[Next] [Previous] [Up] [Top] [Contents]

CHAPTER 29 Secure Shell, SSH

29.6 Installation

The source can be obtained from a number of places, including ftp://ftp.net.ohio-state.edu/pub/security/ssh, with the latest version being 1.2.14. For version 1.2.13 the source and Solaris 2.4 compiled files are at: ftp://wks.uts.ohio-state.edu/pub/src/ssh-1.2.13.tar.gz.
To compile the source and install the software do the following:

zcat ssh-1.2.13.tar.gz | tar -xvBf - ; cd ssh-1.2.13 # Open up the files

Configure the setup, (see the files README, OVERVIEW, INSTALL and the man pages). The default is to put the client files will be installed in the bin directory under the prefix (default is /usr/local) and the server in sbin, e.g.:
./configure --prefix=/opt/local --with-rsh=/bin/rsh


make install

Set the daemon up to run at boot. The following script should do this for you. It can be found as: ftp://wks.uts.ohio-state.edu/pub/src/setup_ssh.sh. This script will:

enable the daemon to be started at boot time

generate the host key for the machine

sets up default configuration files for clients and server

log server connections using LOCAL6 through syslogd to /var/log/sshd_log

start the server
Later you can edit the control files as desired. Should you change entries in /etc/sshd_config you will need to send a HUP signal to sshd so that it will reread this file.


# Frank Fiamingo March 15, 1996

# Script to setup sshd

# name: ssh

# vers: 1.2.13

# source: ftp://ftp.net.ohio-state.edu/pub/security/ssh

date=`date +%m/%d/%y`


OS=`uname -s`

OSlevel=`uname -r|cut -c1`

if [ "$OSlevel" = "5" ]; then

if [ "$OS" = "SunOS" ]; then




if [ "$OSlevel" = "5" ]; then # Solaris 2.X or IRIX 5.X

if [ ! -f /etc/init.d/sshd ];then

cat << EOF_init.d > /etc/init.d/sshd



# start up sshd, installed by $USER, $date


case "\$1" in


if [ -x $top/local/sbin/sshd ]; then

$top/local/sbin/sshd && \\

echo "Starting sshd daemon, takes about 1 minute... "




[ ! -f /etc/sshd.pid ] && exit 0

syspid=\`cat /etc/sshd.pid\`

if [ "\$syspid" -gt 0 ]; then

echo "Stopping the sshd daemon."

kill -15 \$syspid 2>&1 | /bin/grep -v "no such process"




echo "Usage: /etc/init.d/sshd { start | stop }"



exit 0


chmod 755 /etc/init.d/sshd

(cd /etc/rc2.d ; ln -s ../init.d/sshd S99sshd )


fi # end if for OSlevel=5

if [ "$OSlevel" = "4" ]; then # Solaris 1.X

if [ -f /etc/rc.local ]; then

grep $top/local/sbin/sshd /etc/rc.local >/dev/null 2>&1 ||

cat << EOF_rc.local >> /etc/rc.local


# sshd daemon, installed by $USER, $date

if [ -x $top/local/sbin/sshd ]; then

$top/local/sbin/sshd && echo ' Starting sshd '




echo "/etc/rc.local not found ..."


fi # end if for OSlevel=4

if [ ! -f /etc/ssh_host_key ];then

echo ""

echo "We're now going to generate the host key for this machine."

echo "We'll use a null passphrase."

echo "This will take a little while ..."

rm -f /.ssh/identity /.ssh/identity.pub

(echo /.ssh/identity | ssh-keygen -N "" ) && echo "Done."

cp /.ssh/identity /etc/ssh_host_key && chmod 600 /etc/ssh_host_key

cp /.ssh/identity.pub /etc/ssh_host_key.pub


# Configure the client service with the file /etc/ssh_config

if [ ! -f /etc/ssh_config ];then

cat << EOF_ssh > /etc/ssh_config

# This is the ssh client system-wide configuration file.

# It provides the defaults, whose values can be changed in

# the user's own configuration file or on the command line.

RhostsAuthentication no

RhostsRSAAuthentication no

RSAAuthentication yes

PasswordAuthentication yes

StrictHostKeyChecking yes



# Configure the daemon with the file /etc/sshd_config

if [ ! -f /etc/sshd_config ];then

cat << EOF_sshd > /etc/sshd_config

# This is the ssh server system-wide configuration file.

Port 22

AllowHosts 128.146.226.* 128.146.116.*


HostKey /etc/ssh_host_key

ServerKeyBits 768

LoginGraceTime 600

KeyRegenerationInterval 3600

PermitRootLogin yes

QuietMode no

FascistLogging no

PrintMotd no

SyslogFacility LOCAL6

RhostsAuthentication no

RhostsRSAAuthentication no

RSAAuthentication yes

PasswordAuthentication no



# If the daemon configuration file was set up at install, make sure

# that we log to local6

grep "SyslogFacility LOCAL6" /etc/sshd_config >/dev/null 2>&1 ||

if sed -e 's/DAEMON/LOCAL6/' /etc/sshd_config > tmp_sshd_config


mv tmp_sshd_config /etc/sshd_config


echo "SyslogFacility LOCAL6" >> /etc/sshd_config


# If the daemon's currently running, stop it.

if [ -f /etc/sshd.pid ];then

kill -15 `cat /etc/sshd.pid`


# Make sure that syslog logs sshd reports to a separate file

# In the following we use tabs, not spaces, as separators.

grep local6 /etc/syslog.conf >/dev/null 2>&1 ||

(echo "local6.debug /var/log/sshd_log" >> /etc/syslog.conf;\

touch /var/log/sshd_log; \

kill -HUP `cat /etc/syslog.pid` )

# Start the daemon


echo ""

echo "This host should now be running the sshd daemon."

echo "You will still need to edit /etc/ssh_known_hosts to put the "

echo "desired public host keys for the machines you want to trust."

Unix System Administration - 8 AUG 1996
[Next] [Previous] [Up] [Top] [Contents]