Chinaunix首页 | 论坛 | 博客
  • 博客访问: 3521836
  • 博文数量: 534
  • 博客积分: 11595
  • 博客等级: 上将
  • 技术积分: 5785
  • 用 户 组: 普通用户
  • 注册时间: 2006-12-22 17:00
文章分类

全部博文(534)

文章存档

2015年(4)

2014年(27)

2013年(15)

2012年(38)

2011年(36)

2010年(85)

2009年(63)

2008年(142)

2007年(124)

分类:

2008-04-14 11:48:36

1、需要下载的软件
openssh
openssl (SSL)
prngd (Psuedo Random Generator Daemon)
zlib (Z library)
以上软件可以到下载或者到ftp://ftp.sjtu.edu.cn/sites/ftp.sunfreeware.com/中去下载

2、安装
#gunzip openssl*
#gunzip prngd*
#gunzip zlib*
#gunzip openssh*
#pkgadd -d openssl-0.9.6c-sol8-sparc-local
#pkgadd -d prngd-0.9.23-sol8-sparc-local
#pkgadd -d zlib-1.1.4-sol8-sparc-local
#pkgadd -d openssh-3.1p1-sol8-sparc-local

3、创建自启动控制文件
1)sshd启动脚本:
vi  /etc/init.d/sshd


#! /bin/sh
#
# start/stop the secure shell daemon

case "$1" in

'start')
     # Start the sshd daemon
     if [ -f /usr/local/sbin/sshd ]; then
          echo "starting SSHD daemon"
          /usr/local/sbin/sshd &
     fi
     ;;

'stop')
     # Stop the ssh deamon
     PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep sshd | /usr/bin/awk '{print $1}'`
     if [ ! -z "$PID" ] ; then
          /usr/bin/kill ${PID} >;/dev/null 2>;&1
     fi
     ;;

*)
     echo "usage: /etc/init.d/sshd {start|stop}"
     ;;

esac

2)设置sshd启动脚本

#chmod +x /etc/init.d/sshd
#ln -s /etc/init.d/sshd /etc/rc2.d/S99sshd

3)prngd启动脚本
#vi /etc/init.d/prngd


#! /bin/sh
#
# start/stop the pseudo random generator daemon

case "$1" in

'start')
     # Start the ssh daemon
     if [ -f /usr/local/sbin/prngd ]; then
          echo "starting PRNG daemon"
          /usr/local/sbin/prngd /var/spool/prngd/pool&
     fi
     ;;

'stop')
     # Stop the ssh deamon
     PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep prngd | /usr/bin/awk '{print $1}'`
     if [ ! -z "$PID" ] ; then
          /usr/bin/kill ${PID} >;/dev/null 2>;&1
     fi
     ;;

*)
     echo "usage: /etc/init.d/prngd {start|stop}"
     ;;

esac

4)设置prngd启动脚本

#chmod +x /etc/init.d/prngd
#ln -s /etc/init.d/prngd /etc/rc2.d/S99prngd

4、启动prngd
# /etc/init.d/prngd start
starting PRNG daemon
Info: Random pool not (yet) seeded
Could not bind socket to /var/spool/prngd/pool: No such file or directory
# mkdir -p /var/spool/prngd
#/etc/init.d/prngd start
starting PRNG daemon
# Info: Random pool not (yet) seeded
#

5、启动sshd
# /etc/init.d/sshd start
starting SSHD daemon
Could not load host key: /usr/local/etc/ssh_host_key
Could not load host key: /usr/local/etc/ssh_host_rsa_key
Could not load host key: /usr/local/etc/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
#
The errors above are due to the fact that we didn't create any key pairs for our ssh server.

Create a public key pair to support the new, DSA-based version 2 protocol

# /usr/local/bin/ssh-keygen -d -f /usr/local/etc/ssh_host_dsa_key -N ""

Generating public/private dsa key pair.
Your identification has been saved in /usr/local/etc/ssh_host_dsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_dsa_key.pub.
The key fingerprint is:
00:91:f5:8a:55:7c:ac:ff:b7:08:1f:ce:23:aa:f2:79 root@solaris8


Create a public key pair to support the old, RSA-based version 1 protocol

# /usr/local/bin/ssh-keygen -b 1024 -f /usr/local/etc/ssh_host_rsa_key -t rsa -N ""
Generating public/private rsa1 key pair.
Your identification has been saved in /usr/local/etc/ssh_host_rsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_rsa_key.pub.
The key fingerprint is:
8e:b0:1d:8a:22:f2:d2:37:1f:92:96:02:e8:74:ca:ea root@solaris8

编辑配置文件/usr/local/etc/sshd_config,启用 protocol 2 and 1
#vi /usr/local/etc/sshd_config
找到#Port 22 替换为Port 22
找到#Protocol 2,1替换为Protocol 2,1

# /etc/init.d//sshd start
starting SSHD daemon
#

至此基本完成工作。

在启动过程可能遇到的问题及解决办法
A.PRNG is not seeded的问题的解决办法
下载~andi/SUNrand/pkg/ANDIrand-0.7-5.8-sparc-1.pkg该软件
安装
pkgadd -d ANDIrand*
安装了这个软件之后,会在/dev/目录下生成2个随机数设备
random urandom
安装之后不用重起
这时你在起 openssh 就会正常了

B.启动sshd时遇到下面的问题Could not load host key: /usr/local/etc/ssh_host_key
Disabling protocol version 1. Could not load host key
Missing privilege separation directory: /var/empty
和Privilege separation user sshd does not exist

解决办法是
mkdir /var/empty
chown root:sys /var/empty
chmod 755 /var/empty
groupadd sshd
useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
chown root /etc/init.d/sshd
chgrp sys /etc/init.d/sshd
chmod 555 /etc/init.d/sshd

C.Could not load host key: /usr/local/etc/ssh_host_key
Disabling protocol version 1. Could not load host key错误提示
临时解决办法是
修改/usr/local/etc/sshd_config
将Protocol 2,1改为Protocol 2
阅读(1776) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~