- 论坛徽章:
- 0
|
1、需要下载的软件
openssh
openssl (SSL)
prngd (Psuedo Random Generator Daemon)
zlib (Z library)
以上软件可以到http://www.sunfreeware.com下载或者到ftp://ftp.sjtu.edu.cn/sites/ftp.sunfreeware.com/中去下载
2、安装
#gunzip openssl*
#gunzip prngd*
#gunzip zlib*
#gunzip openssh*
#pkgadd -d openssl-0.9.6c-sol8-sparc-local
#pkgadd -d prngd-0.9.23-sol8-sparc-local
#pkgadd -d zlib-1.1.4-sol8-sparc-local
#pkgadd -d openssh-3.1p1-sol8-sparc-local
3、创建自启动控制文件
1)sshd启动脚本:
vi /etc/init.d/sshd
#! /bin/sh
#
# start/stop the secure shell daemon
case "$1" in
'start')
# Start the sshd daemon
if [ -f /usr/local/sbin/sshd ]; then
echo "starting SSHD daemon"
/usr/local/sbin/sshd &
fi
;;
'stop')
# Stop the ssh deamon
PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep sshd | /usr/bin/awk '{print $1}'`
if [ ! -z "$PID" ] ; then
/usr/bin/kill ${PID} >;/dev/null 2>;&1
fi
;;
*)
echo "usage: /etc/init.d/sshd {start|stop}"
;;
esac
2)设置sshd启动脚本
#chmod +x /etc/init.d/sshd
#ln -s /etc/init.d/sshd /etc/rc2.d/S99sshd
3)prngd启动脚本
#vi /etc/init.d/prngd
#! /bin/sh
#
# start/stop the pseudo random generator daemon
case "$1" in
'start')
# Start the ssh daemon
if [ -f /usr/local/sbin/prngd ]; then
echo "starting PRNG daemon"
/usr/local/sbin/prngd /var/spool/prngd/pool&
fi
;;
'stop')
# Stop the ssh deamon
PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep prngd | /usr/bin/awk '{print $1}'`
if [ ! -z "$PID" ] ; then
/usr/bin/kill ${PID} >;/dev/null 2>;&1
fi
;;
*)
echo "usage: /etc/init.d/prngd {start|stop}"
;;
esac
4)设置prngd启动脚本
#chmod +x /etc/init.d/prngd
#ln -s /etc/init.d/prngd /etc/rc2.d/S99prngd
4、启动prngd
# /etc/init.d/prngd start
starting PRNG daemon
Info: Random pool not (yet) seeded
Could not bind socket to /var/spool/prngd/pool: No such file or directory
# mkdir -p /var/spool/prngd
#/etc/init.d/prngd start
starting PRNG daemon
# Info: Random pool not (yet) seeded
#
5、启动sshd
# /etc/init.d/sshd start
starting SSHD daemon
Could not load host key: /usr/local/etc/ssh_host_key
Could not load host key: /usr/local/etc/ssh_host_rsa_key
Could not load host key: /usr/local/etc/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
#
The errors above are due to the fact that we didn't create any key pairs for our ssh server.
Create a public key pair to support the new, DSA-based version 2 protocol
# /usr/local/bin/ssh-keygen -d -f /usr/local/etc/ssh_host_dsa_key -N ""
Generating public/private dsa key pair.
Your identification has been saved in /usr/local/etc/ssh_host_dsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_dsa_key.pub.
The key fingerprint is:
00:91:f5:8a:55:7c:ac:ff:b7:08:1f:ce:23:aa:f2:79 root@solaris8
Create a public key pair to support the old, RSA-based version 1 protocol
# /usr/local/bin/ssh-keygen -b 1024 -f /usr/local/etc/ssh_host_rsa_key -t rsa -N ""
Generating public/private rsa1 key pair.
Your identification has been saved in /usr/local/etc/ssh_host_rsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_rsa_key.pub.
The key fingerprint is:
8e:b0:1d:8a:22:f2:d2:37:1f:92:96:02:e8:74:ca:ea root@solaris8
编辑配置文件/usr/local/etc/sshd_config,启用 protocol 2 and 1
#vi /usr/local/etc/sshd_config
找到#Port 22 替换为Port 22
找到#Protocol 2,1替换为Protocol 2,1
# /etc/init.d//sshd start
starting SSHD daemon
#
至此基本完成工作。
在启动过程可能遇到的问题及解决办法
A.PRNG is not seeded的问题的解决办法
下载http://www.cosy.sbg.ac.at/~andi/SUNrand/pkg/ANDIrand-0.7-5.8-sparc-1.pkg该软件
安装
pkgadd -d ANDIrand*
安装了这个软件之后,会在/dev/目录下生成2个随机数设备
random urandom
安装之后不用重起
这时你在起 openssh 就会正常了
B.启动sshd时遇到下面的问题Could not load host key: /usr/local/etc/ssh_host_key
Disabling protocol version 1. Could not load host key
Missing privilege separation directory: /var/empty
和Privilege separation user sshd does not exist
解决办法是
mkdir /var/empty
chown root:sys /var/empty
chmod 755 /var/empty
groupadd sshd
useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
chown root /etc/init.d/sshd
chgrp sys /etc/init.d/sshd
chmod 555 /etc/init.d/sshd
C.Could not load host key: /usr/local/etc/ssh_host_key
Disabling protocol version 1. Could not load host key错误提示
临时解决办法是
修改/usr/local/etc/sshd_config
将Protocol 2,1改为Protocol 2 |
|
免费注册
发表于 2005-09-23 11:10
