fill in the required fields in the form.
- Read the license and then click Accept License. The browser automatically redirects to the download page.
- Scroll down the list of cryptographic content packages until you see openssl-0.9.6m-1.aix4.3.ppc.rpm under OpenSSL — SSL Cryptographic Libraries.
- Click the Download Now! button for the openssl-0.9.6m-1.aix4.3.ppc.rpm.
After you download the OpenSSL package, you can install OpenSSL and OpenSSH.
- Install the OpenSSL RPM package using the geninstall command: Output similar to the following displays:
- Install the OpenSSH installp packages using the geninstall command: Use the Y flag to accept the OpenSSH license agreement after you have reviewed the license agreement. Output similar to the following displays:
You can also use the SMIT install_software fast path to install OpenSSL and OpenSSH.
The following OpenSSH binary files are installed as a result of the preceding procedure:
- scp
- File copy program similar to rcp
- sftp
- Program similar to FTP that works over SSH1 and SSH2 protocol
- sftp-server
- SFTP server subsystem (started automatically by sshd daemon)
- ssh
- Similar to the rlogin and rsh client programs
- ssh-add
- Tool that adds keys to ssh-agent
- ssh-agent
- An agent that can store private keys
- ssh-keygen
- Key generation tool
- ssh-keyscan
- Utility for gathering public host keys from a number of hosts
- ssh-keysign
- Utility for host-based authentication
- ssh-rand-helper
- A program used by OpenSSH to gather random numbers. It is used only on AIX 5.1 installations.
- sshd
- Daemon that permits you to log in
- The /etc/ssh directory contains the sshd daemon and the configuration files for the ssh client command.
- The /usr/openssh directory contains the readme file and the original OpenSSH open-source license text file. This directory also contains the ssh protocol and Kerberos license text.
- The sshd daemon is under AIX SRC control. You can start, stop, and view the status of the daemon by issuing the following commands: You can also start and stop the daemon by issuing the following commands: OR OR
- When the OpenSSH server fileset is installed, an entry is added to the /etc/rc.d/rc2.d directory. An entry is in inittab to start run-level 2 processes (l2:2:wait:/etc/rc.d/rc 2), so the sshd daemon will start automatically at boot time. To prevent the daemon from starting at boot time, remove the /etc/rc.d/rc2.d/Ksshd and /etc/rc.d/rc2.d/Ssshd files.
- OpenSSH software logs information to SYSLOG.
- The IBM Redbook, Managing AIX Server Farms, provides information about configuring OpenSSH in AIX and is available at the following Web site:
- OpenSSH supports long user names (256 bytes), the same as the AIX base operating system. For more information on long user names, see the mkuser command.
- Some keywords, such as AllowUsers, DenyUsers, AllowGroups, and DenyGroups are not available by default in the ssh_config file or the sshd_config file. You must add these keywords to the configuration files in order to use them.
- OpenSSH images
Use the following steps to install the OpenSSH images: - Configuration of OpenSSH compilation
The following information discusses how the OpenSSH code is compiled for AIX. - OpenSSH and Kerberos Version 5 support
Kerberos is an authentication mechanism that provides a secure means of authentication for network users. It prevents transmission of clear text passwords over the network by encrypting authentication messages between clients and servers. In addition, Kerberos provides a system for authorization in the form of administering tokens, or credentials.
![Aix Toolbox For Linux Applications Cd Download Aix Toolbox For Linux Applications Cd Download](/uploads/1/2/6/3/126392480/661013473.png)
2.Downloading the rpm packages.
3.Installing the prerequisite rpm packages.
ExamplesEdit section
1.Installing the prerequiste filesets. The filesets rpm.rte and perl.rte are required to be installed prior to installing the rpm packages. The rpm.rte fileset can be found at the following:
Linux Toolbox CD or Linux Toolbox Website http://www.ibm.com/servers/aix/products/aixos/linux/download.html
The filesets can be installed using smitty installp.
2.Downloading the rpm packages.
The rpm packages can be downloaded from the following website: http://www.ibm.com/servers/aix/products/aixos/linux/download.html
Once on that page, the prngd (Psuedo Random Number Generator Daemon) daemon and the zlib compression and decompression library can be downloaded. These are the prerequistes for installing the openssl rpm package: prngd-0.9.23-3.aix4.3.ppc.rpm zlib-1.1.4-3.aix4.3.ppc.rpm
Next click AIX TOOLbox Cryptographic Content on the sorted content download in the upper right area and then register yourself, if you are not already a registered user. Then click on Accept License button at the bottom of the panel that appears and then you are ready to download the openssl and openssh rpm packages: openssl-0.9.6m-1.aix4.3.ppc.rpm openssl-devel-0.9.6m-1.aix4.3.ppc.rpm openssl-doc-0.9.6m-1.aix4.3.ppc.rpm openssh-3.6.1p2-1.aix4.3.ppc.rpm openssh-clients-3.6.1p2-1.aix4.3.ppc.rpm openssh-server-3.6.1p2-1.aix4.3.ppc.rpm
3.Installing the prerequisite rpm packages. Once you have all the rpm files in the current directory, run the following commands to install them.
1. rpm -i zlib-1.1.4-3.aix4.3.ppc.rpm
2. rpm -i prngd-0.9.23-3.aix4.3.ppc.rpm
3. rpm -i openssl-0.9.6m-1.aix4.3.ppc.rpm
4. rpm -i openssl-devel-0.9.6m-1.aix4.3.ppc.rpm
5. rpm -i openssl-doc-0.9.6m-1.aix4.3.ppc.rpm
6. rpm -i openssh-3.6.1p2-1.aix4.3.ppc.rpm
7. rpm -i openssh-server-3.6.1p2-1.aix4.3.ppc.rpm
8. rpm -i openssh-clients-3.6.1p2-1.aix4.3.ppc.rpm
Sometimes you may get the error: failed dependencies error while trying to install the openssl packages. In that case, run the following command:
# rpm -i --nodeps openssl-0.9.6m-1.aix4.3.ppc.rpm
The following command can be run to update the AIX-rpm:
# /usr/sbin/updtvpkg
The prngd needs to be installed before openssl and openssh, and openssl is the prerequiste for installing the openssh rpm packages. The openssl-devel-0.9.6m-1.aix4.3.ppc.rpm and openssl-doc-0.9.6m-1.aix4.3.ppc.rpm are not the required packages for installing the openSSH. To verify that these packages are installed, run the following command:
1. rpm -qa | egrep '(openssl|openssh|prng)'
--> prngd-0.9.23-3 openssl-0.9.6m-1 openssl-devel-0.9.6m-1 openssl-doc-0.9.6m-1 openssh-3.6.1p2-1 openssh-server-3.6.1p2-1 openssh-clients-3.6.1p2-1
These packages are installed under the /opt/freeware directory, and several symbolic links are created in /usr/bin or /usr/sbin, as shown in the following example:
1. ls -l /usr/bin/ssh
lrwxrwxrwx 1 root system 26 Dec 29 16:13 /usr/bin/ssh -> ../../opt freeware/bin/ssh
1. ls -l /usr/sbin/sshd
lrwxrwxrwx 1 root system 28 Dec 29 16:12 /usr/sbin/sshd -> ../../ opt/freeware/sbin/sshd Installing openSSH on 5.1, 5.2, and 5.3: At 5.1, 5.2, and 5.3, the installation of openssh itself is in installp format, but all the prerequisites (including openssl) can be installed using the same rpm -i commands (using the same 4.3.3. rpm packages). The installp format package can be downloaded from the following site: http://sourceforge.net/projects/openssh-aix After installing the prerequisites using the following commands,
1. rpm -i zlib-1.1.4-3.aix4.3.ppc.rpm
2. rpm -i prngd-0.9.23-3.aix4.3.ppc.rpm
3. rpm -i openssl-0.9.7d-1.aix5.1.ppc.rpm
4. rpm -i openssl-devel-0.9.7d-1.aix5.1.ppc.rpm
use smitty installp to install the openssh filesets extracted from the tar file openssh-3.8.1p1_51.tar (for 5.1), openssh-3.8.1p1_52.tar (for 5.2), and openssh-3.8.1p1_53.tar (for 5.3). The following steps need to be followed to install openssh. 1.In the directory where the images are, run the command inutoc. 2.Run smitty install. 3.Select 'Install and Update Software'. 4.While in smitty do the following: a.Select 'Install Software'. b.Enter a dot ('.') in the field for 'INPUT device / directory for software' and press ENTER. c.Enter openssh in the 'SOFTWARE to install' field. d.Scroll down to 'Preview new LICENSE agreements?' and press tab key to change the field to yes. Read the license agreement. e.Scroll down to 'ACCEPT new license agreements?' and press tab to change the field to yes. Press ENTER to begin the software installation. 5.Run the following command to see the openssh filesets installed: 6.# lslpp -l | grep ssh In this case, you notice that the ssh commands are in the /usr/bin directory. For example:
1. ls -al /usr/bin/ssh
-r-xr-xr-x 1 root system 309127 Jun 12 2003 /usr/bin/ssh
1. ls -al /usr/bin/scp
-r-xr-xr-x 1 root system 38582 Jun 12 2003 /usr/bin/scp Initial configuration at 4.3, 5.1, 5.2, and 5.3: The following entry in /etc/inittab invokes all the scripts starting from S under the etc/rc.d/rc2.d directory upon system startup: l2:2:wait:/etc/rc.d/rc 2 In the /etc/rc.d/rc2.d directory, the following example shows the required symbolic-link to start sshd: At 4.3.3:
1. ls -l /etc/rc.d/rc2.d | grep ssh
lrwxrwxrwx 1 root system 14 Dec 29 16:12 K55sshd -> ../init.d/sshd lrwxrwxrwx 1 root system 14 Dec 29 16:12 S55sshd -> ../init.d/sshd At 5.1, 5.2, and 5.3:
1. ls -l /etc/rc.d/rc2.d | grep ssh
-r-xr-xr-x 1 root system 307 Dec 29 16:39 Ksshd -r-xr-xr-x 1 root system 308 Dec 29 16:39 Ssshd The prngd daemon is started from the following entry in /etc/inittab: prng:2:wait:/usr/bin/startsrc -s prngd In order to specify the SSH2 protocol to be used for OpenSSH, add the following line to the /etc/ssh/sshd_config file: Protocol 2 To verify the SSH protocol version, you can use the telnet command:
1. telnet localhost 22
![For For](/uploads/1/2/6/3/126392480/321113020.jpg)
Trying... Connected to localhost.austin.ibm.com. Escape character is '^]'. SSH-2.0-OpenSSH_3.6.1p2 --> the above shows that you are using the ssh2 If you see the following:
1. telnet localhost 22
Trying... telnet: connect: A remote host refused an attempted connect operation. then the sshd daemon is not running. To terminate, type Ctrl-c and q. To start the daemon, run:
1. startsrc -s sshd
whenever the /etc/ssh/sshd_config file is modified, the ssh needs to be stopped and restarted as follows:
1. stopsrc -s sshd
2. startsrc -s sshd
The prngd daemon could also be stopped and started in the above method. Once the installation and configuration is complete: The first time you are going to connect to a server, you should receive a host key fingerprint from the adminstrator of that server. On the first attempt to connect to that remote server using OpenSSH, you will see the fingerprint of the remote server. You should verify if this matches with the one sent to you by the adminstrator. Only then, you can type yes.
Here are the steps involved for configuring OpenSSH for AIX.
After installation, start the sshd daemon by running:
# startsrc -s sshd
Verify that sshd is active by running this command:
# lssrc -s sshd
Once sshd is active, test it by attempting to connect to it using an OpenSSH client. If you installed the OpenSSH client package, issue the ssh client command:
# ssh localhost
You should receive this message: 'The authenticity of host localhost (127.0.0.1) can't be established. RSA key fingerprint is 1c:bc:d4:a0:87:f8:0e:25:61:27:75:18:99:a2:5a:7d. Are you certain you want to continue connecting (yes/no)? (Warning: Permanently added localhost(RSA) to the list of known hosts. root@localhosts password:).'
This message indicates that this is the first time you've connected to this server. Respond with yes. This adds the server's host key to your client's known_hosts file. (Note: You won't receive this question on future connections to the same server.)
If you're connecting from a Windows* client, several SSH clients can be downloaded. One of the more popular is PuTTY, a free Win32 Telnet/SSH client.
Once you verify OpenSSH is working, you may further safeguard your SSH connection by implementing symmetric RSA or DSA authentication keys. Authentication keys allow users to specify a passphrase for their SSH connection and prevent someone else from spoofing username@hostname.
It also gives users the capability to connect to their OpenSSH server without being prompted for a password, either by using an empty passphrase (at the time of key generation) or with the assistance of an SSH agent.
For details on OpenSSH, read the Redbook, 'Managing AIX Server Farms.' Chapter 4 focuses on secure network connections on AIX and is almost entirely devoted to OpenSSH.
For details on OpenSSH for AIX, contact the IBM Support Center at 1-800-237-5511, Option 3.
Old News
|
|
index
You should configure SSH to encrypt all communications between the server and client on your AIX operating system.You must first install the OpenSSH file set on AIX and then configure it.
Installing OpenSSH on AIX
To install the openssh file set:Note: Some text may appear on separate lines for presentation purposes only.
- Install the OpenSSL package, which you can find at:
- Click OpenSSL at the top of the Web page. Registration is required. After registering, you are redirected to a Web page where you can download OpenSSL.
- Install the following file sets from the AIX Base installation media:
- openssh.base
- openssh.license
- openssh.msg.en_US
- openssh.man.en_US
- If the file sets were not found on the AIX Base installation media, they can be downloaded from the URL: http://www.ibm.com/developerworks. In the left navigation frame, click Open Source Projectsand then click OpenSSH for AIX Images. Select OpenSSH 3.6 or higher.
- Start the sshd daemon by running the command: /usr/bin/startsrc -s sshd Note: If the AIX machine on which OpenSSH is installed also has GSA installed, the SSH daemon will not start. This is a known problem. You will need to first check to see if the sshd user exists on the system. If not, it should be created with the following commands:
- As user tioadmin, configure SSH so that the server can communicate with relevant users on other systems and components of the data center. Attention: Ensure that you are logged on to user ID tioadmin directly. Do not usesu - to tioadmin or the following steps will fail to run correctly.
Configuring OpenSSH on AIX
To configure SSH:- Log on as tioadmin.
- Run the following commands:
- You can test this by running: ssh -v tioadmin@localhost, where localhost is your host name. If SSH is properly configured, you will not be prompted for a password.
- Copy the public key for user tioadmin to the servers that Tivoli® Provisioning Manager will be managing in your data center.
- It is required to configure SSH to accept connections from new hosts without prompting for confirmation. Create a file in /home/thinkcontrol/.ssh called config. The file should contain the following line:
- Copy the id_rsa.pub file, which contains the public keys, into the authorized keys file of the administrative account of any server in the data center that the Tivoli Provisioning Manager server must communicate with or manage. Include any servers in the data center that Tivoli Provisioning Manager is managing.
- Ensure that the managed server has an administrative account for which the SSH RSA keys (id_rsa, id_rsa.pub, and authorized_keys) have already been generated and should be contained into the .ssh directory of the respective administrative account home directory.
- Append the content (a single line of text) of the id_rsa.pub file which contains the public key from the server that will initiate the SSH session to the authorized_keys file of the administrative account of any target server in the data center that the Tivoli Provisioning Manager server must communicate with or manage. Include any servers in the data center that Tivoli Provisioning Manager will be managing.
- To verify, on the Tivoli Provisioning Manager server, type: There should be no password prompt, followed by the prompt on the remote machine. After a successful logon, an entry for the communication partner will be created into a known_hosts file. As a troubleshooting step, sometimes this file may contain old or invalid entries associated with the managed server IP address or name. Deleting that entry should fix the connection problem.
Recommended links
|
Etc
The Last but not LeastTechnology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D
Copyright © 1996-2018 by Dr. Nikolai Bezroukov. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) in the author free time and without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICEThis site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info |
Disclaimer:
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with.We do not warrant the correctness of the information provided or its fitness for any purpose.
The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.
Last modified:March 12, 2019