Installation Steps Initial: Get the Random Patch PRNG IS Not Seeded of Solaris 8 What is the problem of this problem is that I have to ensure that the package required by OpenSSH is installed 1. Sun's PATCH 112438-01 In fact, this Patch installed sometimes did not use this Patch's purpose because 8 defaults without a random device installation this patch is to solve this problem but from the actual usage, there is nothing to use, it is recommended Do not install. 2. After installing a third party andirand-0.7-5.8-sparc-1.pkg installed this software, you will have 2 random number Random Uraandom installations after / dev / directory, you don't have to restart you at OpenSsh It will be normal for this software download address for 2.6 http://www.cosy.sbg.ac.at/~andi/sunrand/pkg/andirand-0.7-5.6-sparc-1.pkg for 8 http: // www .cosy.sbg.ac.at / ~ andi / sunrand / pkg / andirand-0.7-5.8-sparc-1.pkg first: get the installation package From this you can get the installation package, for the SPARC system openssh-3.5p1- Sol8-sparc-local.gz openssl-0.9.6g-sol8-sparc-local.gz TCP_WrapPERS-7.6-SOL8-SPARC-local.gz (optional, but recommended) Zlib-1.1.4-Sol8-sparc-local .GZ libgcc-3.2-sol8-sparc-local.gz perl-5.6.1-Sol8-sparc-local.gz (optional) PRNGD-0.9.25-Sol8-sparc-local.gz (optional) EGD-0.8 -Sol8-sparc-local.gz (optional) For Intel Systems: OpenSSH-3.5P1-Sol8-Intel-local.gz openssl-0.9.6g-Sol8-Intel-local.gz TCP_WrapPers-7.6-Sol8-Intel-Local .gz (optional, but recommended) ZLIB-1.1.4-Sol8-Intel-local.gz libgcc-3.2-sol8-intel-local.gz perl-5.6.1-sol8-intel-local.gz (optional PRNGD-0.9.25-Sol8-Intel-local.gz (optional) EGD-0.8-Sol8-Intel-local.gz (optional) If you have installed some of these packages, you can skip download, but a lot Package is the latest.
Step 2: After installing the package file, enter the download directory and run the following command (here, as an example of the SPARC system, if the Intel system, change to the intel file): # Gunzip openssh-3.5p1-Sol8-sparc- Local.gz # gunzip openssl-0.9.6g-sol8-sparc-local.gz # gunzip zlib-1.1.4-sol8-sparc-local.gz # Gunzip libgcc-3.2-sol8-sparc-local.gz (if you still No GCC 3.2) # GUNZIP TCP_WRAPPERS-7.6-SOL8-SPARC-LOCAL.GZ (Optional) Other optional packages can also be operated, then run with root privileges as follows # pkgadd -d openssh-3.5p1-sol8-sparc -local # pkgadd -d openssl-0.9.6g-sol8-sparc-local # pkgadd -d zlib-1.1.4-Sol8-sparc-local # pkgadd -d libgcc-3.2-sol8-sparc-local (if you have not Installing GCC 3.2) # pkgadd -d tcp_wrappers-7.6-sol8-sparc-local (optional) Once you have already installed the above package, you will get a lot of subdirectory in the directory / usr / local. The default path for the SSL file is / usr / local / ssl. When these files are compiled into LD_Library_Path not to add directory (/ usr / local / lib, and / usr / local / ssl / lib), it may be required to set them. Now you will find SSH in the directory / usr / local / bin to find SSHD in the directory / usr / local / sbin. Make sure you add directory / usr / local / bin and directory / usr / local / sbin to your PATH environment variable. The Perl script (.PL suffix) in an optional EGD package will look for Perl in the directory / usr / local / bin. If you use Sun Perl, then the Perl script is changed to / usr / bin, however, using the installation package for / usr / local / bin third step: establish the SSHD user and / var / empty directory OpenSSH 3.5p1 A new security approach is called privileged separation. Concrete content You can view the ReadMe.Privsep file in OpenSSH's source file directory. Now this manner is default in OpenSSH. You should read the Readme.Privsep file before proceeding, then execute these steps with root privilege: # mkdir / var / empty # chown root: sys / var / empty # chmod 755 / var / empty # groupAdd sshd # useradd -g Sshd -c 'sshd privsep' -d / var / empty -s / bin / false sshd / var / empty should not contain any files. If you don't do this and try to start SSHD, you will get Error information and daemon Will not run. Step 4: Installing TCP_WrapPers TCP_WrapPers is used to limit some limited group machines to access your communication port, such as a 22-port used by the SSHD program. If you have already run TCP_WrapPers, then you just determine if the SSHD daemon entry is in the /etc/hosts.allow and /etc/hosts.deny file.