Re: Installing binaries and configuration changes.
On Tue, Aug 07, 2001 at 09:09:26PM +0100, Carla Saldanha wrote: ./configure make make install What should I do in order just to ftp the binaries and change the configuration for each system? The easiest way by far would be to NFS mount the source tree onto the target system and run make install on each system. That's what I did on HP-UX 10.20. Keep in mind that (at least in OpenSSH 2.5.2p2) the make install process will attempt to write to files in the source tree. Because of this silliness, you'll have to make sure the source tree is mounted with read/write permissions, and also with root access allowed. (I.e., in /etc/exports, you'll need something like /my/path -root=some.host.)
Re: Installing binaries and configuration changes.
Hi Carla, copy all of your ssh* from /etc/local/bin, etc/local/sbin and /etc/local/etc from your workstation to another. In my opinion, you don't have to change the sshd_config file (execpt if it contains explicitely the IP address of your host). When you've done this, on the target, you'll have to erase the private keys that were copied previously. I remember some names : ssh_host_rsa_key, ssh_host_dsa_key and ssh_host_key These are the private keys of your original workstation. Now, you have to renew this keys for the new workstation : /usr/local/bin/ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N /usr/local/bin/ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N /usr/local/bin/ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N And then you can start your sshd daemon. /usr/local/sbin/sshd I've done this on my firewalls here (Solaris 2.6 intel + sparc) and it works fine ! just a look at the files, I've found thoses in /usr/local/ ./bin/ssh ./bin/ssh-add ./bin/ssh-agent ./bin/ssh-keygen ./bin/ssh-keyscan ./bin/sshinst ./man/man1/ssh.1 ./man/man1/ssh-add.1 ./man/man1/ssh-agent.1 ./man/man1/ssh-keygen.1 ./man/man1/ssh-keyscan.1 ./man/man8/sshd.8 ./sbin/sshd ./etc/sshd.pid ./etc/ssh_config ./etc/sshd_config ./etc/ssh_prng_cmds ./etc/ssh_host_key ./etc/ssh_host_key.pub ./etc/ssh_host_dsa_key ./etc/ssh_host_dsa_key.pub ./etc/ssh_host_rsa_key ./etc/ssh_host_rsa_key.pub ./etc/ssh_known_hosts The difference with my installation is that I use OpenSSH. Hope it will help you. Have nice hollidays :-) David Carla Saldanha wrote: Hi, I am completely new to SSH. I did the download of ssh-1.2.17 to a Solaris 2.6 system. I compiled it with no problem just by running: ./configure make make install It is working fine. My problem is, I need to install it in 5 more servers (with the same OS)... (This are internal systems, so I am running it as root everywhere.) What should I do in order just to ftp the binaries and change the configuration for each system? I try to find some help, on FAQs and manuals, but it was not very helpful. Thanks. ___ Carla Saldanha e-mail: [EMAIL PROTECTED] NetConnect Limited Phone:+44 (0) 1223 501333 Fax:+44 (0) 1223 501444 http://www.netconnect.co.uk/ _ This message has been checked for all known viruses by the MessageLabs Virus Scanning Service. For further information visit http://www.messagelabs.com/stats.asp -- David LEFEVRE CARDIF - Architecture et Sécurité Opérationnelle [EMAIL PROTECTED] - Tél : 01 41 42 76 63 [EMAIL PROTECTED] - Tel : 01 41 42 24 22
RE: Installing binaries and configuration changes.
What should I do in order just to ftp the binaries and change the configuration for each system? Carla; I can suggest that you look at two things (after struggling with this problem myself): the July Sun Blueprint for making a Package out of OpenSSH, or the list of binaries to copy over in CERT's OpenSSH installation instructions: http://www.sun.com/blueprints/0701/openSSH.html or http://www.cert.org/security-improvement/implementations/i062_01.html I have to admit that the Package that Sun's script created dropped four of my files in the wrong directory, but the nearest I can guess after using it to move the software from one server to twelve more is that it takes me about sven minutes to copy the Package, pkgadd it, move the files, and generate Keys before I'm up and running. CERT's information is more detailed and may help you if things go wrong. One thing to be sure that you do is to make all the changes you want in the /etc/ssh_config and /etc/sshd_config files before you send them off to the other 5 servers in order to avoid having to customize the set-up five times. And of course, the Keys have to be unique on every system. Good luck! -wde P.S. Why did you use the older version of ssh and not OpenSSH 2.9p2? -- Will Enestvedt UNIX System Administrator Johnson Wales University [EMAIL PROTECTED](401) 598-1584
RE: Installing binaries and configuration changes.
Make a swinstall pacakge (Man swpackage). We had to role this out to 30 servers. NFS isn't an option (insecure), so we made swinstall packages. This also works for archiving purposes, allowing you to place a package into a directory that can be used at a later date. __ Raymond T Sundland Internet Security Analyst Internet Infrastructure Security Group E-commerce Strategy Delivery Phone: 201.703.7256 Email: [EMAIL PROTECTED] __ Merck-Medco Managed Care L.L.C. http://www.merckmedco.com/ | -Original Message- | From: Greg Wooledge [mailto:[EMAIL PROTECTED]] | Sent: Wednesday, August 08, 2001 8:01 AM | To: Carla Saldanha | Cc: [EMAIL PROTECTED] | Subject: Re: Installing binaries and configuration changes. | | | On Tue, Aug 07, 2001 at 09:09:26PM +0100, Carla Saldanha wrote: | |./configure |make |make install | | What should I do in order just to ftp the binaries and | change the | configuration for each system? | | The easiest way by far would be to NFS mount the source tree onto | the target system and run make install on each system. That's what | I did on HP-UX 10.20. | | Keep in mind that (at least in OpenSSH 2.5.2p2) the make | install process | will attempt to write to files in the source tree. Because of this | silliness, you'll have to make sure the source tree is mounted with | read/write permissions, and also with root access allowed. (I.e., | in /etc/exports, you'll need something like /my/path | -root=some.host.) |
RE: Installing binaries and configuration changes.
Oh, sorry, I thought Carla said hp-ux ;) In this case, use the Solaris packaging scheme. Run 'man pkgmk' to start your document search or... use the links William cited below. | -Original Message- | From: William Enestvedt [mailto:[EMAIL PROTECTED]] | Sent: Wednesday, August 08, 2001 8:21 AM | To: '[EMAIL PROTECTED]' | Cc: [EMAIL PROTECTED] | Subject: RE: Installing binaries and configuration changes. | | | | What should I do in order just to ftp the binaries and | change the configuration for each system? | | Carla; |I can suggest that you look at two things (after | struggling with this | problem myself): the July Sun Blueprint for making a Package | out of OpenSSH, | or the list of binaries to copy over in CERT's OpenSSH installation | instructions: |http://www.sun.com/blueprints/0701/openSSH.html |or | | http://www.cert.org/security-improvement/implementations/i062_01.html |I have to admit that the Package that Sun's script created | dropped four | of my files in the wrong directory, but the nearest I can | guess after using | it to move the software from one server to twelve more is | that it takes me | about sven minutes to copy the Package, pkgadd it, move the files, and | generate Keys before I'm up and running. |CERT's information is more detailed and may help you if | things go wrong. |One thing to be sure that you do is to make all the | changes you want in | the /etc/ssh_config and /etc/sshd_config files before you | send them off to | the other 5 servers in order to avoid having to customize the | set-up five | times. And of course, the Keys have to be unique on every system. |Good luck! | -wde | P.S. Why did you use the older version of ssh and not OpenSSH 2.9p2? | -- | Will Enestvedt | UNIX System Administrator | Johnson Wales University | [EMAIL PROTECTED](401) 598-1584 |
RE: Installing binaries and configuration changes.
This also works for archiving purposes, allowing you to place a package into a directory that can be used at a later date. And one of the chief appeals is for use on Jumpstart servers. -wde -- Will Enestvedt UNIX System Administrator Johnson Wales University Providence, Rhode Island
RE: Installing binaries and configuration changes.
Hi there, Thank you for you help. In answer to your question, my mission was to make the Solaris PME (Performance Monitoring Extensions) to MRTG (Multi Router Traffic Grapher ) work in two days and in its INSTALL file, they said they have tested it with this version. That is all I needed. I have reached my targets... Thanks to all of you!... ;-) ___ Carla Saldanha e-mail: [EMAIL PROTECTED] NetConnect Limited Phone:+44 (0) 1223 501333 Fax:+44 (0) 1223 501444 http://www.netconnect.co.uk/ -Original Message- From: Sixt, Florin [mailto:[EMAIL PROTECTED]] Sent: 08 August 2001 18:14 To: '[EMAIL PROTECTED]' Subject: RE: Installing binaries and configuration changes. Hi Carla, I am not a guru in ssh but I can tell what I do in this situation (I am a SA for a SUN Solaris 2.5.1 and 2.8 shop): 1. After all is done in one server (assuming that you did the installation from /usr/local/src/ssh_1.2 directory in host_1): . make the /usr/local/src/ssh_1.2 directory share-able with all your servers. . go to the next server and mount /usr/local/src/ssh_1.2 from host_1 as /mnt (or whatever). . go to the mounted /mnt directory . run make install . that is it! . don't forget to umount /mnt . go to the next server 2. Just out of curiosity, why you go with ssh-1.2.17 instead with ssh-2.x ? Good luck, Florin -Original Message- From: Carla Saldanha [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 07, 2001 1:09 PM To: [EMAIL PROTECTED] Subject: Installing binaries and configuration changes. Hi, I am completely new to SSH. I did the download of ssh-1.2.17 to a Solaris 2.6 system. I compiled it with no problem just by running: ./configure make make install It is working fine. My problem is, I need to install it in 5 more servers (with the same OS)... (This are internal systems, so I am running it as root everywhere.) What should I do in order just to ftp the binaries and change the configuration for each system? I try to find some help, on FAQs and manuals, but it was not very helpful. Thanks. ___ Carla Saldanha e-mail: [EMAIL PROTECTED] NetConnect Limited Phone:+44 (0) 1223 501333 Fax:+44 (0) 1223 501444 http://www.netconnect.co.uk/ _ This message has been checked for all known viruses by the MessageLabs Virus Scanning Service. For further information visit http://www.messagelabs.com/stats.asp _ This message has been checked for all known viruses by the MessageLabs Virus Scanning Service. For further information visit http://www.messagelabs.com/stats.asp _ This message has been checked for all known viruses by the MessageLabs Virus Scanning Service. For further information visit http://www.messagelabs.com/stats.asp
