An Introduction to Security in a CSM 1.3 for AIX 5L Environment

60 An Introduction to Security in a CSM 1.3 for AIX 5L Environment

We used openssl-0.9.6e-2.aix4.3.ppc.rpm from (requires registration):

http://www6.software.ibm.com/dl/aixtbx/aixtbx-i?S_PKG=dlaixww&S_TACT=&S_CMP=

The Bull version of OpenSSH openssh-3.4.0.0.exe does not require OpenSSL,

because the OpenSSL libraries are included in this package.

5.2.2 Preinstallation tasks

Although we recommend the use of OpenSSH Version 3.4 for AIX 5L Version 5.2

shipped on the Bonus Pack for AIX 5L Version 5.2 CD-ROM, you can also use

other packages. In this section, we describe the steps we performed before the

OpenSSH installation.

Prepare the OpenSSL installation file

All OpenSSH versions, except the Bull version, require OpenSSL as prerequisite

software. Download the openssl-0.9.6e-2.aix4.3.ppc.rpm file, or a similar one,

from the Internet, and store it in a temporary directory on your management

server.

We created the /tmp/ssl directory on our management server for this purpose.

To download the openssl-0.9.6e-2.aix4.3.ppc.rpm package, you must first

http://www6.software.ibm.com/dl/aixtbx/aixtbx-i?S_PKG=dlaixww&S_TACT=&S_CMP=

Prepare the OpenSSH installation files

The steps for this task depend on the OpenSSH software chosen. In this section,

we describe the required steps for all the software we tested.

openssh34p1_52 (Bonus Pack)

For OpenSSH Version 3.4 for AIX 5L Version 5.2 shipped on the Bonus Pack for

AIX 5L Version 5.2, no preparation action is required.

openssh34p1_52 (Internet download)

Download the OpenSSH Version 3.4 for AIX 5L Version 5.2 from the Internet:

ftp://www-126.ibm.com/pub/opensshi/3.4p1_52/openssh34p1_52.tar.Z

This is a compressed tar file. Complete the following steps before installation:

1. Create a temporary directory. We created the /tmp/ssh directory.

2. Download the file openssh34p1_52.tar.Z to this directory.

3. Change the current directory to the temporary directory. For example:

cd /tmp/ssh

Chapter 5. Securing remote command execution 61

4. Unpack and uncompress the openssh34p1_52.tar.Z file.

Use the

zcat openssh34p1_52.tar.Z|tar -xvf - command, as shown in

Example 5-3.

Example 5-3 Extracting the openssh34p1_p2.tar.Z file

mgmtserver2[/tmp/ssh]#ls

openssh34p1_52.tar.Z

mgmtserver2[/tmp/ssh]#zcat openssh34p1_52.tar.Z|tar -xvf -

x openssh.base, 1845248 bytes, 3604 media blocks.

x openssh.license, 641024 bytes, 1252 media blocks.

x openssh.man.en_US, 99328 bytes, 194 media blocks.

x openssh.msg.CA_ES, 17408 bytes, 34 media blocks.

x openssh.msg.CS_CZ, 17408 bytes, 34 media blocks.

..... >>>> Omitted Lines <<<<< .....

x openssh.msg.sk_SK, 16384 bytes, 32 media blocks.

x openssh.msg.zh_CN, 12288 bytes, 24 media blocks.

x openssh.msg.zh_TW, 13312 bytes, 26 media blocks.

mgmtserver2[/tmp/ssh]#

openssh34p1_51

For the openssh34p1_51.tar.Z file, the following steps need to be performed

before installation:

1. Create a temporary directory. We created the /tmp/ssh directory.

2. Download the file openssh34p1_51.tar.Z to this directory.

3. Change to the temporary directory:

cd /tmp/ssh

4. Unpack and uncompress the openssh34p1_52.tar.Z file.

Use the

zcat openssh34p1_51.tar.Z|tar -xvf - command, as shown in

Example 5-4 on page 62.

62 An Introduction to Security in a CSM 1.3 for AIX 5L Environment

Example 5-4 Extracting the openssh34p1_p2.tar.Z file

mgmtserver2[/tmp/ssh]#ls

openssh34p1_51.tar.Z

mgmtserver2[/tmp/ssh]#zcat openssh34p1_51.tar.Z |tar -xvf -

x openssh.base, 1865728 bytes, 3644 media blocks.

x openssh.license, 632832 bytes, 1236 media blocks.

x openssh.man.en_US, 99328 bytes, 194 media blocks.

x openssh.msg.CA_ES, 17408 bytes, 34 media blocks.

x openssh.msg.CS_CZ, 17408 bytes, 34 media blocks.

x openssh.msg.DE_DE, 17408 bytes, 34 media blocks.

...........>>>>>>Omitted lines <<<<<<........

x openssh.msg.pl_PL, 16384 bytes, 32 media blocks.

x openssh.msg.pt_BR, 16384 bytes, 32 media blocks.

x openssh.msg.ru_RU, 16384 bytes, 32 media blocks.

x openssh.msg.sk_SK, 16384 bytes, 32 media blocks.

x openssh.msg.zh_CN, 12288 bytes, 24 media blocks.

x openssh.msg.zh_TW, 13312 bytes, 26 media blocks.

mgmtserver2[/tmp/ssh]#

5. Create an empty /.ssh/prng_seed file:

mkdir /.ssh

touch /.ssh/prng_seed

openssh-3.4.0.0.exe (Bull)

For the openssh-3.4.0.0.exe file, the following steps need to be performed before

installation:

1. Create a temporary directory. We created the /tmp/ssh directory.

2. Download the file openssh-3.4.0.0.exe to this directory from:

http://www.bullfreeware.com/download/aix43/openssh-3.4.0.0.exe

3. Change the current directory to the temporary directory:

cd /tmp/ssh

4. Make this file executable:

chmod +x openssh-3.4.0.0.exe

5. Execute this file to extract the package to the temporary directory:

. ./openssh-3.4.0.0.exe

Important: If you plan to use the Network Installation Manager (NIM) for the

OpenSSH installation, do not use this version. The /.ssh/prng_seed file must

be created prior the installation, and it is very complicated to implement it in

NIM.

Get An Introduction to Security in a CSM 1.3 for AIX 5L Environment now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

An Introduction to Security in a CSM 1.3 for AIX 5L Environment by Octavian Lascu, Rashid Ahmed, Stuart Carroll, Teresa Coleman, Maik Haehnel, Petr Klabenes, Dino Quintero, Rogelio Reyes Jr., Mizuho Tanaka, David Duy Truong

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly