Covered Systems: IRIX-6.2, SINIX-5.43, Solaris-2.5.1
prepared by hermann@sbs.de
Version: 0.2 Thu, 15. January 1998 16:12:52
Version: 0.1 Tue Sep 23 13:20:06 MET DST 1997
ssh is built with install Prefix /usr/local
- config files for ssh live in /etc/ssh*
Copy the gzipped tarball (e.g. ssh-1.2.21-1-SINIX-5.43.tar.gz) to a temporary directory (e.g. /tmp).
Unzip the archive (e.g. gunzip ssh-1.2.21-1-SINIX-5.43.tar.gz)
Untar the archive (e.g. cd /; tar xf /tmp/ssh-1.2.21-1-SINIX-5.43.tar) The tarball has no absolute pathnames in it, so you have to change the working directory to / when unpacking the archive.
Everthing except the startup scripts and config files installs in /usr/local. The client components (e.g. ssh, scp, ...) live in /usr/local/bin. The server components live in /usr/local/sbin.
This is ssh client systemwide configuration file. This file provides defaults for users, and the values can be changed in per-user configuration files or on the command line.
This is ssh server systemwide configuration file. You should change the AllowHosts option to an appropriate mask e.g. *.fth.sbs.de. Please add the path to the PID file !!! The rc script to stop ssh in /etc/rc2.d/ will not work otherwise.
Add ssh Port# 22 # ssh 22/tcp to the services file.
Add /usr/local/bin to the PATH var (it should already be in it ;-)). Normally there is no need to add the /usr/local/sbin/ to the user PATH beacause no user will ever want to run that.
Create a startup script for sshd (or use my distribution script. It will be installed anyway ;-)) The startup scripts differ somewhat between the several operating systems. IRIX uses another method of starting daemons and software than SINIX (or Reliant-UNIX) and Solaris does. I tried to build the ssh startup scripts native for every OS.
Before you start ssh for the first time you need to compute a SSHD hostkeyfile. If you have a clean source code distribution then a make install takes care of the SSHD hostkeyfile. I you install my distribution then you have to run the script generate-ssh-keys.sh to generate a host key (or simply run a ssh-keygen. You may want to change the number of bits that the hostkey has.
For a complete discussion of files RTFM the sshd manpage, README's and FAQ's.
To improve security you should have the following defined in sshd_config:
IgnoreRhosts yes
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
UseLogin no
The only way to log on to the destination host is:
a file ~login1/.ssh/authorized_keys must exist
In this file the public identity from the source host and user ~login2/.ssh/identity.pub must be contained. Otherwise a connection is refused.
SSH FAQ can be found at: http://www.uni-karlsruhe.de/~ig25/ssh-faq/
User introduction can be found at: http://www.tac.nyc.ny.us/~kim/ssh/
The central site for distributing ssh is ftp://ftp.cs.hut.fi/pub/ssh/
A mirror of ssh exists in ftp://ftp.sbs.de/pub/security/ssh/