Discussion:
installing openssh on AIX 5.2
(too old to reply)
Richard Kopec
2006-01-31 15:05:21 UTC
Permalink
Hello guys!

I am running AIX 5.2.0.0 on an IBM 43p-150. I currently have openssh
3.5.0.0 (freeware.openssh.rte 3.5.0.0) installed, which apparently does
not provide a ssh daemon. My university recently disabled ftp in favor
of sftp protocols. I am unable to establish an sftp connection to my
150, but I can establish a client connection from my 150. As I
understand, the sshd must be active for this to be possible.

So I tried to update openssh, which I found required openssl, which I do
not have installed. I have tried various permutations of installing
openssl and openssh, and every time the installation fails, each time
with a different error. Rather than trying to catalogue all the
permutations and problems I encountered, it might help if someone could
tell me which packages to install, and in what order. I currently have
bff or rpm files for:

3.8.1p1.tar.Z
openssl-0.9.7g-1.aix5.1.ppc.rpm
openssl-devel-0.9.6m-1.aix4.3.ppc.rpm
openssl-devel-0.9.6m-2.aix5.1.ppc.rpm
openssl-devel-0.9.7g-1.aix5.1.ppc.rpm
openssl-doc-0.9.6m-1.aix4.3.ppc.rpm
openssl-doc-0.9.6m-2.aix5.1.ppc.rpm
openssh-3.8.1p1_51.tar.Z openssl-doc-0.9.7g-1.aix5.1.ppc.rpm
openssh-3.8.1p1_52.tar.Z
openssh-4.1p1_52.tar.Z
openssl-0.9.6m-1.aix4.3.ppc.rpm
openssl-0.9.6m-2.aix5.1.ppc.rpm

I found some instructions on the web that specified use of 4.3.3 openssl
files,

http://publib16.boulder.ibm.com/pseries/en_US/aixbman/security/openssh.htm

but that did not make sense to me. I am only a part-time server person,
so any advice you can provide would help. I would really like to be
able to set up sftp servce to this server.

A complicating factor is that I ahve never been able to successfully
build a freeware package on this machine, usually because some library
was missing somewhere, so I have had to rely on installp and rpm files
to install software.

Thanks for your consideration of this request!
Hajo Ehlers
2006-01-31 15:30:45 UTC
Permalink
Post by Richard Kopec
Hello guys!
I am running AIX 5.2.0.0 on an IBM 43p-150. I currently have openssh
3.5.0.0 (freeware.openssh.rte 3.5.0.0) installed, which apparently does
not provide a ssh daemon. My university recently disabled ftp in favor
of sftp protocols. I am unable to establish an sftp connection to my
150, but I can establish a client connection from my 150. As I
understand, the sshd must be active for this to be possible.
I asume you can have terminal access to your machine. If yor are
connected via SSH your connection will be dropped

1) backup system
2) Deinstall openssh and openssl and prng
3) Remove any ssh and sshd configuration files
4) Install ssl ( prerequiste for ssh ) with rpm
openssl-0.9.7g-1.aix5.1.ppc.rpm ( The 5.1 means: Runs on AIX 5.1 and
higher )

5) Install ssh
ssh should include:
openssh.base.client 3.8.x.x
openssh.base.server 3.8.x.x
openssh.base.license 3.8.x.x
So unzip and untar openssh-3.8.1p1_52.tar.Z in ( Its from IBM ?)
and do a inutoc to create the .toc file
Install openssh

Normaly openssh will create all config files and will start the server
right away
Let us know if you encounter problems

hth
Hajo
Richard Kopec
2006-01-31 17:58:31 UTC
Permalink
Hello Hajo!

To remove prng, do I remove /dev/random and /dev/urandom?

Thanks!
Post by Hajo Ehlers
Post by Richard Kopec
Hello guys!
I am running AIX 5.2.0.0 on an IBM 43p-150. I currently have openssh
3.5.0.0 (freeware.openssh.rte 3.5.0.0) installed, which apparently does
not provide a ssh daemon. My university recently disabled ftp in favor
of sftp protocols. I am unable to establish an sftp connection to my
150, but I can establish a client connection from my 150. As I
understand, the sshd must be active for this to be possible.
I asume you can have terminal access to your machine. If yor are
connected via SSH your connection will be dropped
1) backup system
2) Deinstall openssh and openssl and prng
3) Remove any ssh and sshd configuration files
4) Install ssl ( prerequiste for ssh ) with rpm
openssl-0.9.7g-1.aix5.1.ppc.rpm ( The 5.1 means: Runs on AIX 5.1 and
higher )
5) Install ssh
openssh.base.client 3.8.x.x
openssh.base.server 3.8.x.x
openssh.base.license 3.8.x.x
So unzip and untar openssh-3.8.1p1_52.tar.Z in ( Its from IBM ?)
and do a inutoc to create the .toc file
Install openssh
Normaly openssh will create all config files and will start the server
right away
Let us know if you encounter problems
hth
Hajo
Hajo Ehlers
2006-01-31 18:21:16 UTC
Permalink
Post by Richard Kopec
Hello Hajo!
To remove prng, do I remove /dev/random and /dev/urandom?
At least on AIX 5.1 they do not exist and also i do not know if prng
does create these devices or not .....
Hm, a quick google search showed that AIX 5.2 has these devices by
default.

So if we are talking about prng i must admit that i thought about the
old one used for ssh on AIX 4.3.3 and 5.1 in the past.
So if the prng is a standard lpp package and you haven't it installed
from a third party you should NOT remove it and so not the devices
Sorry for the mistake

Hajo
Richard Kopec
2006-01-31 20:23:43 UTC
Permalink
OK. I followed the steps exactly. Now the system reports "PRNG is not
seeded" when I try to establish a client ssh session with another server
from my server.

The sshd is still inactive, even though the installer reports that sshd
has started and assigns a pid. The server refuses connections.

But I did remove openssh 3.5.0.0, there were no config files that I
could find, and PRNG was not previously installed except for the
previsouly mentioned dev listing.

How does one seed prng? Do you think this might solve the problem? And
wouldn't one think that PRNG could seed itself?
Post by Hajo Ehlers
Post by Richard Kopec
Hello Hajo!
To remove prng, do I remove /dev/random and /dev/urandom?
At least on AIX 5.1 they do not exist and also i do not know if prng
does create these devices or not .....
Hm, a quick google search showed that AIX 5.2 has these devices by
default.
So if we are talking about prng i must admit that i thought about the
old one used for ssh on AIX 4.3.3 and 5.1 in the past.
So if the prng is a standard lpp package and you haven't it installed
from a third party you should NOT remove it and so not the devices
Sorry for the mistake
Hajo
Hajo Ehlers
2006-01-31 20:47:59 UTC
Permalink
According to Steve Bassler: in comp.unix.aix
It turns out that after the migration install, both /dev/random and
/dev/urandom came in with permissions crw-r-----, where on all my other
AIX 5.2 servers (installed from scratch), they are crw-r--r--. Once I
added the world readable bit to both, everything worked fine.

So check the security setting on both devices

If that does not fix the problem:
Check if you have IY43851 installed or runing on the latest ML
See for details
http://www-1.ibm.com/support/docview.wss?uid=swg21201727
http://www-1.ibm.com/support/docview.wss?uid=isg1IY43851

and also verify that the openssh installation was successfully
If you installed with smitty - check the smit.log

BTW: What is the output from
lslpp -l | egrep "openssl|openssh"

Also you have to restart the sshd with:
startsrc -s sshd
If it fails again start the sshd from the command line in debug-mode
and look whats going on.
For debug mode see ( I am writing this from a w98 laptop )
man sshd

hth
Hajo
Hajo Ehlers
2006-01-31 20:52:06 UTC
Permalink
If your sshd is runing you might upgrade using
openssh-4.1p1_52.tar.Z
because i did not recognice it during the first reading of your post.

I think its the latest version for openssh out there. But you might
have to cross check
Richard Kopec
2006-01-31 21:22:40 UTC
Permalink
Post by Hajo Ehlers
According to Steve Bassler: in comp.unix.aix
It turns out that after the migration install, both /dev/random and
/dev/urandom came in with permissions crw-r-----, where on all my other
AIX 5.2 servers (installed from scratch), they are crw-r--r--. Once I
added the world readable bit to both, everything worked fine.
The current permissions are correct
Post by Hajo Ehlers
So check the security setting on both devices
Check if you have IY43851 installed or runing on the latest ML
See for details
http://www-1.ibm.com/support/docview.wss?uid=swg21201727
http://www-1.ibm.com/support/docview.wss?uid=isg1IY43851
I did not think that this was the problem, but I tried to get the fix
anyway. The message from the IBM server was that my OS level is already
up to date, so the fix did not download.
Post by Hajo Ehlers
and also verify that the openssh installation was successfully
If you installed with smitty - check the smit.log
The smit log reports success for all 5 parts of openssh client & server,
usr, root plus msg for usr
Post by Hajo Ehlers
BTW: What is the output from
lslpp -l | egrep "openssl|openssh"
this commands lists only the ssh software. It does not list any ssl
software. When I list installed software, openssl 0.9.7g-1 appears in
the list as an rpm package.
Post by Hajo Ehlers
startsrc -s sshd
when I do this, the system reports that sshd subsystem has been started
and reports a pid

when I do lssrc -a | grep sshd

it lists sshd as inoperative
Post by Hajo Ehlers
If it fails again start the sshd from the command line in debug-mode
and look whats going on.
For debug mode see ( I am writing this from a w98 laptop )
man sshd
there is no man entry under this heading

Why is this such a pain!!!!
Post by Hajo Ehlers
hth
Hajo
Hajo Ehlers
2006-01-31 22:06:15 UTC
Permalink
...
Post by Richard Kopec
I did not think that this was the problem, but I tried to get the fix
anyway. The message from the IBM server was that my OS level is already
up to date, so the fix did not download.
Post by Hajo Ehlers
and also verify that the openssh installation was successfully
If you installed with smitty - check the smit.log
The smit log reports success for all 5 parts of openssh client & server,
usr, root plus msg for usr
Post by Hajo Ehlers
BTW: What is the output from
lslpp -l | egrep "openssl|openssh"
this commands lists only the ssh software. It does not list any ssl
software. When I list installed software, openssl 0.9.7g-1 appears in
the list as an rpm package.
Sorry, its late in germany. i mean
$ lslpp -L | egrep "openssl|openssh"

and please if somebody request an output you should post it.

The openssh package should contain the openssh.man.en_US package from
which i do not know now if it is installed or not
But you will find a readme at: /usr/openssh/README

and online documentation at:
http://www-128.ibm.com/developerworks/eserver/articles/openssh_updated.html

So for the sake of not knowing do as root a :
$ slibclean
so no old library will stay in memory and restart the sshd in debug
mode

BTW: to start sshd in debug executing
$ sshd -d -d -d

hth
Hajo

who must say good night
Richard Kopec
2006-02-01 00:53:24 UTC
Permalink
Hello Hajo!

I'm retiring for the evening too.

# lslpp -L|egrep "openssl|openssh"
openssh.base.client 3.8.0.5202 C F Open Secure Shell
Commands
openssh.base.server 3.8.0.5202 C F Open Secure Shell Server
openssh.msg.en_US 3.8.0.5202 C F Open Secure Shell
Messages -
openssl 0.9.7g-1 C R Secure Sockets Layer and

#slibclean
#sshd -d -d -d
PRNG not seeded

still not working!
Post by Hajo Ehlers
...
Post by Richard Kopec
I did not think that this was the problem, but I tried to get the fix
anyway. The message from the IBM server was that my OS level is already
up to date, so the fix did not download.
Post by Hajo Ehlers
and also verify that the openssh installation was successfully
If you installed with smitty - check the smit.log
The smit log reports success for all 5 parts of openssh client & server,
usr, root plus msg for usr
Post by Hajo Ehlers
BTW: What is the output from
lslpp -l | egrep "openssl|openssh"
this commands lists only the ssh software. It does not list any ssl
software. When I list installed software, openssl 0.9.7g-1 appears in
the list as an rpm package.
Sorry, its late in germany. i mean
$ lslpp -L | egrep "openssl|openssh"
and please if somebody request an output you should post it.
The openssh package should contain the openssh.man.en_US package from
which i do not know now if it is installed or not
But you will find a readme at: /usr/openssh/README
http://www-128.ibm.com/developerworks/eserver/articles/openssh_updated.html
$ slibclean
so no old library will stay in memory and restart the sshd in debug
mode
BTW: to start sshd in debug executing
$ sshd -d -d -d
hth
Hajo
who must say good night
base60
2006-02-01 00:54:57 UTC
Permalink
Post by Richard Kopec
Hello guys!
I am running AIX 5.2.0.0 on an IBM 43p-150. I currently have openssh
3.5.0.0 (freeware.openssh.rte 3.5.0.0) installed, which apparently does
not provide a ssh daemon. My university recently disabled ftp in favor
of sftp protocols. I am unable to establish an sftp connection to my
150, but I can establish a client connection from my 150. As I
understand, the sshd must be active for this to be possible.
So I tried to update openssh, which I found required openssl, which I do
not have installed. I have tried various permutations of installing
openssl and openssh, and every time the installation fails, each time
with a different error. Rather than trying to catalogue all the
permutations and problems I encountered, it might help if someone could
tell me which packages to install, and in what order. I currently have
3.8.1p1.tar.Z
openssl-0.9.7g-1.aix5.1.ppc.rpm
openssl-devel-0.9.6m-1.aix4.3.ppc.rpm
openssl-devel-0.9.6m-2.aix5.1.ppc.rpm
openssl-devel-0.9.7g-1.aix5.1.ppc.rpm
openssl-doc-0.9.6m-1.aix4.3.ppc.rpm
openssl-doc-0.9.6m-2.aix5.1.ppc.rpm
openssh-3.8.1p1_51.tar.Z openssl-doc-0.9.7g-1.aix5.1.ppc.rpm
openssh-3.8.1p1_52.tar.Z
openssh-4.1p1_52.tar.Z
openssl-0.9.6m-1.aix4.3.ppc.rpm
openssl-0.9.6m-2.aix5.1.ppc.rpm
The current openssh is 4.2p1 and available from www.openssh.org
and the current openssl is .98a

Assuming you have compilers etc., both will compile and install on
AIX 5.2 without issue.

./configure --help will give you the options.

You should include tcp_wrappers in the build and it will simplify your
life add "--with-rand-helper" to the openssh
Post by Richard Kopec
I found some instructions on the web that specified use of 4.3.3 openssl
files,
http://publib16.boulder.ibm.com/pseries/en_US/aixbman/security/openssh.htm
but that did not make sense to me. I am only a part-time server person,
so any advice you can provide would help. I would really like to be
able to set up sftp servce to this server.
A complicating factor is that I ahve never been able to successfully
build a freeware package on this machine, usually because some library
was missing somewhere, so I have had to rely on installp and rpm files
to install software.
Richard Kopec
2006-02-02 14:39:25 UTC
Permalink
Hello Guys!

Thanks for your help! I was not able to solve then "PRNG not seeded"
problem with AIX 5.2, so I updated everything to AIX 5.3. Now ssh is
working properly.

Of course the migration was another long story!

Richard
Post by base60
Post by Richard Kopec
Hello guys!
I am running AIX 5.2.0.0 on an IBM 43p-150. I currently have openssh
3.5.0.0 (freeware.openssh.rte 3.5.0.0) installed, which apparently
does not provide a ssh daemon. My university recently disabled ftp in
favor of sftp protocols. I am unable to establish an sftp connection
to my 150, but I can establish a client connection from my 150. As I
understand, the sshd must be active for this to be possible.
So I tried to update openssh, which I found required openssl, which I
do not have installed. I have tried various permutations of
installing openssl and openssh, and every time the installation fails,
each time with a different error. Rather than trying to catalogue all
the permutations and problems I encountered, it might help if someone
could tell me which packages to install, and in what order. I
3.8.1p1.tar.Z
openssl-0.9.7g-1.aix5.1.ppc.rpm
openssl-devel-0.9.6m-1.aix4.3.ppc.rpm
openssl-devel-0.9.6m-2.aix5.1.ppc.rpm
openssl-devel-0.9.7g-1.aix5.1.ppc.rpm
openssl-doc-0.9.6m-1.aix4.3.ppc.rpm
openssl-doc-0.9.6m-2.aix5.1.ppc.rpm
openssh-3.8.1p1_51.tar.Z
openssl-doc-0.9.7g-1.aix5.1.ppc.rpm
openssh-3.8.1p1_52.tar.Z
openssh-4.1p1_52.tar.Z
openssl-0.9.6m-1.aix4.3.ppc.rpm
openssl-0.9.6m-2.aix5.1.ppc.rpm
The current openssh is 4.2p1 and available from www.openssh.org
and the current openssl is .98a
Assuming you have compilers etc., both will compile and install on
AIX 5.2 without issue.
./configure --help will give you the options.
You should include tcp_wrappers in the build and it will simplify your
life add "--with-rand-helper" to the openssh
Post by Richard Kopec
I found some instructions on the web that specified use of 4.3.3
openssl files,
http://publib16.boulder.ibm.com/pseries/en_US/aixbman/security/openssh.htm
but that did not make sense to me. I am only a part-time server
person, so any advice you can provide would help. I would really like
to be able to set up sftp servce to this server.
A complicating factor is that I ahve never been able to successfully
build a freeware package on this machine, usually because some library
was missing somewhere, so I have had to rely on installp and rpm files
to install software.
Loading...