Print-friendly Version

Using Sun Connection to Deploy sshd to the Solaris 8 OS

Doug Schwabauer, January 2007

Since a secure shell daemon (sshd) does not come with the Solaris 8 Operating System (Solaris OS), I created a Sun Connection profile that will automatically deploy and set up sshd for Solaris 8 OS agents.

I developed the scripts based on information found on http://www.sunfreeware.com: Installing OpenSSH Packages for SPARC and Intel/Solaris 8.

Here's how to find the instructions in the console of Sun Connection, formerly known as Sun Connection - Enterprise:

1. Highlight the hosts that you want to include in the search.

2. Click Components -> Search, then search for ssh.

   The ssh clients are highlighted in the Components list.

3. Click Components -> Details.

   The Component Information page is displayed.

4. Click Incident, highlight the component, and click Open with Browser.

Configuration File, Profile, and Scripts

The sshd startup script uses a configuration file. A profile is created with the correct packages and prerequisite patches. The scripts automate the pre- and post-setup.

Caveats:

1. If you don't already have patch 112438-01 or later installed, and you don't have a /dev/random file, then the generate-key.sh script will fail. If the script fails, install the patch, reboot to create the /dev/random file, and then re-run the job. Note: A probe can be written included in the profile that checks for /dev/random, and exits on failure if /dev/random is not found.

2. The host's package policy should be set to not check for conflicts.

   Here are steps to use the console to change a host's Check Conflicts parameter in the package policy file:

   1. Choose Preferences from the Tools menu.

   2. Select the Hosts option.

   3. Select the host name in the list.

   4. Select PKGs from the menu. Scroll to the Check Conflicts parameter and select the nocheck option.

3. At the end of the job, you must run the /etc/init.d/sshd start command manually.

Create a Configuration File for the Startup Script

#!/bin/sh
PATH=$PATH:/usr/local/bin:/usr/local/sbin
export PATH

/usr/local/bin/ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N ""
/usr/local/bin/ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N ""
/usr/local/bin/ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N ""

#!/bin/sh
mkdir /var/empty
chown root:sys /var/empty
chmod 755 /var/empty
groupadd sshd
useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd

Create a Profile With the Required Packages and Patches

<ADUVA_DATA>
<PROFILE>
  <PROFILE_ITEM>
    <ACTION><![CDATA[Required ]]></ACTION>
    <NODE_NAME><![CDATA[patch__112438]]></NODE_NAME>
    <NODE_NAME_TO_SHOW><![CDATA[112438-03]]></NODE_NAME_TO_SHOW>
    <CHANNEL><![CDATA[SOLARIS8]]></CHANNEL>
    <DISTRO><![CDATA[SOLARIS8]]></DISTRO>
    <ARCH><![CDATA[SPARC]]></ARCH>
    <NODE_ID>20001564</NODE_ID>
    <ACTION_ID>0</ACTION_ID>
  </PROFILE_ITEM>
  <PROFILE_ITEM>
    <ACTION><![CDATA[Required ]]></ACTION>
    <NODE_NAME><![CDATA[FILES__/etc/init.d/sshd]]></NODE_NAME>
    <NODE_NAME_TO_SHOW><![CDATA[/etc/init.d/sshd-1]]></NODE_NAME_TO_SHOW>
    <CHANNEL><![CDATA[SOLARIS8]]></CHANNEL>
    <DISTRO><![CDATA[SOLARIS8]]></DISTRO>
    <ARCH><![CDATA[SPARC]]></ARCH>
    <NODE_ID>20900186</NODE_ID>
    <ACTION_ID>0</ACTION_ID>
  </PROFILE_ITEM>
  <PROFILE_ITEM>
    <ACTION><![CDATA[Required ]]></ACTION>
    <NODE_NAME><![CDATA[actions__generate keys - Solaris 8]]></NODE_NAME>
    <NODE_NAME_TO_SHOW><![CDATA[generate keys - Solaris 8]]></NODE_NAME_TO_SHOW>
    <CHANNEL><![CDATA[SOLARIS8]]></CHANNEL>
    <DISTRO><![CDATA[SOLARIS8]]></DISTRO>
    <ARCH><![CDATA[SPARC]]></ARCH>
    <NODE_ID>20900187</NODE_ID>
    <ACTION_ID>0</ACTION_ID>
  </PROFILE_ITEM>
  <PROFILE_ITEM>
    <ACTION><![CDATA[Required ]]></ACTION>
    <NODE_NAME><![CDATA[actions__setup sshd (S8)]]></NODE_NAME>
    <NODE_NAME_TO_SHOW><![CDATA[setup sshd (S8)]]></NODE_NAME_TO_SHOW>
    <CHANNEL><![CDATA[SOLARIS8]]></CHANNEL>
    <DISTRO><![CDATA[SOLARIS8]]></DISTRO>
    <ARCH><![CDATA[SPARC]]></ARCH>
    <NODE_ID>20900189</NODE_ID>
    <ACTION_ID>0</ACTION_ID>
  </PROFILE_ITEM>
  <PROFILE_ITEM>
    <ACTION><![CDATA[Required ]]></ACTION>
    <NODE_NAME><![CDATA[pkg__SMClgcc346]]></NODE_NAME>
    <NODE_NAME_TO_SHOW><![CDATA[SMClgcc346-3.4.6-0]]></NODE_NAME_TO_SHOW>
    <CHANNEL><![CDATA[SOLARIS8]]></CHANNEL>
    <DISTRO><![CDATA[SOLARIS8]]></DISTRO>
    <ARCH><![CDATA[SPARC]]></ARCH>
    <NODE_ID>20011139</NODE_ID>
    <ACTION_ID>0</ACTION_ID>
  </PROFILE_ITEM>
  <PROFILE_ITEM>
    <ACTION><![CDATA[Required ]]></ACTION>
    <NODE_NAME><![CDATA[pkg__SMCossh44p1]]></NODE_NAME>
    <NODE_NAME_TO_SHOW><![CDATA[SMCossh44p1-4.4p1-a-0]]></NODE_NAME_TO_SHOW>
    <CHANNEL><![CDATA[SOLARIS8]]></CHANNEL>
    <DISTRO><![CDATA[SOLARIS8]]></DISTRO>
    <ARCH><![CDATA[SPARC]]></ARCH>
    <NODE_ID>20900193</NODE_ID>
    <ACTION_ID>0</ACTION_ID>
  </PROFILE_ITEM>
  <PROFILE_ITEM>
    <ACTION><![CDATA[Required ]]></ACTION>
    <NODE_NAME><![CDATA[pkg__SMCossl098]]></NODE_NAME>
    <NODE_NAME_TO_SHOW><![CDATA[SMCossl098-0.9.8-0]]></NODE_NAME_TO_SHOW>
    <CHANNEL><![CDATA[SOLARIS8]]></CHANNEL>
    <DISTRO><![CDATA[SOLARIS8]]></DISTRO>
    <ARCH><![CDATA[SPARC]]></ARCH>
    <NODE_ID>20006659</NODE_ID>
    <ACTION_ID>0</ACTION_ID>
  </PROFILE_ITEM>
  <PROFILE_ITEM>
    <ACTION><![CDATA[Required ]]></ACTION>
    <NODE_NAME><![CDATA[pkg__SMCtcpwr]]></NODE_NAME>
    <NODE_NAME_TO_SHOW><![CDATA[SMCtcpwr-7.6-0]]></NODE_NAME_TO_SHOW>
    <CHANNEL><![CDATA[SOLARIS8]]></CHANNEL>
    <DISTRO><![CDATA[SOLARIS8]]></DISTRO>
    <ARCH><![CDATA[SPARC]]></ARCH>
    <NODE_ID>20001821</NODE_ID>
    <ACTION_ID>0</ACTION_ID>
  </PROFILE_ITEM>
  <PROFILE_ITEM>
    <ACTION><![CDATA[Required ]]></ACTION>
    <NODE_NAME><![CDATA[pkg__SMCzlib]]></NODE_NAME>
    <NODE_NAME_TO_SHOW><![CDATA[SMCzlib-1.2.2-0]]></NODE_NAME_TO_SHOW>
    <CHANNEL><![CDATA[SOLARIS8]]></CHANNEL>
    <DISTRO><![CDATA[SOLARIS8]]></DISTRO>
    <ARCH><![CDATA[SPARC]]></ARCH>
    <NODE_ID>20003306</NODE_ID>
    <ACTION_ID>0</ACTION_ID>
  </PROFILE_ITEM>
  <PROFILE_ITEM>
    <ACTION><![CDATA[Required ]]></ACTION>
    <NODE_NAME><![CDATA[actions__Start sshd]]></NODE_NAME>
    <NODE_NAME_TO_SHOW><![CDATA[Start sshd]]></NODE_NAME_TO_SHOW>
    <CHANNEL><![CDATA[SOLARIS8]]></CHANNEL>
    <DISTRO><![CDATA[SOLARIS8]]></DISTRO>
    <ARCH><![CDATA[SPARC]]></ARCH>
    <NODE_ID>20900191</NODE_ID>
    <ACTION_ID>0</ACTION_ID>
  </PROFILE_ITEM>
  <PROFILE_NAME><![CDATA[SSH for Solaris 8]]></PROFILE_NAME>
  <PROFILE_DESCRIPTION><![CDATA[]]></PROFILE_DESCRIPTION>

</PROFILE>
 </ADUVA_DATA>

Script to Start and Stop the sshd

#!/bin/sh
 case "$1" in
 'start')
         if [ -x /usr/local/sbin/sshd ]; then
                 echo "Starting the secure shell daemon"
                 /usr/local/sbin/sshd &
         fi
         ;;

 'stop')
         echo "Stopping the secure shell daemon "
         pkill -TERM sshd
         ;;
 *)
         echo "Usage: /etc/init.d/sshd { start | stop }"
         ;;
 esac
 exit 0
 

Script to Run the sshd Start Command

#!/bin/sh
chmod +x /etc/init.d/sshd
 ln -s /etc/init.d/sshd /etc/rc3.d/S95sshd
 /etc/init.d/sshd start

Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License.