Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

Installing OpenSSH

&pagelevel(4)&pagelevel

The different components of the interNet Services software package are installed as a POSIX program package by the POSIX installation program (see the manual “POSIX Basics for Users and System Administrators”).

For the installation and operation of the OpenSSH suite, the PLAM library SINLIB.TCP-IP-SV.nnn.OPENSSH must be shareable.

/START-POSIX-INSTALLATION

Function: Install POSIX program packages (IMON support: Y)
Product name: TCP-IP-SV
Package name: OPENSSH

If you install OpenSSH using the POSIX installation program, you will first be queried about the installation path <installationpath>. It is recommendable to use the default setting /opt/TCP-IP-SV/openssh. If you specify a different path name, the path /opt/TCP-IP-SV/openssh is created as the symbolic link to the path name specified by you when the post-installation script is executed.

The POSIX installation program then checks whether the /opt file system has sufficient memory and reads all files from the PLAM library into the POSIX file system.


Executing the post-installation script

After all files have been read in, a post-installation script is started automatically which handles the computer-specific setup of the OpenSSH components.

In detail, the post-installation script performs the following activities and logs their execution on the console:

  1. The directories /etc/tcpipsv/openssh, /opt/SMAWPlus/etc and /usr/local/etc are searched for SSH host key files of an earlier installation of TCP-IP-SV:openssh. The first host key file (if one exists) of each directory is transferred to the /etc/ssh/ directory.

    The following pairs of host key files (private/public keys) are searched for:

    • ssh_host_rsa_key and ssh_host_rsa_key.pub (RSA)

    • ssh_host_dsa_key and ssh_host_dsa_key.pub (DSA)

    • ssh_host_ecdsa_key and ssh_host_ecdsa_key.pub (ECDSA)

    • ssh_host_ed25519_key and ssh_host_ed25519_key.pub (Ed25519)

  2. The /etc/tcpipsv/openssh directory is searched for the ssh and sshd configuration files (ssh_config, sshd_config) of an earlier installation of TCP-IP-SV:openssh. If no configuration files can be found, the configuration file supplied with the product is copied.

  3. The /var/run directory, if it does not exist, is generated as it is required for the process ID file of the OpenSSH server sshd.

  4. If for installation you specified an installation path other than the default installation path /opt/TCP-IP-SV/openssh, the default installation path will be changed in the startup scripts to the installation you have specified, and /opt/TCP-IP-SV/openssh will be set up as the symbolic link to this installation path.

  5. If not all host key files were found in step 1), these are now generated. The ssh-keygen utility (see the interNet Services User Guide) is called up to four times for this purpose (for RSA, DSA, ECDSA and Ed25519) to generate a non-repeatable, random host key.

  6. If no POSIX group with the group ID 22 exists, this is now generated and entered in the /etc/group file with the group name “sshd”.

  7. If no user ID SYSSSHD exists as yet, the post-installation script now creates this. In addition, an address space limit of 32 MB is defined, and a POSIX user ID 22 and a POSIX group ID 22 assigned. For this purpose the post-installation script issues the following commands:

    /ADD-USER USER-ID=SYSSSHD,ADDR-SP-LIM=32,/
         ACC-ATT=*P(ACC=SYSACC,CPU-LIM=*MAX,POSIX=*YES),/
         MAIL-ADDR='Privilege Separation user id for OpenSSH',/
         LOGON-PASSWORD=${PASSWORD}
/SET-JOB-STEP
/MOD-USER USER-ID=SYSSSHD,ADDR-SP-LIM=32,/
         ACC-ATT=*M(ACC=SYSACC,CPU-LIM=*MAX,POSIX=*YES),/
         LOGON-PASSWORD=${PASSWORD}
/MOD-POS-USER-ATTR USER-ID=SYSSSHD,USER-N=22,GROUP-N=22,/
         DIRECTORY='/var/empty',/
         PROGRAM='/bin/false',/
         COMM='Privilege Separation user id for OpenSSH'

  8. In the startup file /etc/profile of the POSIX shell the PATH specification is extended to the <installationpath>/bin directory (and <installationpath>/sbin for the user with the user ID 0 (SYSROOT or TSOS)). If a C shell (csh or tcsh) is installed, an analogous procedure is followed using the icsh startup file (/etc/.login or /etc/csh.login).

  9. If ADDRESS-SPACE-LIMIT < 32 MB is specified for SYSROOT, a warning is issued on the console.

  10. If no POSIX-RLOGIN-DEFAULT is set for SYSROOT, a corresponding error message is issued on the console.

  11. If no general read permission exists for the installation library (e.g. SINLIB.TCP-IP-SV.nnn.OPENSSH), a corresponding error message is issued on the console.

  12. If no serious errors are detected, depending on the response to the installation query AutoStartOpenSSH the general POSIX start script for OpenSSH is called which starts the sshd daemon under SYROOT. (To call the POSIX start script: /etc/init.d/TCP-IP-SV.openssh start)
    The /etc/init.d/TCP-IP-SV.openssh start script automatically determines the maximum permissible values for JOB-CLASS, ACCOUNT, START and CPU LIMIT for SYSROOT. Using these values the script starts an ENTER job with the job name SSHLOGIN.
    The sshd daemon logs important messages in the /var/adm/syslog file via the syslog mechanism. In addition, problems which occur when the ENTER job is started are recorded in the /var/adm/opensshd_startup.log file.

The sshd daemon does not need to be configured individually and can thus be started automatically.

Powered by Atlassian Confluence and Scroll Viewport.