Skip to main content

By clicking Submit, you agree to the developerWorks terms of use.

The first time you sign into developerWorks, a profile is created for you. Select information in your profile (name, country/region, and company) is displayed to the public and will accompany any content you post. You may update your IBM account at any time.

All information submitted is secure.

  • Close [x]

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerworks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

By clicking Submit, you agree to the developerWorks terms of use.

All information submitted is secure.

  • Close [x]

developerWorks Community:

  • Close [x]

Deploying OpenSSH on AIX

Sandor W. Sklar (ssklar@stanford.edu), Systems Administrator, Freelance Developer
Sandor W. Sklar is a Unix systems administrator at Stanford University, in beautiful Northern California. When not poking through his systems for real or imagined security holes, he enjoys spending time with his wife and two children.

Summary:  This tutorial is designed for administrators of IBM RS/6000 systems who wish to improve the security and integrity of their servers running AIX by replacing standard insecure network services with those provided by the OpenSSH implementation of the Secure Shell protocol.

Date:  01 Jun 2001
Level:  Intermediate PDF:  A4 and Letter (343 KB | 20 pages)Get Adobe® Reader®

Activity:  18946 views
Comments:  

Building OpenSSH

Build configuration options

Now that all of the prerequisites are in place, the OpenSSH source can be compiled. After downloading the latest version the OpenSSH source into /usr/local/src, extract the contents with the following commands:

gunzip -c openssh-3.0.1p1.tar.gz | tar xvf 
-cd openssh-3.0.1p1

There are a number of options that must be defined at compile-time and numerous other options that can have their default values set during compilation. For a list and description of all of the compile-time configuration options, type the ./configure --help command in the source directory. For the purposes of this tutorial, the following options are specified:

./configure --sysconfdir=/etc/ssh --with-cflags="-qmaxmem=-1" --with-tcp-wrappers
 --with-xauth=/usr/bin/X11/xauth --with-prngd-socket=/dev/egd-pool --with-ipv4-default
 --with-pid-dir=/var/tmp

When configuration completes, a summary of the options will be printed to the screen, similar to:

OpenSSH has been configured with the following options:
                 User binaries: /usr/local/bin
               System binaries: /usr/local/sbin
           Configuration files: /etc/ssh
               Askpass program: /usr/local/libexec/ssh-askpass
                  Manual pages: /usr/local/man/manX
                      PID file: /var/tmp
        sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
      Random number collection: PRNGD/EGD (socket /dev/egd-pool)
                Manpage format: man
                   PAM support: no
            KerberosIV support: no
             Smartcard support: no
                   AFS support: no
                 S/KEY support: no
          TCP Wrappers support: yes
          MD5 password support: no
   IP address in $DISPLAY hack: no
      Use IPv4 by default hack: yes
       Translate v4 in v6 hack: no
              Host: powerpc-ibm-aix4.3.3.0
          Compiler: cc
    Compiler flags: -g -qmaxmem=-1
Preprocessor flags: -I/usr/local/ssl/include  -I/usr/local/include
      Linker flags: -L/usr/local/ssl/lib  -L/usr/local/lib 
        -blibpath:/usr/lib:/lib:/usr/local/lib
         Libraries: -lwrap -lz  -lcrypto


Compile and install the components

Issue the make command to compile the source. When the build is complete, as root run jmake install to install the various files in their proper places.

The following files are installed into /usr/local:

/usr/local/man/man1/ssh.1
/usr/local/man/man1/scp.1
/usr/local/man/man1/ssh-add.1
/usr/local/man/man1/ssh-agent.1
/usr/local/man/man1/ssh-keygen.1
/usr/local/man/man1/ssh-keyscan.1
/usr/local/man/man1/sftp.1
/usr/local/man/man8/sshd.8
/usr/local/man/man8/sftp-server.8
/usr/local/bin/ssh
/usr/local/bin/scp
/usr/local/bin/ssh-add
/usr/local/bin/ssh-agent
/usr/local/bin/ssh-keygen
/usr/local/bin/ssh-keyscan
/usr/local/bin/sftp
/usr/local/sbin/sshd
/usr/local/share/Ssh.bin
/usr/local/libexec/sftp-server

The configuration directory /etc/ssh is also created. It contains following files:

/etc/ssh/ssh_config
/etc/ssh/sshd_config
/etc/ssh/ssh_prng_cmds
/etc/ssh/moduli
/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_key.pub
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_dsa_key.pub
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub 

4 of 9 | Previous | Next

Comments



static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=AIX and UNIX
ArticleID=124311
TutorialTitle=Deploying OpenSSH on AIX
publish-date=06012001
author1-email=ssklar@stanford.edu
author1-email-cc=