OpenSSH is a free opensource version of the SSH connectivity tools. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks unlike Telnet,rlogin or ftp where the data is not encrypted and transmitted in plain text. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.
The easiest way to install OpenSSH in Sun Solaris is to use the pre-compiled packages from sunfreeware.
The following are the packages that are required to be installed for OpenSSH to work properly in Solaris 9:
OpenSSL (Latest stable: openssl-0.9.8f)
ZLib (Latest stable: zlib-1.2.3)
GNU Compiler Collection (gcc Latest stable: libgcc-3.4.6)
TCPWrapper (Optional tcp_wrappers-7.6)
and OpenSSH itself (Latest Stable: openssh-4.7p1)
To start of, download the packages from the following sunfreeware.com links Solaris 9 x86:
gcc
ftp://ftp.sunfreeware.com/pub/freeware/intel/9/libgcc-3.4.6-sol9-x86-local.gz
Zlib
ftp://ftp.sunfreeware.com/pub/freeware/intel/9/zlib-1.2.3-sol9-x86-local.gz
OpenSSL
ftp://ftp.sunfreeware.com/pub/freeware/intel/9/openssl-0.9.8f-sol9-x86-local.gz
OpenSSH
ftp://ftp.sunfreeware.com/pub/freeware/intel/9/openssh-4.7p1-sol9-x86-local.gz
Once done, upload the files onto the server so we can start to unzip the files and install.
Unzip and install gcc
solaris9# gunzip libgcc-3.4.6-sol9-x86-local.gz
solaris9# pkgadd -d libgcc-3.4.6-sol9-x86-local
…
…
Installation of <SMCgcc> was successful.
Unzip and install zlib
solaris9# gunzip zlib-1.2.3-sol9-x86-local.gz
solaris9# pkgadd -d zlib-1.2.3-sol9-x86-local
…
…
Installation of <SMCzlib> was successful.
Unzip and install OpenSSL
solaris9# gunzip openssl-0.9.8f-sol9-x86-local.gz
solaris9# pkgadd -d openssl-0.9.8f-sol9-x86-local
…
…
Installation of <SMCossl> was successful.
Unzip and install OpenSSH
solaris9# gunzip openssh-4.7p1-sol9-x86-local.gz
solaris9# pkgadd -d openssh-4.7p1-sol9-x86-local
…
…
Installation of <SMCossl> was successful.
The packages are now installed.
Create /var/empty directory
solaris9# mkdir /var/empty
Change directory ownership to Root user and sys group
solaris9# chown root:sys /var/empty
Change permissions
solaris9# chmod 755 /var/empty
Add sshd user & group
solaris9# groupadd ssh
solaris9# # useradd -g sshd -c ‘sshd privsep’ -d /var/empty -s /bin/false sshd
Edit the default /usr/local/sshd_config file and make the following changes:
Replace the line
Subsystem sftp /usr/libexec/sftp-server
with
Subsystem sftp /usr/local/libexec/sftp-server
Generate Keys for the server
solaris9# ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N “”
solaris9# ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N “”
solaris9# ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N “”
sshd at Solaris startup
Add a startup script /etc/init.d/sshd as follows to enable the OpenSSH server daemon “sshd” at the startup
case “$1” in
‘start’)
if [ -x /usr/local/sbin/sshd ]; then
echo “Starting the secure shell daemon”
/usr/local/sbin/sshd &
fi
;;‘stop’)
echo “Stopping the secure shell daemon ”
pkill -TERM sshd
;;
*)
echo “Usage: /etc/init.d/sshd { start | stop }”
;;
esac
exit 0
Change the ownership & permissions on the startup script
solaris9# chown root:sys /etc/init.d/sshd
solaris9# chmod 555 /etc/init.d/sshd
Create a Symlink to the startup script at /etc/rc2/d/S98sshd
# ln -s /etc/init.d/sshd /etc/rc2.d/S98sshd
That is it. All done and ready to go. Try connecting to the server using a ssh client like PUTTY.