在AIX4.3.3 ; AIX5.1 和 AIX5.2上安装OpenSSH

一、在IBM AIX4.3.3 上安装OpenSSH:
At 4.3.3., the openSSH is installed using the RPM format packages, not by using installp format which is available at 5.1. and 5.2. In this procedure, you need to follow these three steps:

Installing the prerequisite filesets.
Downloading the rpm packages.
Installing the prerequisite rpm packages.

Installing the prerequiste filesets.

The filesets rpm.rte and perl.rte are required to be installed prior to installing the rpm packages. The rpm.rte fileset can be found at the following:

Linux Toolbox CD or Linux Toolbox Website
http://www.ibm.com/servers/aix/products/aixos/linux/download.html
The filesets can be installed using smitty installp.

Downloading the rpm packages.
The rpm packages can be downloaded from the following website:

http://www.ibm.com/servers/aix/products/aixos/linux/download.html
Once on that page, the prngd (Psuedo Random Number Generator Daemon) daemon and the zlib compression and decompression library can be downloaded. These are the prerequistes for installing the openssl rpm package:

prngd-0.9.23-3.aix4.3.ppc.rpm
zlib-1.1.4-3.aix4.3.ppc.rpm

Next click AIX TOOLbox Cryptographic Content on the sorted content download in the upper right area and then register yourself, if you are not already a registered user. Then click on Accept License button at the bottom of the panel that appears and then you are ready to download the openssl and openssh rpm packages:

openssl-0.9.6k-1.aix4.3.ppc.rpm
openssl-devel-0.9.6k-1.aix4.3.ppc.rpm
openssl-doc-0.9.6k-1.aix4.3.ppc.rpm
openssh-3.6.1p2-1.aix4.3.ppc.rpm
openssh-clients-3.6.1p2-1.aix4.3.ppc.rpm
openssh-server-3.6.1p2-1.aix4.3.ppc.rpm

Installing the prerequisite rpm packages.

Once you have all the rpm files in the current directory, run the following commands to install them.

# rpm -i zlib-1.1.4-3.aix4.3.ppc.rpm
# rpm -i prngd-0.9.23-3.aix4.3.ppc.rpm
# rpm -i openssl-0.9.6k-1.aix4.3.ppc.rpm
# rpm -i openssl-devel-0.9.6k-1.aix4.3.ppc.rpm
# rpm -i openssl-doc-0.9.6k-1.aix4.3.ppc.rpm
# rpm -i openssh-3.6.1p2-1.aix4.3.ppc.rpm
# rpm -i openssh-server-3.6.1p2-1.aix4.3.ppc.rpm
# rpm -i openssh-clients-3.6.1p2-1.aix4.3.ppc.rpm

Sometimes you may get the error: failed dependencies error while trying to install the openssl packages. In that case, run the following command:

# rpm -i --nodeps openssl-0.9.6k-1.aix4.3.ppc.rpm
The following command can be run to update the AIX-rpm:

# /usr/sbin/updtvpkg
The prngd needs to be installed before openssl and openssh, and openssl is the prerequiste for installing the openssh rpm packages. The and openssl-devel-0.9.6k-1.aix4.3.ppc.rpm and openssl-doc-0.9.6k-1.aix4.3.ppc.rpm are not the required packages for installing the openSSH.

To verify that these packages are installed, run the following command:

# rpm -qa | egrep '(openssl|openssh|prng)'
-->

prngd-0.9.23-3
openssl-0.9.6k-1
openssl-devel-0.9.6k-1
openssl-doc-0.9.6k-1
openssh-3.6.1p2-1
openssh-server-3.6.1p2-1
openssh-clients-3.6.1p2-1

These packages are installed under the /opt/freeware directory, and several symbolic links are created in /usr/bin or /usr/sbin, as shown in the following example:

# ls -l /usr/bin/ssh lrwxrwxrwx 1 root system 26 Dec 29 16:13 /usr/bin/ssh -> ../../opt freeware/bin/ssh # ls -l /usr/sbin/sshd lrwxrwxrwx 1 root system 28 Dec 29 16:12 /usr/sbin/sshd -> ../../ opt/freeware/sbin/sshd

二、在IBM AIX5.1 and AIX 5.2上安装OpenSSH:

At 5.1. and 5.2.,, the installation of openssh itself is in installp format, but all the prerequisites (including openssl) can be installed using the same rpm -i commands (using the same 4.3.3. rpm packages).

The installp format package can be downloaded from the following sites:

http://oss.software.ibm.com/developerworks/projects/opensshi or
ftp://www-126.ibm.com/pub/opensshi/3.6.1p2_51/ (for 5.1)
ftp://www-126.ibm.com/pub/opensshi/opensshi-aix52/3.6.1p2_52/ (for 5.2)
After installing the prerequisites using the following commands,

# rpm -i zlib-1.1.4-3.aix4.3.ppc.rpm
# rpm -i prngd-0.9.23-3.aix4.3.ppc.rpm
# rpm -i openssl-devel-0.9.6k-13.ppc.rpm
# rpm -i openssl-devel-0.9.6k-1.aix4.3.ppc.rpm
# rpm -i openssl-doc-0.9.6k-1.aix4.3.ppc.rpm

use smitty installp to install the openssh filesets extracted from the tar file openssh361p2_51.tar ( for 5.1) and openssh361p2_52_patch.tar ( for 5.2). The following filesets are needed to be extracted from the tar file to install openSSH.

openssh.base.client
openssh.base.server
openssh.license
openssh.man.en_US
openssh.msg.en_US

You also need to change the field for Accept new License agreement to yes in the smit panel or else the installation will fail.

# lslpp -l | grep ssh // you can see the fileset are installed.
openssh.base.client 3.6.1.0 COMMITTED Open Secure Shell Commands
openssh.base.server 3.6.1.0 COMMITTED Open Secure Shell Server
openssh.license 3.6.1.0 COMMITTED Open Secure Shell License
openssh.man.en_US 3.6.1.0 COMMITTED Open Secure Shell
openssh.msg.EN_US 3.6.1.0 COMMITTED Open Secure Shell Messages -
openssh.base.client 3.6.1.0 COMMITTED Open Secure Shell Commands
openssh.base.server 3.6.1.0 COMMITTED Open Secure Shell Server

In this case, you notice that the ssh commands are in the /usr/bin directory. For example:

# ls -al /usr/bin/ssh
-r-xr-xr-x 1 root system 309127 Jun 12 2003 /usr/bin/ssh
# ls -al /usr/bin/scp
-r-xr-xr-x 1 root system 38582 Jun 12 2003 /usr/bin/scp

三、在IBM AIX4.3, 5.1 and 5.2上对openssh的初始化配置:

The following entry in /etc/inittab invokes all the scripts starting from S under the etc/rc.d/rc2.d directory upon system startup: l2:2:wait:/etc/rc.d/rc 2

In the /etc/rc.d/rc2.d directory, the following example shows the required symbolic-link to start sshd:

At 4.3.3:

#ls -l /etc/rc.d/rc2.d | grep ssh
lrwxrwxrwx 1 root system 14 Dec 29 16:12 K55sshd -> ../init.d/sshd
lrwxrwxrwx 1 root system 14 Dec 29 16:12 S55sshd -> ../init.d/sshd

At 5.1 and 5.2:

# ls -l /etc/rc.d/rc2.d | grep ssh
-r-xr-xr-x 1 root system 307 Dec 29 16:39 Ksshd
-r-xr-xr-x 1 root system 308 Dec 29 16:39 Ssshd

The prngd daemon is started from the following entry in /etc/inittab:

prng:2:wait:/usr/bin/startsrc -s prngd
In order to specify the SSH2 protocol to be used for OpenSSH, add the following line to the /etc/ssh/sshd_config file:

Protocol 2
To verify the SSH protocol version, you can use the telnet command:

# telnet localhost 22
Trying...
Connected to localhost.austin.ibm.com.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.6.1p2

// the above shows that you are using the ssh2
If you see the following:

# telnet localhost 22
Trying...
telnet: connect: A remote host refused an attempted connect operation.
then the sshd daemon is not running. To terminate, type Ctrl-c and q. To start the daemon, run:

#startsrc -s sshd
whenever the /etc/ssh/sshd_config file is modified, the ssh needs to be stopped and restarted as follows:

# stopsrc -s sshd
# startsrc -s sshd
The prngd daemon could also be stopped and started in the above method.

Once the installation and configuration is complete:

The first time you are going to connect to a server, you should receive a host key fingerprint from the adminstrator of that server. On the first attempt to connect to that remote server using OpenSSH, you will see the fingerprint of the remote server. You should verify if this matches with the one sent to you by the adminstrator. Only then, you can type yes.