Troubleshooting NIM OpenSSL
A description of troubleshooting an error installing the OpenSSL package.
Problem
The NIM installation fails because it cannot find the libssl.a file. The libssl.a file is part of the OpenSSL package.
Solution
The error is a result of the mismatch between the AIX® version of OpenSSL versus the RedHat Package Manager (RPM) version of OpenSSL. You should remove the AIX fileset and install the RPM version of OpenSSL on the NIM Client system.
Use the following information to resolve the problem.
OpenSSH is based on client and server architecture. OpenSSH runs the sshd daemon process on the AIX host and waits for the connection from clients. OpenSSH supports public-key and private-key pairs for authentication and encryption of access to ensure secure network connections and host-based authentication.
To download the latest installp format packages for the AIX operating system, go to the AIX Web Download Pack Programs website.
The following information explains how to install and configure OpenSSH on a system running the AIX operating system.
The OpenSSH software is shipped on the AIX Expansion Pack. This version of OpenSSH is compiled and packaged as installp packages by using the openssh-6.0p1 level of source code. The installp packages include the man pages and the translated message filesets. The OpenSSH program contained on the Expansion Pack CD-ROM is licensed under the terms and conditions of the IBM International Program License Agreement (IPLA) for Non-Warranted Programs.
Before installing the OpenSSH installp format packages, you must install the Open Secure Sockets Layer (OpenSSL) software that contains the encrypted library. OpenSSL is available in RPM packages on the AIX Toolbox for Linux® Applications CD. You can also download the packages from the AIX Web Download Pack Programs website.
Because the OpenSSL package contains cryptographic content, you must register on the website before you download the packages.
To download the packages, complete the following steps:
- Click the register here link to gain access to the software.
- Complete the Privacy information and click Submit.
- Select the Download using http tab.
- Click Download Now to start the download of the openssl-0.9.8.2400.tar.Z file that is under the heading: OpenSSL Install images v0.9.8.2400 (OpenSSL 0.9.8x) for the AIX operating system.
To install OpenSSL and OpenSSH after you download the OpenSSL package, complete the following steps:
- Install the OpenSSL RPM package by using the geninstall command:
Output similar to the following is displayed:# geninstall -d/dev/cd0 R:openssh-6.0p1SUCCESSES --------- openssh-6.0p1 - Install the OpenSSH installp packages by using
the geninstall command:
Use the Y flag to accept the OpenSSH license agreement after you have reviewed the license agreement.# geninstall -I"Y" -d/dev/cd0 I:openssh.baseThe result is output that is similar to the following:Installation Summary -------------------- Name Level Result Component ------------------------------------------------------------------------------- openssh.base.client 6.0.0.6101 COMMITTED Open Secure Shell commands openssh.base.server 6.0.0.6101 COMMITTED Open Secure Shell Server openssh.license 6.0.0.6101 COMMITTED Open Secure Shell License openssh.man.en_US 6.0.0.6101 COMMITTED Open Secure Shell openssh_msg.en_us 6.0.0.6101 COMMITTED Open Secure Shell Messages openssh.base.client 6.0.0.6101 COMMITTED Open Secure Shell Commands openssh.base.server 6.0.0.6101 COMMITTED Open Secure Shell Server
Alternatively, you can use the SMIT install_software fast path to install OpenSSL and OpenSSH.
The following OpenSSH binary files are installed as a result of the preceding procedure:
- scp
- A file copy program that is similar to the remote copy (rcp) file.
- sftp
- A program similar to FTP that works over SSH1 and SSH2 protocol
- sftp-server
- The SFTP server subsystem, which is started automatically by the sshd daemon
- ssh
- This is similar to the rlogin and rsh client programs
- ssh-add
- A tool that adds keys to thessh-agent command
- ssh-agent
- An agent that can store private keys
- ssh-keygen
- A key generation tool
- ssh-keyscan
- A utility for gathering public host keys from a number of hosts
- ssh-keysign
- A utility for host-based authentication
- ssh-rand-helper
- A program used by OpenSSH to gather random numbersNote: It is used only on AIX 5.1 installations.
- sshd
- A daemon that permits you to log in
- The /etc/ssh directory contains the sshd daemon and the configuration files for the ssh client command.
- The /usr/openssh directory contains the readme file and the original OpenSSH open source license information. This directory also contains the ssh protocol and the Kerberos license information.
- The sshd daemon is under AIX SRC
control. You can start, stop, and view the status of the daemon by
issuing the following commands:
Command Alternative startsrc -s sshdstartsrc -g ssh (group)stopsrc -s sshdstopsrc -g sshlssrc -s sshdlssrc -s sshYou can also start and stop the daemon by issuing one of the following commands:/etc/rc.d/rc2.d/Ksshd start/etc/rc.d/rc2.d/Ssshd start/etc/rc.d/rc2.d/Ksshd stop/etc/rc.d/rc2.d/Ssshd stop
- When the OpenSSH server fileset is installed, an entry is added
to the /etc/rc.d/rc2.d directory. An entry is
in the
inittabfile to start run-level 2 processes (l2:2:wait:/etc/rc.d/rc 2) so that the sshd daemon will start automatically at boot time. To prevent the daemon from starting at boot time, remove the /etc/rc.d/rc2.d/Ksshd and /etc/rc.d/rc2.d/Ssshd files. - OpenSSH software logs information to the
SYSLOGlog. - The IBM® Redbooks® publication, Managing AIX Server Farms, provides information about configuring OpenSSH in the AIX environment and is available in the IBM Redbooks.
- OpenSSH supports long user names of 256 bytes, the same as the AIX operating system.
- Some keywords, such as AllowUsers, DenyUsers, AllowGroups, and DenyGroups, are not available by default in the ssh_config file or the sshd_config file. You must add these keywords to the configuration files to use them.