OpenSSH software tools support the SSH1 and SSH2 protocols. The tools provide shell functions where network traffic is encrypted and authenticated. OpenSSH is based on client and server architecture. OpenSSH runs the sshd daemon process on the AIX host and waits for the connection from clients. It supports public-key and private-key pairs for authentication and encryption of channels to ensure secure network connections and host-based authentication. For more information about OpenSSH, see the following Web site:
http://www.openssh.org
The preceding Web site provides the man page information on the OpenSSH commands.
For more information about OpenSSH on AIX, see the following Web site, which has the latest installp format packages for AIX 5L:
http://oss.software.ibm.com/developerworks/projects/opensshi
This section explains how to install and configure OpenSSH on AIX. The OpenSSH software is shipped on the AIX 5.2 Bonus Pack. This version of OpenSSH is compiled and packaged as installp packages using the openssh-3.4p1 level of source code. The OpenSSH program contained in the Bonus Pack CD-ROM media is licensed under the terms and conditions of the IBM International Program License Agreement (IPLA) for Non-Warranted Programs. OpenSSH is also available for AIX 4.3.3 in several RPM format packages, provided by the AIX toolbox for Linux applications.
Before installing the OpenSSH installp format packages, you must install the Open Secure Sockets Layer (OpenSSL) software. The OpenSSL software package contains the encrypted library. OpenSSL is provided in RPM packages in the AIX toolbox for Linux applications. The installation packages include the man pages and the translated message filesets.
# geninstall -d/dev/cd0 R:openssl-0.9.6eOutput similar to the following displays:
SUCCESSES --------- openssl-0.9.6e-1
# geninstall -I"Y" -d/dev/cd0 I:openssh.baseUse the Y flag to accept the OpenSSH license agreement.
Output similar to the following displays:
Installation Summary -------------------- Name Level Part Event Result ------------------------------------------------------------------------------- openssh.base.client 3.4.0.5200 USR APPLY SUCCESS openssh.base.server 3.4.0.5200 USR APPLY SUCCESS openssh.base.client 3.4.0.5200 ROOT APPLY SUCCESS openssh.base.server 3.4.0.5200 ROOT APPLY SUCCESS
You can also use the SMIT install_software fast path to install OpenSSL and OpenSSH.
The following OpenSSH binary files are installed as a result of the preceding procedure:
The following general information covers OpenSSH:
startsrc -s sshd OR startsrc -g ssh (group) stopsrc -s sshd OR stopsrc -g ssh lssrc -s sshd OR lssrc -s ssh
You can also start and stop the daemon by issuing the following commands:
/etc/rc .d/rc2.d/Ksshd start
OR
/etc/rc.d/rc2.d/Ssshd start
/etc/rc.d/rc2.d/Ksshd stop
OR
/etc/rc.d/rc2.d/Ssshd stop
http://www.redbooks.ibm.com
Beginning with AIX 5.2, OpenSSH is compiled with Pluggable Authentication Module (PAM) support. PAM is an alternate way of authenticating users. It provides an adaptable mechanism for authenticating AIX users by allowing a user-written module to be added to the login process. A user can write his own module or use the pam_aix module provided with AIX. The pam_aix module provides interfaces to AIX security services.
The following is an example of the /etc/pam.conf configuration file using the pam_aix PAM module, but other modules may be used if installed on the system. Create the /etc/pam.conf file with the following information in that file:
sshd auth required /usr/lib/security/pam_aix OTHER auth required /usr/lib/security/pam_aix sshd account required /usr/lib/security/pam_aix OTHER account required /usr/lib/security/pam_aix sshd password required /usr/lib/security/pam_aix OTHER password required /usr/lib/security/pam_aix sshd session required /usr/lib/security/pam_aix OTHER session required /usr/lib/security/pam_aix