免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
论坛 操作系统 Solaris OpenSSH3.8p1中文安装指引
最近访问板块 发新帖
查看: 3674 | 回复: 5
打印 上一主题 下一主题

OpenSSH3.8p1中文安装指引 [复制链接]

C.Arthur

论坛徽章:
0
跳转到指定楼层
1 [收藏(0)] [报告]
发表于 2004-04-06 16:45 |只看该作者 |倒序浏览
Installing OpenSSH Packages for SPARC and Intel/Solaris 8(3.8p1)


您的位置:C.Arthur->;文档中心

Installing OpenSSH Packages for SPARC and Intel/Solaris 8(3.8p1)
作者:C.Arthur

OpenSSH可以是你的系统更安全,你可以从如下连接中获得您想要的资源!
Building and Deploying OpenSSH on Solaris[tm] Operating System (a pdf file)
http://www.openssh.org/
http://www.zlib.org/ zlib
http://www.perl.org/ perl
http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html prngd
http://www.openssl.org/ openssl
http://www.openssh.org/ openssh
http://www.lothar.com/tech/crypto/ egd
ftp://ftp.porcupine.org/pub/security/index.html tcp_wrappers

安装开始:系统补丁

openssh的这个版本需要安装/dev/random的补丁,请到http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access下载!
solaris8 112438-01
solaris9 112439-01


第一步:下载软件包

SPARC系统
openssh-3.8p1-sol8-sparc-local.gz
openssl-0.9.7d-sol8-sparc-local.gz
tcp_wrappers-7.6-sol8-sparc-local.gz (可选, 推荐)
zlib-1.2.1-sol8-sparc-local.gz
libgcc-3.3-sol8-sparc-local.gz
perl-5.8.3-sol8-sparc-local.gz (可选)
prngd-0.9.25-sol8-sparc-local.gz (可选)
egd-0.8-sol8-sparc-local.gz (可选)
X86系统
openssh-3.8p1-sol8-intel-local.gz
openssl-0.9.7d-sol8-intel-local.gz
tcp_wrappers-7.6-sol8-intel-local.gz (可选, 推荐)
zlib-1.2.1-sol8-intel-local.gz
libgcc-3.3-sol8-intel-local.gz
perl-5.8.3-sol8-intel-local.gz (可选)
prngd-0.9.25-sol8-intel-local.gz (可选)
egd-0.8-sol8-intel-local.gz (可选)

如果你的机器上已经存在上述的软件包了,那么可以不用重新安装!

第二步:安装软件包

软件下载完毕以后,我们就可以通过FTP传输到实验机上,这个时候要注意FTP的模式选择BIN模式,你可以ftp>;status看看你所使用的传输模式。

我们进到软件目录:
C.Arthur# gunzip openssh-3.8p1-sol8-sparc-local.gz
C.Arthur# gunzip openssl-0.9.7d-sol8-sparc-local.gz
C.Arthur# gunzip zlib-1.2.1-sol8-sparc-local.gz
C.Arthur# gunzip libgcc-3.3-sol8-sparc-local.gz (如果你没有安装 gcc 3.3.2 )
C.Arthur# gunzip tcp_wrappers-7.6-sol8-sparc-local.gz (可选)
C.Arthur# pkgadd -d openssh-3.8p1-sol8-sparc-local
C.Arthur# pkgadd -d openssl-0.9.7d-sol8-sparc-local
C.Arthur# pkgadd -d zlib-1.2.1-sol8-sparc-local
C.Arthur# pkgadd -d libgcc-3.3-sol8-sparc-local (如果你没有安装 gcc 3.3.2 )
C.Arthur# pkgadd -d tcp_wrappers-7.6-sol8-sparc-local (可选)

以上软件包的默认安装路径是/usr/local,缺省的SSL文件在/usr/local/ssl里面,你需要设置/usr/local/lib和/usr/local/ssl/lib到LD_LIBRARY_PATH里面。你的ssh是在/usr/local/bin里sshd是在/usr/local/sbin里,确信你的PATH里包含了这2个变量。


(图一)

第三步:设置sshd用户和/var/empty目录

在openssh 3.8p1版本里有个新的安全方法被称做privilege separation,可以在README.privsep查阅更多信息。
这个方法现在是缺省的在openssh里。
C.Arthur# mkdir /var/empty
C.Arthur# chown root:sys /var/empty
C.Arthur# chmod 755 /var/empty
C.Arthur# groupadd sshd
C.Arthur# useradd -g sshd -c "arthur sshd privsep" -d /var/empty -s /bin/false sshd
C.Arthur#

第四步:tcp_wrappers设置

参考文档: README.tcpwrappers


编辑/etc/hosts.deny,修改为sshd:ALL
编辑/etc/hosts.allow,修改为sshd:192.168.1.111
192.168.1.111是我的NOTEBOOK的地址


第五步:设置ssh和sshd

参考文档: README.openssl INSTALL.openssl README.openssh INSTALL.openssh


每个想通信的不同的ssh客户端,都需要有一个sshd的进程运行。 把/usr/local/bin 和/usr/local/sbin加到你的PATH里。

C.Arthur# ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N ""
Generating public/private rsa1 key pair.
Your identification has been saved in /usr/local/etc/ssh_host_key.
Your public key has been saved in /usr/local/etc/ssh_host_key.pub.
The key fingerprint is:
c3:6f:44:94:99:c6:bc:4b:1e:23:2a:6b:08:4d:7b:40 root@C.Arthur
C.Arthur# ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N ""
Generating public/private dsa key pair.
Your identification has been saved in /usr/local/etc/ssh_host_dsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_dsa_key.pub.
The key fingerprint is:
88:f8:ac:bd:c1:78:2a:73:62:b0:31:66:1d:ea:a1:45 root@C.Arthur
C.Arthur# ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N ""
Generating public/private rsa key pair.
Your identification has been saved in /usr/local/etc/ssh_host_rsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_rsa_key.pub.
The key fingerprint is:
b5:db:e5:fb:40:36:d1:08:b7:ef:da:5c:ee:22:ba:7c root@C.Arthur
C.Arthur#

(图二)

启动sshd

C.Arthur#cd /etc/init.d编辑sshd文件,内容如下
C.Arthur# more sshd
#!/bin/sh

pid=`/usr/bin/ps -e | /usr/bin/grep sshd | /usr/bin/sed -e 's/^ *//' -e 's/ .*/
/'`
case $1 in
'start')
/usr/local/sbin/sshd
;;
'stop')
if [ "${pid}" != "" ]
then
/usr/bin/kill ${pid}
fi
;;
*)
echo "usage: /etc/init.d/sshd {start|stop}"
;;
esac
C.Arthur#
C.Arthur# ./sshd start
C.Arthur# ps -e | grep ssh
951 ? 0:01 sshd

(图三)

系统自动启动sshd

ln -s /etc/init.d/sshd /etc/rc2.d/S98sshd
py

论坛徽章:
1
2015年辞旧岁徽章 日期:2015-03-03 16:54:15
2 [报告]
发表于 2004-04-06 17:28 |只看该作者

OpenSSH3.8p1中文安装指引

OpenSSH3.8p1的安装过程和以前的版本有什么不同吗?
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
sslazio

论坛徽章:
0
3 [报告]
发表于 2004-04-06 20:18 |只看该作者

OpenSSH3.8p1中文安装指引

好象有点麻烦!~~
不过正好需要!~
谢谢楼主
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
ivanl

论坛徽章:
0
4 [报告]
发表于 2004-04-07 14:22 |只看该作者

OpenSSH3.8p1中文安装指引

我在运行ssh-keygen一步时,系统提示"RNG not seeded",无法进行下去。
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
realfox

论坛徽章:
0
5 [报告]
发表于 2004-04-27 02:13 |只看该作者

OpenSSH3.8p1中文安装指引

为什么安装的时候出现
  1. bash-2.05# ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N ""
  2. Couldn't connect to PRNGD socket "/var/spool/prngd/pool": No such file or directory
  3. Entropy collection failed
  4. ssh-rand-helper child produced insufficient data
复制代码


即使mkdir一个也是

  1. Couldn't connect to PRNGD socket "/var/spool/prngd/pool": Socket operation on non-socket
  2. Entropy collection failed
  3. ssh-rand-helper child produced insufficient data
复制代码


solaris 7,需要dev/random补丁么?
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
realfox

论坛徽章:
0
6 [报告]
发表于 2004-04-27 04:10 |只看该作者

OpenSSH3.8p1中文安装指引

自己来回答


Step Three: Getting Entropy

The next step in installation is to start the generation of entropy for use by openssl and openssh. This is done with the prngd program. To set this up, read the README.prngd file. Make sure you have /usr/local/sbin in your PATH first. Now go to your /var/log, /var/adm, or similar directories and look for some log files like messages, syslog, etc. Make sure you are logged in as root user and run

cat ....various log files from your /var/log or /var/adm directories... >; /usr/local/etc/prngd/prngd-seed

such as

  1. #cat syslog messages >; /usr/local/etc/prngd/prngd-seed
复制代码


Then run

  1. #mkdir /var/spool/prngd

  3. #/usr/local/sbin/prngd /var/spool/prngd/pool
复制代码


This should start up the prngd daemon and start generating entropy. You can check this by running

  1. #/usr/local/bin/egc.pl /var/spool/prngd/pool get
复制代码


which, if the egd package (see README.egd) is installed along with perl, will give a message like

  1. 32800 bits of entropy in pool

  3. indicating that the prngd is working.
复制代码


Note: Several users have pointed out that they may get a "RNG not seeded" message when trying to start sshd. This seems to be a new issue with openssl 0.9.7 versions. They point out that the OpenSSL FAQ says:


Starting with version 0.9.7, OpenSSL will automatically
look for an EGD socket at /var/run/egd-pool, /dev/egd-pool,
/etc/egd-pool and /etc/entropy.

and if they did a link like
ln -s /var/spool/prngd/pool /dev/egd-pool

or similar, the not seeded message above goes away and opnessh programs then work properly.
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP