Chinaunix首页 | 论坛 | 博客
  • 博客访问: 66255
  • 博文数量: 28
  • 博客积分: 210
  • 博客等级: 入伍新兵
  • 技术积分: 120
  • 用 户 组: 普通用户
  • 注册时间: 2005-05-15 16:13
文章分类

全部博文(28)

文章存档

2016年(11)

2012年(8)

2011年(5)

2005年(4)

我的朋友

分类: LINUX

2005-09-23 11:12:51

1、需要下载的软件
openssh
openssl (SSL)
prngd (Psuedo Random Generator Daemon)
zlib (Z library)
以上软件可以到下载或者到ftp://ftp.sjtu.edu.cn/sites/ftp.sunfreeware.com/中去下载

2、安装
#gunzip openssl*
#gunzip prngd*
#gunzip zlib*
#gunzip openssh*
#pkgadd -d openssl-0.9.6c-sol8-sparc-local
#pkgadd -d prngd-0.9.23-sol8-sparc-local
#pkgadd -d zlib-1.1.4-sol8-sparc-local
#pkgadd -d openssh-3.1p1-sol8-sparc-local

1、需要下载的软件
openssh
openssl (SSL)
prngd (Psuedo Random Generator Daemon)
zlib (Z library)
以上软件可以到下载或者到ftp://ftp.sjtu.edu.cn/sites/ftp.sunfreeware.com/中去下载

2、安装
#gunzip openssl*
#gunzip prngd*
#gunzip zlib*
#gunzip openssh*
#pkgadd -d openssl-0.9.6c-sol8-sparc-local
#pkgadd -d prngd-0.9.23-sol8-sparc-local
#pkgadd -d zlib-1.1.4-sol8-sparc-local
#pkgadd -d openssh-3.1p1-sol8-sparc-local

3、创建自启动控制文件
1)sshd启动脚本:
vi  /etc/init.d/sshd


#! /bin/sh
#
# start/stop the secure shell daemon

case "$1" in

'start')
    # Start the sshd daemon
    if [ -f /usr/local/sbin/sshd ]; then
         echo "starting SSHD daemon"
         /usr/local/sbin/sshd &
    fi
    ;;

'stop')
    # Stop the ssh deamon
    PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep sshd | /usr/bin/awk '{print $1}'`
    if [ ! -z "$PID" ] ; then
         /usr/bin/kill ${PID} >/dev/null 2>&1
    fi
    ;;

*)
    echo "usage: /etc/init.d/sshd {start|stop}"
    ;;

esac

2)设置sshd启动脚本

#chmod +x /etc/init.d/sshd
#ln -s /etc/init.d/sshd /etc/rc2.d/S99sshd

3)prngd启动脚本
#vi /etc/init.d/prngd


#! /bin/sh
#
# start/stop the pseudo random generator daemon

case "$1" in

'start')
    # Start the ssh daemon
    if [ -f /usr/local/sbin/prngd ]; then
         echo "starting PRNG daemon"
         /usr/local/sbin/prngd /var/spool/prngd/pool&
    fi
    ;;

'stop')
    # Stop the ssh deamon
    PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep prngd | /usr/bin/awk '{print $1}'`
    if [ ! -z "$PID" ] ; then
         /usr/bin/kill ${PID} >/dev/null 2>&1
    fi
    ;;

*)
    echo "usage: /etc/init.d/prngd {start|stop}"
    ;;

esac

4)设置prngd启动脚本

#chmod +x /etc/init.d/prngd
#ln -s /etc/init.d/prngd /etc/rc2.d/S99prngd

4、启动prngd
# /etc/init.d/prngd start
starting PRNG daemon
Info: Random pool not (yet) seeded
Could not bind socket to /var/spool/prngd/pool: No such file or directory
# mkdir -p /var/spool/prngd
#/etc/init.d/prngd start
starting PRNG daemon
# Info: Random pool not (yet) seeded
#

5、启动sshd
# /etc/init.d/sshd start
starting SSHD daemon
Could not load host key: /usr/local/etc/ssh_host_key
Could not load host key: /usr/local/etc/ssh_host_rsa_key
Could not load host key: /usr/local/etc/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
#
The errors above are due to the fact that we didn't create any key pairs for our ssh server.

Create a public key pair to support the new, DSA-based version 2 protocol

# /usr/local/bin/ssh-keygen -d -f /usr/local/etc/ssh_host_dsa_key -N ""

Generating public/private dsa key pair.
Your identification has been saved in /usr/local/etc/ssh_host_dsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_dsa_key.pub.
The key fingerprint is:
00:91:f5:8a:55:7c:ac:ff:b7:08:1f:ce:23:aa:f2:79 root@solaris8


Create a public key pair to support the old, RSA-based version 1 protocol

# /usr/local/bin/ssh-keygen -b 1024 -f /usr/local/etc/ssh_host_rsa_key -t rsa -N ""
Generating public/private rsa1 key pair.
Your identification has been saved in /usr/local/etc/ssh_host_rsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_rsa_key.pub.
The key fingerprint is:
8e:b0:1d:8a:22:f2:d2:37:1f:92:96:02:e8:74:ca:ea root@solaris8

Edit ssh daemon configuration file /usr/local/etc/sshd_config, enable protocol 2 and 1
Uncomment the line, that says

protocol 2,1

# /etc/init.d//sshd start
starting SSHD daemon
#

至此基本完成工作。

在启动过程可能遇到的问题及解决办法
A.PRNG is not seeded的问题的解决办法
下载~andi/SUNrand/pkg/ANDIrand-0.7-5.8-sparc-1.pkg该软件
安装
pkgadd -d ANDIrand*
安装了这个软件之后,会在/dev/目录下生成2个随机数设备
random urandom
安装之后不用重起
这时你在起 openssh 就会正常了

B.启动sshd时遇到下面的问题Could not load host key: /usr/local/etc/ssh_host_key
Disabling protocol version 1. Could not load host key
Missing privilege separation directory: /var/empty
和Privilege separation user sshd does not exist

解决办法是
mkdir /var/empty
chown root:sys /var/empty
chmod 755 /var/empty
groupadd sshd
useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
chown root /etc/init.d/sshd
chgrp sys /etc/init.d/sshd
chmod 555 /etc/init.d/sshd

阅读(1237) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~