Jan 212008
 

OpenSSH is a free opensource version of the SSH connectivity tools. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks unlike Telnet,rlogin or ftp where the data is not encrypted and transmitted in plain text. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.

Solaris 10 is by default installed with SSH server and the clients. However, if you have chosen to ignore SSH at the time of installation or have started the install with a minimal install then you may need to install OpenSSH manually.

The easiest way to install OpenSSH in Sun Solaris is to use the pre-compiled packages from sunfreeware.

The following are the packages that are required to be installed for OpenSSH to work properly in Solaris 10:

OpenSSL (Latest stable: openssl-0.9.8f)
ZLib (Latest stable: zlib-1.2.3)
GNU Compiler Collection (gcc Latest stable: libgcc-3.4.6)
TCPWrapper (Optional tcp_wrappers-7.6)
and OpenSSH itself (Latest Stable: openssh-4.7p1)

To start of, download the packages from the following sunfreeware.com links for sun solaris 10 Sparc:

gcc

ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/libgcc-3.4.6-sol10-sparc-local.gz

Zlib

ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/zlib-1.2.3-sol10-sparc-local.gz

OpenSSL

ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/openssl-0.9.8f-sol10-sparc-local.gz

OpenSSH

ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/openssh-4.7p1-sol10-sparc-local.gz

Once done, upload the files onto the server so we can start to unzip the files and install.

Unzip and install gcc

solaris10# gunzip libgcc-3.4.6-sol9-sparc-local.gz

solaris10# pkgadd -d libgcc-3.4.6-sol9-sparc-local



Installation of <SMCgcc> was successful.

Unzip and install zlib

solaris10# gunzip  zlib-1.2.1-sol9-sparc-local.gz

solaris10# pkgadd -d zlib-1.2.1-sol9-sparc-local



Installation of <SMCzlib> was successful.

Unzip and install OpenSSL

solaris10# gunzip openssl-0.9.8f-sol9-sparc-local.gz

solaris10# pkgadd -d openssl-0.9.8f-sol9-sparc-local


Installation of <SMCossl> was successful.

Unzip and install OpenSSH

solaris10# gunzip openssh-4.7p1-sol9-sparc-local.gz

solaris10# pkgadd -d openssh-4.7p1-sol9-sparc-local

The packages are now installed.

Create /var/empty directory

solaris10# mkdir /var/empty

Change directory ownership to Root user and sys group

solaris10# chown root:sys /var/empty

Change permissions

solaris10# chmod 755 /var/empty

Add sshd user & group

solaris10# groupadd ssh

solaris10# # useradd -g sshd -c ‘sshd privsep’ -d /var/empty -s /bin/false sshd

Edit the default /usr/local/sshd_config file and make the following changes:

Replace the line

Subsystem sftp /usr/libexec/sftp-server

with

Subsystem sftp /usr/local/libexec/sftp-server

Generate Keys for the server

solaris10# ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N “”
solaris10# ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N “”
solaris10# ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N “”

Enable OpenSSH server daemon sshd to run at the system startup

Edit /lib/svc/method/sshd file and change the path for the SSH DIR, KEYGEN & the start daemon as follows:

SSHDIR=/usr/local/etc/ssh
KEYGEN=”/usr/local/bin/ssh-keygen -q”

‘start’)
         /usr/local/sbin/sshd

That is it. All done and ready to go. Try connecting to the server using a ssh client like PUTTY.

  4 Responses to “How to Install OpenSSH in Sun Solaris 10 (SPARC)”

  1. haii,,,i configures ssh on mmy solaris 10 box as u mentioned,,,but its not coming up status is offline always,,plz provide me the solution

  2. i followed the steps above. the service starts fine & comes up online. But on the putty window, after entering login & password, the window freezes. howewer telnet works fine. Can u pls suggest wat needs to be done.

  3. Use this one, worked for me

    #!/sbin/sh
    #
    # Copyright 2004 Sun Microsystems, Inc. All rights reserved.
    # Use is subject to license terms.
    #
    # ident “@(#)sshd 1.4 04/11/17 SMI”

    SSHDIR=/usr/local/etc
    KEYGEN=”/usr/local/bin/ssh-keygen -q”
    PIDFILE=/var/run/sshd.pid

    # Checks to see if RSA, and DSA host keys are available
    # if any of these keys are not present, the respective keys are created.
    create_key()
    {
    keypath=$1
    keytype=$2

    if [ ! -f $keypath ]; then
    grep “^HostKey $keypath” $SSHDIR/sshd_config > /dev/null 2>&1
    if [ $? -eq 0 ]; then
    echo Creating new $keytype public/private host key pair
    $KEYGEN -f $keypath -t $keytype -N ”
    return $?
    fi
    fi

    return 0
    }

    # This script is being used for two purposes: as part of an SMF
    # start/stop/refresh method, and as a sysidconfig(1M)/sys-unconfig(1M)
    # application.
    #
    # Both, the SMF methods and sysidconfig/sys-unconfig use different
    # arguments..

    case $1 in
    # sysidconfig/sys-unconfig arguments (-c and -u)
    ‘-c’)
    create_key $SSHDIR/ssh_host_rsa_key rsa
    create_key $SSHDIR/ssh_host_dsa_key dsa
    ;;

    ‘-u’)
    # sys-unconfig(1M) knows how to remove ssh host keys, so there’s
    # nothing to do here.
    :
    ;;

    # SMF arguments (start and restart [really “refresh”])
    ‘start’)
    /usr/local/sbin/sshd
    ;;

    ‘restart’)
    if [ -f “$PIDFILE” ]; then
    /usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
    fi
    ;;

    *)
    echo “Usage: $0 { start | restart }”
    exit 1
    ;;
    esac

    exit $?

  4. useradd -g sshd -c ‘sshd privsep’ -d /var/empty -s /bin/false sshd

    should be (NOTE the ‘’ enclosing sshd privsep, should be ”)

    useradd -g sshd -c ‘sshd privsep’ -d /var/empty -s /bin/false sshd

    AND

    groupadd ssh should be groupadd sshd

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)