Installing OpenSSH on Solaris servers

Install the appropriate package(s) from the admin server

For Solaris 2.x and 7:

Install 

Temporaily turn on the ftp daemon on the admin server to allow you to download
required packages for SSH:

On wsadmin01:

# /etc/rc2.d/_S99proftpd start

Download the packages

# cd /tmp
# ftp://wsadmin01.harcourt.com:/pub/soft/pkgs/sol2_5/prngd.0.9.26.pkg.tar.gz
# ftp://wsadmin01.harcourt.com:/pub/soft/pkgs/sol2_5/openssh_3.4p1.pkg.tar.gz

Turn off the FTP server for security reasons

On wsadmin01:

# /etc/rc2.d/_S99proftpd stop

Uncompress the package files:

# cd /tmp
# gzip -d prngd.0.9.26.pkg.tar.gz
# gzip -d openssh_3.4p1.pkg.tar.gz

Untar the package files:

# tar xvf prngd.0.9.26.pkg.tar
# tar xvf openssh_3.4p1.pkg.tar

Install prngd (entropy device required by OpenSSH):

# pkgadd -d /tmp
root@emerson:/tmp# pkgadd -d /tmp

The following packages are available:
  1  OpenSSH     OpenSSH 3.4p1 and OpenSSL 0.9.6.g
                 (sparc) 3.4p1
  2  prngd       prngd 0.9.26
                 (sparc) 0.9.26

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 

Select the "prngd" package only.

Start and verify the prngd is running:

# /etc/rc2.d/S30prngd start
# ps -ef | grep prngd
    root 20671 27494  0 17:39:54 console  0:00 grep prngd
    root 20648     1  1 17:39:49 ?        0:00 /usr/local/sbin/prngd /var/run/egd-pool


Install OpenSSH (and OpenSSL):

# pkgadd -d /tmp

The following packages are available:
  1  OpenSSH     OpenSSH 3.4p1 and OpenSSL 0.9.6.g
                 (sparc) 3.4p1
  2  prngd       prngd 0.9.26
                 (sparc) 0.9.26

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 

Select the "OpenSSH" package only.

Generate the keys:

# ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N ""

# ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N ""

# ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N ""

Create the Privilege separation user sshd:

# /usr/sbin/groupadd -g 5101 sshd
# /usr/sbin/useradd -d /var/chroot/sshd -g sshd -u 5101 -m sshd


No start it up:

# /etc/rc2.d/S77sshd start

------------------------------

Installing OpenSSH on Solaris servers

Install the appropriate package(s) from the admin server

For Solaris 8:

Install

First you must install the Solaris 8 /dev/random patch.

Read wsadmin01:/pub/soft/patches/README.txt

The random patch is included in the Solaris 8 recommend patch collection
on the admin server:

wsadmin01:/pub/soft/patches/8_Recommended.zip

Use scp to fetch the files from the patch directory.

You should reboot after installing this patch.

Temporaily turn on the ftp daemon on the admin server to allow you to download
required packages for SSH:

On wsadmin01:

# /etc/rc2.d/_S99proftpd start

Download the packages

# cd /tmp
ftp://wsadmin01.harcourt.com:/pub/soft/pkgs/sol8/openssl-0.9.6.g.pkg.tar.gz
ftp://wsadmin01.harcourt.com:/pub/soft/pkgs/sol8/openssh-3.4p1.pkg.tar.gz

Turn off the FTP server for security reasons

On wsadmin01:

# /etc/rc2.d/_S99proftpd stop

Uncompress the package files:

# cd /tmp
# gzip -d openssl-0.9.6.g.pkg.tar.gz
# gzip -d openssh-3.4p1.pkg.tar.gz

Untar the package files:

# tar xvf openssl-0.9.6.g.pkg.tar
# tar xvf openssh-3.4p1.pkg.tar

Install OpenSSL:

# pkgadd -d /tmp

The following packages are available:
  1  OpenSSH     OpenSSH 3.4p1
                 (sparc) 3.4p1
  2  OpenSSL     OpenSSL 0.9.6.g
                 (sparc) 0.9.6.g

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:

Only install the OpenSSL.

Verify the installation is good:

# openssl version
OpenSSL 0.9.6g 9 Aug 2002

You MUST have /usr/local/bin in your PATH

You are now ready to install OpenSSH:

First create the priv. speration dir:

# mkdir -p /var/chroot

Now create the sshd user account and group:

Create the Privilege separation user sshd:

# /usr/sbin/groupadd -g 5101 sshd
# /usr/sbin/useradd -d /var/chroot/sshd -g sshd -u 5101 -m sshd

Select the "OpenSSH" package only.

# pkgadd -d /tmp

The following packages are available:
  1  OpenSSH     OpenSSH 3.4p1
                 (sparc) 3.4p1
  2  OpenSSL     OpenSSL 0.9.6.g
                 (sparc) 0.9.6.g

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:

Only install the OpenSSL.

Verify the installation is good:

# ssh -V
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f

Generate the keys:

# ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N ""

# ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N ""

# ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N ""

Now start it up:

# /etc/rc2.d/S77sshd start

Install of OpenSSH/OpenSSL for Solaris 8 is now complete.