- 論壇徽章:
- 1
|
這里有一個ssh的安裝使用文檔,可供參考
openssh4.1p1在sparc solaris9下的安裝
所有軟件均來自www.sunfreeware.com
1. 確認所需軟件包
源包地址
The sources for these different programs are on sunfreeware.com or you can go to their home pages at
http://www.zlib.org zlib
http://www.perl.org perl
http://www.aet.tu-cottbus.de/per ... tfix_tls/prngd.html prngd
http://www.openssl.org openssl
http://www.openssh.org openssh
http://www.lothar.com/tech/crypto/ egd
ftp://ftp.porcupine.org/pub/security/index.html tcp_wrappers
從sunfreeware下載的安裝包
openssh-4.1p1-sol9-sparc-local.gz
openssl-0.9.7g-sol9-sparc-local.gz
tcp_wrappers-7.6-sol9-sparc-local.gz (optional, but recommended)
(unless you are using IPV6 - see the tcp_wrappers listing for details on this issue)
zlib-1.2.1-sol9-sparc-local.gz
perl-5.8.5-sol9-sparc-local.gz (optional)
prngd-0.9.25-sol9-sparc-local.gz (optional)
egd-0.8-sol9-sparc-local.gz (optional)
2. 安裝下載的軟件包
With the files downloaded, go to the directory where you put them and run
# gunzip openssh-4.1p1-sol9-sparc-local.gz
# gunzip openssl-0.9.7g-sol9-sparc-local.gz
# gunzip zlib-1.2.2-sol9-sparc-local.gz
# gunzip libgcc-3.3-sol9-sparc-local.gz (if you don't have gcc 3.3.2 installed)
# gunzip tcp_wrappers-7.6-sol9-sparc-local.gz (again optional)
and optionally for the other packages. Then run as root
# pkgadd -d openssh-4.1p1-sol9-sparc-local
# pkgadd -d openssl-0.9.7g-sol9-sparc-local
# pkgadd -d zlib-1.2.2-sol9-sparc-local
# pkgadd -d libgcc-3.3-sol9-sparc-local (if you don't have gcc 3.3.2 installed)
# pkgadd -d tcp_wrappers-7.6-sol9-sparc-local (optional)
可選的那些軟件包也裝了����,安裝過程同上
3. sshd用戶的安全設定
# mkdir /var/empty
# chown root:sys /var/empty
# chmod 755 /var/empty
# groupadd sshd
# useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/sh sshd
增加了一個系統(tǒng)用戶sshd,預備來啟動sshd進程���,sshd用戶的home目錄為/var/empty只有root用戶才有權限
4. sshd的系統(tǒng)啟動關閉腳本的設置
solaris9 自帶的sshd啟動關閉腳本已經非常好了��,只要略加改造即可使用新安裝的openssh4.1p1
solaris9 自己的ssh目錄分布如下
/etc/ssh �;ssh 和sshd的配置文件以及密匙文件
/usr/lib/ssh :sshd等server端程序文件
/usr/bin/ssh :ssh等client端程序文件
openssh4.1p1的程序包安裝以后的目錄分布
/usr/local/etc : ssh 和sshd的配置文件以及密匙文件
/usr/local/sbin : sshd等server端程序文件
/usr/local/bin : ssh等client端程序文件
根據上面的分析即可將原有的sshd文件改造成如下
#!/sbin/sh
#
# Copyright (c) 2001 by Sun Microsystems, Inc.
# All rights reserved.
#
# ident "@(#)sshd 1.1 01/09/19 SMI"
#
# If sshd is configured (/etc/ssh/sshd_config exists and is readable),
# the start it up.
# Checks to see if RSA, and DSA host keys are available
# if any of these keys are not present, the respective keys are created.
KEYDIR=/usr/local/etc #將以前的/etc/ssh 修改為/usr/local/etc
KEYGEN="/usr/local/bin/ssh-keygen -q" #將以前的/usr/bin/修改為/usr/local/bin
PIDFILE=/var/run/sshd.pid
case $1 in
'start')
if [ -x /usr/local/bin/ssh-keygen ]; then # 將以前的/usr/bin/修改為/usr/local/bin
if [ ! -f "$KEYDIR/ssh_host_rsa_key" ]; then
echo "Creating new RSA public/private host key pair"
$KEYGEN -f $KEYDIR/ssh_host_rsa_key -t rsa -N ''
fi
if [ ! -f "$KEYDIR/ssh_host_dsa_key" ]; then
echo "Creating new DSA public/private host key pair"
$KEYGEN -f $KEYDIR/ssh_host_dsa_key -t dsa -N ''
fi
fi
[ -x /usr/local/sbin/sshd ] && /usr/local/sbin/sshd & #將以前的/usr/lib/ssh/修改為/usr/local/sbin
;;
'stop')
#
# If we are switching Run level downwards then we disconnect
# all connections.
#
# Otherwise we just kill the master daemon that is listening
# and leave the connections active
if [ -z "$_INIT_RUN_LEVEL" ]; then
set -- `/usr/bin/who -r`
_INIT_RUN_LEVEL="$7"
_INIT_PREV_LEVEL="$9"
fi
if [ $_INIT_RUN_LEVEL -lt $_INIT_PREV_LEVEL ]; then
/usr/bin/pkill -u 0 -x sshd
fi
if [ -f "$PIDFILE" ]; then
/usr/bin/kill -TERM `/usr/bin/cat $PIDFILE`
fi
;;
'restart')
if [ -f "$PIDFILE" ]; then
/usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
fi
;;
*)
echo "Usage: $0 { start | stop }"
exit 1
;;
esac
5. 原有的 ssh相關文件的善后處理工作
可以刪除原有的sshd軟件包�����,也可改名處理�����,這次是改名處理
# cd /usr/bin
# mv ssh-add ssh-add.old
# ln -s /usr/local/bin/ssh-add ssh-add
# mv ssh-agent ssh-agent.old
# mv ssh-keygen ssh-keygen.old
# ln -s /usr/local/bin/ssh-agent ssh-agent
# ln -s /usr/local/bin/ssh-keygen ssh-keygen
# ln -s /usr/local/bin/ssh-keyscan ssh-keyscan
# mv /usr/bin/sftp /usr/bin/sftp.od
# ln -s /usr/local/bin/sftp /usr/bin/sftp
sshd文件是通過sshd腳本的來啟動的��,所以沒有改動�。
可能openssh4.1p1的編譯成安裝包默認就認為sshd_config和ssh_config文件就在/usr/local/etc,所以以前的/etc/ssh文件也沒有改名����,只是
再也用不到了。
6. tcp_wrappers 的設置工作
其實就是設置/etc/hosts.allow和/etc/hosts.deny,文件格式如下:
sshd: ALL
規(guī)則:如果hosts.allow和hosts.deny存在�����,只有在hosts.allow里面的條目才能登陸��。
改了一下/etc/ssh/sshd_config
AllowTcpForwarding yes //把原來no改為yes
PermitRootLogin yes //把原來no改為yes
7. 啟用新的openssh4.1p1
kill -9 殺掉 老的進程����,/etc/init.d/sshd start開始新的sshd進程
8. 主要參考了http://www.sunfreeware.com/openssh9.html |
|
免費注冊
發(fā)表于 2006-07-11 18:12
