To exit out of a hung ssh session, type ~. (just those 2 characters) at the beginning of a line, so you may have to press 3 keys, ~. ========================================================================= Like cp, scp copies links not as links (as I remember it did - Am my memory that bad?), but scp follows links and copies the data there. And unlike cp, scp has no -h option (poop!). Here's a cool way to do it though using tar. tar cf - /db2fs | ssh root@dncdb3 tar xf - Warning! This presumes the directory structure is the same, in this example, /db2fs exists on whatever machine you're logged into, and on dncdb3. ========================================================================= Notes on what to do in order to get the sshd daemon running. From /afs/d/software/base/ssh-3.1.0/apps/ssh/Makefile, line 1030 if ! -d /etc/ssh2 ; then mkdir -p /etc/ssh2 if ! -d /etc/ssh2/known_hosts ; then mkdir -p /etc/ssh2/known_hosts if ! -d /etc/ssh2/hostkeys ; then mkdir -p /etc/ssh2/hostkeys if ! -f /etc/ssh2/hostkey then umask 022; ./ssh-keygen2 -P -b 1024 -t dsa -c "1024-bit dsa hostkey" /etc/ssh2/hostkey and later on line 1100, if ! -f /etc/ssh2/sshd2_config ; then cp -p ./sshd2_config /etc/ssh2 if ! -f /etc/ssh2/ssh2_config ; then cp -p ./ssh2_config /etc/ssh2 if ! -f /etc/ssh2/ssh_dummy_shell.out ; then cp -p ./ssh_dummy_shell.out /etc/ssh2 ========================================================================= A small note from my 135.Build.Steps file ... - While I'm at it, installing all these X11 things, I might as well "fix" the fact that ssh doesn't tunnel X things out, 'cause it can't find the xauth program, which is in the X11.apps.config fileset. ========================================================================= Notes on installing ssh on Monday, December 17, 2001. Over the weekend, due to a security exposure with ssh version 1, Southbury upgraded the SSH on their site to ssh version 2, necessitating Delphion to upgrade all their ssh clients to version 2. For our Windows, SecureCRT clients, this meant upgrading to version 3.3, available on kangaroo. For the AIX clients, I went to http://www.openssh.com to pick up the latest free version, which was openssh-3.0.2p1.tar.gz. This also requires two additional packages, Zlib, available at http://www.gzip.org/zlib and openssl, available at http://www.openssl.org. After downloading all 3 of these tar.gz files, here is how I installed it all. cd ls -l *gz -rw-r--r-- 1 jasper staff 168463 Dec 17 13:26 zlib.tar.gz -rw-r--r-- 1 jasper staff 2132220 Dec 17 13:31 openssl-0.9.6b.tar.gz -rw-r--r-- 1 jasper staff 781092 Dec 17 10:16 openssh-3.0.2p1.tar.gz gzip -d < zlib.tar.gz | tar xf - => zlib-1.1.3 gzip -d < openssl-0.9.6b.tar.gz | tar xf - => openssl-0.9.6b gzip -d < openssh-3.0.2p1.tar.gz | tar xf - => openssh-3.0.2p1 To build and install zlib, cd ~/zlib-1.1.3 ./configure make Ignored all the 1500-030: (I) INFORMATION: test_gzio: Additional optimization may be attained by recompiling and specifying MAXMEM option with a value greater than 2048. error messages I got. su make install This installed /usr/local/include/zlib.h /usr/local/include/zconf.h /usr/local/lib/libz.a exit To build and install openssl, cd ~/openssl-0.9.6b ./configure make This compiles lots and lots of modules, with a lot getting that same informational message, which I ignored. su make install This stopped on /usr/local/bin/perl: not found make: 1254-004 The error code from the last command is 1. Stop. Ooops. Time to RTFM. ... Guessed to simply modify Makefile.ssl (which is what Makefile was linked to), changing the PERL= /usr/local/bin/perl line to just PERL= /usr/bin/perl. I don't know if this was right or not, but, it did do the make correctly. su make install This installed lots of stuff (275 files in 13 directories) in /usr/local/ssl. Now finally, to build ssh, cd ~/openssh-3.0.2p1 ./configure make su make install This installed stuff in /usr/local in different places, most notably, /usr/local/bin/ssh and /usr/local/bin/scp. ========================================================================= To forward or tunnel ports with ssh, use the -L option, e.g. ssh -l root -L 8001:10.224.88.35:80 spectre which will forward your local port 8001 (any number that's unused) to 10.224.88.35 (w3.delphion.com) port 80. After connecting, from a local web browser, you can go to http://localhost:8001 and see w3's home page. You can even get fancy and forward multiple ports, e.g. ssh -l root -L 8001:10.224.88.35:80 -L 8002:10.224.88.240:80 -L 8003:10.224.88.249:80 spectre which will forward 1) local port 8001 to w3, port 80 (as before) 2) local port 8002 to kangaroo, port 80 3) local port 8003 to digital, port 80 ========================================================================= Notes on installing ssh: 5-11-98: Picked up the latest ssh from http://www.cs.hut.fi/ssh, which was 1.2.22 (I had 1.2.21 previously). To install, one basically does gzip -d Asks for name of keyfile (/.ssh/identity) and for passphrase. Keep this null. -> Creates - key file (/.ssh/identity ) - public key (/.ssh/identity.pub) -> Send this public key to cduesman@us.ibm.com On the other nodes, copy /.ssh/config and /.ssh/identity ----------------------------------- ssh-agent -> Starts agent ssh-add -> Uses agent ----------------------------------- To use, scp -p netminingftp.dfw.ibm.com: For the Free Gold and Download web servers, send cgi-error http-errors http-log agent-log referrer-log Renaming it ...Dec291999.nn.Z ========================================================================= May 9, 2005 Notes from when I upgraded to our AIX 4.3 ssh code to OpenSSH version 4. This is to more match what Limerick has, which is OpenSSH_3.9p1. Note that AIX 5.2 comes with an adequate version of ssh (OpenSSH_3.7.1p2). tangent: The FAQ at http://www.openssh.com/faq.html has how to download, tangent: but first, a tangent ... tangent: The FAQ has "A list of vendors that include OpenSSH in their tangent: distributions" (at http://www.openssh.com/users.html) that tangent: says IBM ships ssh by default in AIX. Hmmmm. tangent: The IBM page it links to mentions OpenSSH being on the tangent: "AIX Bonus Pack" and points off to tangent: http://sourceforge.net/projects/openssh-aix, but as of tangent: 5-9-2005, the latest it had was OpenSSH 3.8.1, two versions tangent: down-level (3.9.1 & 4 are now out) and Limerick has tangent: OpenSSH_3.9p1 installed. tangent: Back to downloading the latest OpenSSH. I initially followed the tangent: "Portable" link from the FAQ (http://www.openssh.com/portable.html), tangent: which had me getting stuff from their CVS server, ala tangent: export CVSROOT=openssh@anoncvs4.usa.openbsd.org:/cvs tangent: export CVS_RSH=/local/bin/ssh tangent: cvs get openssh tangent: but that got me a SSH v4.0 with no configure command in it. I want/need the "p" release, openssh-4.0p1, available from their "Master" FTP site (version 4.0 wasn't in the Redwood City FTP mirror site yet), ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-4.0p1.tar.gz cd /afs/d/software/base gzip -d < openssh-4.0p1.tar.gz | tar xvf - creating the openssh-4.0p1 directory. cd /afs/d/software/base/openssh-4.0p1 view INSTALL says "You will need working installations of Zlib and OpenSSL. Zlib 1.1.4 or 1.2.1.2 or greater (ealier 1.2.x versions have problems): http://www.gzip.org/zlib/ OpenSSL 0.9.6 or greater: http://www.openssl.org/ Got zlib 1.2.2 at http://www.zlib.net/zlib-1.2.2.tar.gz and OpenSSL 0.9.7g at http://www.openssl.org/source/openssl-0.9.7gtar.gz Saved both in /afs/d/software/base cd /afs/d/software/base gzip -d < zlib-1.2.2.tar.gz | tar xf - put things in the /afs/d/software/base/zlib-1.2.2 directory, and gzip -d < openssl-0.9.7g.tar.gz | tar xf - put things in the /afs/d/software/base/openssl-0.9.7g directory I guess I had both zlib & openssl installed in their default location, /usr/local, despite having ssh installed in /local/bin. Hmmm. Seems like if I'm gonna install ssh in /local/bin, zlib & openssh should go there as well. OTOH, if I put zlib & openssl in /usr/local, then ssh can go there, too. I'm going to make my life easiest and install all in /usr/local. To build zlib, as jasper on jasper (an AIX 4.3 system), cd /afs/d/software/base/zlib-1.2.2 ./configure make su - cd /afs/d/software/base/zlib-1.2.2 make install This installed /usr/local/include/zlib.h /usr/local/include/zconf.h /usr/local/lib/libz.a /usr/local/share/man/man3/zlib.3 exit tangent: ********************************************************************************** tangent: * * tangent: * But an important one (maybe). I thought I could erase * tangent: * /local/lib/zlib-1.1.3/libz.a from AFS, but that version of libz.a is * tangent: * different than what the above process builds. If you do a * tangent: * dump -Tv /local/lib/zlib-1.1.3/libz.a * tangent: * command, it shows one module in this .a library, namely * tangent: * /local/lib/zlib-1.1.3/libz.a[shr.o], that has a bunch of entry points, * tangent: * one for each module. * tangent: * * tangent: * OTOH, what I created above was a libz.so, not a libz.a (I don't know what * tangent: * the difference is), but a * tangent: * dump -Tv /afs/d/software/base/zlib-1.2.2/libz.so.1.2.2 * tangent: * command shows the same kind of thing. * tangent: * * tangent: * I asked Carol about this libz.a versus libz.so difference and she didn't * tangent: * off the top of her head, but she found a section on it in the * tangent: * AIX Version 4.1 * tangent: * General Programming Concepts: * tangent: * Writing and Debugging Programs * tangent: * book in Chapter 19, Shared Libraries and Shared Memory, on pages 19-1,2,3. * tangent: * Carol was happy with those pages, but I didn't follow them. * tangent: * * tangent: * I had erased the /local/lib/zlib-1.1.3 directory 'cause I didn't think * tangent: * anything used it. Wrong! /local/bin/cvs stopped working. I tried getting * tangent: * CVS to work with the new libz.so thingie, but it didn't like it. * tangent: * I tried building a libz.a from this directory, but couldn't figure out how * tangent: * to do so. I scrambled to restore the /local/lib/zlib-1.1.3 directory, * tangent: * but not before I did some googling on the subject, coming up with these * tangent: * pages. I didn't investigate more, so I can't vouch ot how relevant any of * tangent: * this is. * tangent: * * tangent: * Start at this URL & follow the thread for hints, including * tangent: * http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=108094403200022&w=2 * tangent: * * tangent: * > ... I get: * tangent: * > Symbol resolution failed for ssh because: Symbol __strtollmax (number 157) * tangent: * > is not exported from dependent module /usr/lib/libc.a(shr.o). * tangent: * > Examine .loader section symbols with the 'dump -Tv' command. * tangent: * * tangent: * This normally is a result of attempting to run a binary compiled on a * tangent: * later version of AIX than the target system (this includes Maintenance * tangent: * Levels). This is not guaranteed to work, you should build on the * tangent: * *oldest* system you plan to support. * tangent: *------------ * tangent: * Try blibpath="/usr/lib:/lib:/opt/freeware/lib" ./configure * tangent: * --with-ssl-dir=/opt/freeware * tangent: * * tangent: ********************************************************************************** For openssl, cd /afs/d/software/base/openssl-0.9.7g ./config # Note it's not configure as before ... This picked up the perl in /usr/bin/perl, which is better than last time. make This compiled lots of modules which took 15 minutes or so su - cd /afs/d/software/base/openssl-0.9.7g make install This installed lots of stuff in /usr/local/ssl. exit And finally, for OpenSSH, cd /afs/d/software/base/openssh-4.0p1 tangent: ./configure tangent: After 12 minutes, got an error complaining that it couldn't find zlib.h, tangent: configure: error: *** zlib.h missing - please install first or check config.log tangent: which we just installed in /usr/local/include. Evidently, /usr/local/include tangent: is not in our LIBPATH, nor does the configure script add it. Poop. Tried tangent: export LIBPATH=$LIBPATH:/usr/local/include tangent: This is wrong in principle, Rick. LIBPATH is for run-time including of tangent: already-compiled executables. We want to include a pre-compile .h file. tangent: ./configure tangent: This wasn't right. I next tried tangent: ./configure --includedir=/usr/local/include tangent: but that was no better. Don't know why. How 'bout tangent: ./configure --oldincludedir=/usr/local/include tangent: Nope. How about this way? CPPFLAGS=-I/usr/local/include ./configure After 16 minutes, this seemed to work. At least it found /usr/local/include/zlib.h make su - cd /afs/d/software/base/openssh-4.0p1 make install exit To get the other versions I need, ie * AIX 4.3.3 /usr/local/bin (for my testing and for Patolis) * AIX 4.3.3 /local/bin (for AIX 4.3 San Jose machines) * AIX 5.2 /local/bin (for AIX 5.2 San Jose machines) Still on jasper, which on 5-12-2005, was still AIX 4.3.3, cd /afs/d/software/base mv openssh-4.0p1 openssh-4.0p1.usr.local.AIX.4.3 gzip -d < openssh-4.0p1.tar.gz | tar xf - creating the openssh-4.0p1 directory. mv openssh-4.0p1 openssh-4.0p1.AFS.local.AIX.4.3 cd openssh-4.0p1.AFS.local.AIX.4.3 CPPFLAGS=-I/usr/local/include ./configure --prefix=/local make make install **************************************************************** ** This broke ssh/scp 'cause it could not find libz.a. ** ** It worked on my jasper machine 'cause I had long ago ** ** installed glib-1.2.10.2 using IBM's rpm for AIX 4.3. ** ** This put links in my /usr/include pointing, among other ** ** things, libz.a to /usr/opt/freeware/lib/libz.a ** ** ** ** I rpm -e glib-1.2.10-2 & gtk+-1.2.10-3 and will rebuild. ** **************************************************************** and again, this time as jasper on ghost, an AIX 5.2 system, which doesn't have the IBM C compiler on it, so will be using gcc, installed from IBM's "AIX Toolbox for Linux Applications for POWER Systems Featuring GNU Software" CD (see my aixnotes/aix5.2 file). So, starting over from the zip files, zlib: cd /afs/d/software/base gzip -d < zlib-1.2.2.tar.gz | tar xf - mv zlib-1.2.2 zlib-1.2.2.AFS.local.AIX.5.2 cd zlib-1.2.2.AFS.local.AIX.5.2 ./configure --prefix=/local make make install exit openssl: cd /afs/d/software/base gzip -d < openssl-0.9.7g.tar.gz | tar xf - mv openssl-0.9.7g openssl-0.9.7g.AFS.local.AIX.5.2 cd openssl-0.9.7g.AFS.local.AIX.5.2 ./config --prefix=/local make make install openssh: cd /afs/d/software/base gzip -d < openssh-4.0p1.tar.gz | tar xf - mv openssh-4.0p1 openssh-4.0p1.AFS.local.AIX.5.2 cd openssh-4.0p1.AFS.local.AIX.5.2 CPPFLAGS=-I/local/include ./configure --prefix=/local make tangent: make install tangent: Since I wasn't root, I got an error trying to set up the privsep stuff, tangent: mkdir /var/empty tangent: mkdir: 0653-357 Cannot access directory /var. tangent: /var: The file access permissions do not allow the specified action. tangent: make: 1254-004 The error code from the last command is 2. su - make install This got "Privilege separation user sshd does not exist" but that's ok. Turns out this version of ssh doesn't support Japan's version of ssh (SSH Secure Shell 3.2.9.1). A simple "ssh ips01i" command, gets key_verify failed for server_host_key - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - A note from the README.privsep file, says "You should do something like the following to prepare the privsep preauth environment:" mkdir /var/empty chown root:sys /var/empty chmod 755 /var/empty groupadd sshd useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd Maybe this should go into my /local/bin/setup_ssh script? =========================================================================