Introduction: Learn how to configure the Kerberized Open Secure Shell (OpenSSH) on a aix®version 5.3 computer that uses microsoft®active Directory server as the Key Distribution Center (KDC). OpenSSH encrypts communications (including passwords) to prevent eavesdropping, to take over communication connections, or to peek at data. If you work with the AIX Version 5.3 system in a mixed multi-vendor solution environment, you'll find this article valuable.
Introduction
Open Secure Shell (OpenSSH) is a free, open source implementation of the widely used SSH tool, which is widely used for secure communication between networks. By encrypting all communication information between two computers, it can exclude the possibility of someone sniffing, taking over or peeking at your private data. OpenSSH also provides a number of authentication mechanisms to achieve additional security.
Kerberos is a common authentication mechanism that provides a security tool for network user authentication, and OpenSSH provides Kerberos support. By encrypting the authentication message between the client and the server, it prevents the use of plaintext on the network to transmit the password. Kerberos also provides an authorization system in the form of an administrative token or credential. The OpenSSH Software (OPENSSH-3.8.P1) for IBM aix®version 5.3 is the software that shipped with the AIX Version 5.3 expansion Pack CD. The IBM version of Kerberos, known as IBM network authentication Service (IBM NAS) version 1.4,OPENSSH version 3.8 and higher, provides for Kerberos 5 body Support for authentication and authorization. You can also install the IBM NAS version 1.4 for AIX from the AIX Version 5.3 expansion Pack CD.
The microsoft®active Directory Service is an important part of the Windows® platform and provides a way to manage and authenticate the various network tasks. Kerberos is an integral part of the Windows Active Directory implementation and is widely used in the enterprise as a Key Distribution center (KDC) in the Kerberos domain. You can configure Microsoft Active Directory Service in Windows Server 2003 and Windows Server 2000.
This article will take you through the steps required to configure the kerberized Open Secure Shell (OpenSSH) on an AIX Version 5.3 computer that uses Microsoft Active Directory server as the KDC. This article will be useful for administrators working in a mixed environment of multi-vendor Solutions made up of AIX Version 5.3 systems and Microsoft Active Directory Server.
Prerequisite
To follow the scenario in this article, you need to start and run the Kerberos service that supports Microsoft Active Directory Domain, and you need to properly configure the Aix IBM NAS Version 1.4 client.
OpenSSH and Kerberos on AIX Version 5.3 (IBM NAS)
This section describes the initial steps required to install and configure Kerberos and OpenSSH on an AIX server and on a client computer. OpenSSH and Kerberos are shipped with the AIX Version 5.3 expansion Pack CD. Before installing the OpenSSH INSTALLP format installation package, you must install the open Secure Sockets Layer (OpenSSL) software that contains the encryption library. You can obtain the OpenSSL RPM package from the AIX Toolbox for Linux®applications CD, or you can download it from the Aix Toolbox for Linux applications (see the Resources section).
After downloading OpenSSL to the local directory of the AIX Version 5.3 computer (in this example,/tmp), you can install it by running the following command:
# geninstall -d/tmp R:openssl-0.9.6m
You can install OpenSSH using any of the following two methods:
smitty->Software Installation and Maintenance- >Install and
Update Software->Install Software
Or
# geninstall -I"Y" -d/dev/cd0 I:openssh.base