Install SSH on Solaris8

Source: Internet
Author: User
Tags perl script

Installation Steps

Step 1: Obtain the random patch for Solaris 8.

PRNG is not seeded. The following is my solution.
First, you must ensure that all the packages required by openssh are installed.
1. Sun's patch 112438-01
In fact, this patch is installed and sometimes it is not used because 8 does not have a random number device by default.
Install the patch to solve this problem, but it is not recommended to install it because it is useless in actual use.

2. Install a 3rd-party software ANDIrand-0.7-5.8-sparc-1.pkg
After the software is installed, two random devices are generated in the/dev/directory.
Random urandom
Do not restart after installation
Now you can start openssh.

This software
For 2.6.
Http:// /~ Andi, SUNrand, pkg, ANDIrand-0.7-5.6-sparc-1.pkg
For 8
Http:// /~ Andi, SUNrand, pkg, ANDIrand-0.7-5.8-sparc-1.pkg

Step 1: Obtain the installation package

You can obtain the installation package from this.



Tcp_wrappers-7.6-sol8-sparc-local.gz (optional, but recommended)



Perl-5.6.1-sol8-sparc-local.gz (available)

Prngd-0.9.25-sol8-sparc-local.gz (available)

Egd-0.8-sol8-sparc-local.gz (available)

For Intel systems:



Tcp_wrappers-7.6-sol8-intel-local.gz (optional, but recommended)



Perl-5.6.1-sol8-intel-local.gz (available)

Prngd-0.9.25-sol8-intel-local.gz (available)

Egd-0.8-sol8-intel-local.gz (available)

If you have installed some of the packages, you can skip the download, but many of them are the latest.

Step 2: install the software package

After the file is downloaded, go to the download directory and run the following command (for example, in the case of an Intel System, replace

Intel files ):

# Gunzip openssh-3.5p1-sol8-sparc-local.gz

# Gunzip openssl-0.9.6g-sol8-sparc-local.gz

# Gunzip zlib-1.1.4-sol8-sparc-local.gz

# Gunzip libgcc-3.2-sol8-sparc-local.gz (if you haven't installed GCC 3.2)

# Gunzip tcp_wrappers-7.6-sol8-sparc-local.gz (available)

You can perform the same operation on other optional packages, and then run the following command with the root permission:

# Pkgadd-D openssh-3.5p1-sol8-sparc-local

# Pkgadd-D openssl-0.9.6g-sol8-sparc-local

# Pkgadd-D zlib-1.1.4-sol8-sparc-local

# Pkgadd-D libgcc-3.2-sol8-sparc-local (if you haven't installed GCC 3.2)

# Pkgadd-D tcp_wrappers-7.6-sol8-sparc-local (optional)

Once you have installed the above packages, you will get many subdirectories under the/usr/local directory. The default path of the SSL file is

/Usr/local/SSL. When these files are compiled, the directory (/usr/local/lib and/usr/local/SSL/LIB) is not added.

LD_LIBRARY_PATH, you may need to set them. Now you can find SSH in the/usr/local/bin directory

Locate sshd in/usr/local/sbin. Are you sure you have added the directory/usr/local/bin and directory/usr/local/sbin to you

PATH environment variable. The perl script program (. pl suffix) in the optional egd package will be in the/usr/local/bin directory.

Find perl. If you are using Sun Perl, the beginning of the Perl script program is changed to/usr/bin. However, the installation package


Step 3: Create the sshd user and/var/empty directory

Openssh 3.5p1 adopts a new security method called privileged separation. For more information, see the openssh Source

The README. privsep file in the file directory. In this way, set the default value in openssh. Before proceeding, you should

Read the README. privsep file and perform these steps with the root permission:

# Mkdir/var/empty

# Chown root: sys/var/empty

# Chmod 755/var/empty

# Groupadd sshd

# Useradd-g sshd-c 'sshd privsep'-d/var/empty-s/bin/false sshd

/Var/empty should not contain any files.

If you do not take this step and try to start sshd, you will get the error message and the daemon will not run.

Step 4: Install tcp_wrappers

Tcp_wrappers is used to restrict certain limited sets of machines to access your communication port, such as port 22 used by the sshd program. False

If you have run tcp_wrappers, you only need to determine whether the sshd daemon entries are in/etc/hosts. allow and

/Etc/hosts. deny file. If you have not run TCP_WRAPPERS, you should first create a file

/Etc/hosts. Deny and add a line to the file

Sshd: All

Then, create the file/etc/hosts. Allow and add a line, for example

Sshd :...

Enter the list of IP addresses that you allow to communicate with your machine, for example

Sshd: 202.112.117.

This example allows machines in the 202.112.117. subnet to access your machine.

Step 5: Install SSH and sshd

This is the last step. Each machine that you want to communicate with through an SSH client needs to run an sshd daemon. However

First, you need to run the following command on the server machine to create the key information. Confirm the directory/usr/local/bin and

Whether/usr/local/sbin is in your path. If you have run sshd before and have a secret under/usr/local/etc

And then run the following commands to overwrite them. With the root permission, enter:

# Ssh-keygen-T rsa1-F/usr/local/etc/ssh_host_key-n ""

# Ssh-keygen-t dsa-F/usr/local/etc/ssh_host_dsa_key-n ""

# Ssh-keygen-t rsa-F/usr/local/etc/ssh_host_rsa_key-n ""

Each command may take several minutes, depending on the speed of your machine. Wait until each command ends.

After that, we can create a script to start the sshd daemon. Edit a simple STARTUP script and place it

Under the/etc/init. d directory (root permission ):

#! /Bin/sh

Pid = '/usr/bin/ps-e |/usr/bin/grep sshd |/usr/bin/sed-e's/^ * //'-e's /. *//''

Case $1 in

'Start ')



'Stop ')

If ["$ {pid }"! = ""]


/Usr/bin/kill $ {pid}




Echo "usage:/etc/init. d/sshd {start | stop }"



Run the following command:

# Chown root/etc/init. d/sshd

# Chgrp sys/etc/init. d/sshd

# Chmod 555/etc/init. d/sshd

# Ln-s/etc/init. d/sshd/etc/rc2.d/S98sshd

#/Etc/rc2.d/S98sshd start

The preceding command can be used to manually start the process.

#/Etc/rc2.d/S98sshd stop

This command stops the sshd daemon.

# Ps-e | grep sshd

This command can check whether sshd is enabled

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.