OpenSSH ¼³Ä¡¹æ¹ý
ÀÛ¼ºÀÚ °ü¸®ÀÚ ÀÛ¼º½Ã°£ 2003-08-14 09:45:01
 

OpenSSH installation in Solaris 2.x
ÀÛ¼º : ±è°æȯ redjade@snags.snu.ac.kr
³¯Â¥ : 2000³â 9¿ù 29ÀÏ
³»¿ë : OpenSSH¸¦ Solaris 2.x ¿¡¼­ ¼³Ä¡ÇÏ´Â ¹æ¹ýÀ» ¾Ë¾Æº¾´Ï´Ù.

----------------------------------------------------------------------
----------


Â÷·Ê
¼Ò°³
ÆÄÀÏ ¹Þ±â
¼³Ä¡Çϱâ
Âü°í ¹®Çå
1. ¼Ò°³ 
www.openssh.com ¿¡¼­ ¹ßÃéÇÑ °ÍÀÔ´Ï´Ù.


OpenSSH is a FREE version of the SSH suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunnelling capabilities.
OpenSSH ´Â SSH protocolÀ» ±¸ÇöÇÏ´Â ÇÁ·Î±×·¥À¸·Î, internet »óÀÇ data¸¦ ¾Ïȣȭ½ÃÄѼ­ Àü¼ÛÇÕ´Ï´Ù. ¶ÇÇÑ, open sourceÀÇ ÇüÅ·Π¹èÆ÷µÇ°í ÀÖÀ¸¹Ç·Î, »ç¿ëÀÌ ÀÚÀ¯·Ó½À´Ï´Ù. ÀÌÀü ¹öÁ¯¿¡¼­´Â SSH1 ¸¸À» Áö¿øÇÏ¿´À¸³ª, 2.2.0p1 À¸·Î ¾÷±×·¹ÀÌµå µÇ¸é¼­ SSH1,SSH2 ¸¦ ¸ðµÎ Áö¿øÇØÁÖ°Ô µÇ¾ú½À´Ï´Ù. ssh , scp µîÀÇ »ç¿ë ¹æ¹ýÀº ±âÁ¸ÀÇ Secure Shell °ú °°½À´Ï´Ù.
2. ÆÄÀÏ ¹Þ±â 

¼³Ä¡ Å×½ºÆ® ȯ°æÀº ´ÙÀ½°ú °°½À´Ï´Ù.

GNU make 3.79.1
GCC 2.95.2 19991024
Perl 5.6 (compiled by GCC 2.95.2)
±ÛÀ» ¾²´Â ½ÃÁ¡¿¡¼­ ´ÙÀ½ ÆÄÀÏÀ» ¹Þ¾Ò´Ù.

OpenSSH

ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-2.2.0p1.tar
.gz
MD5 (openssh-2.2.0p1.tar.gz) = 8da6e2ad58be86e195cbdf82f7803feb
EGD
ftp://ftp.lothar.com/linux/egd-0.8.tar.gz
MD5 (egd-0.8.tar.gz) = 07776186d3105f565b606e59aa896c82
OpenSSL
ftp://ftp.openssl.org/source/openssl-0.9.6.tar.gz
MD5 (openssl-0.9.6.tar.gz) = 4b407ab005b3846ec542eb8305823bca
3. ¼³Ä¡Çϱâ 
¸ÕÀú OpenSSLÀ» ¼³Ä¡ÇÑ´Ù.


# gzip -cd openssl-0.9.6.tar.gz | tar -xf -
# cd openssl-0.9.6
# ./config
# make                  <= GNU make¸¦ »ç¿ëÇÑ´Ù.
# make test
# make install

´ÙÀ½, EGD¸¦ ¼³Ä¡ÇÑ´Ù.
¿©±â¼­ »ç¿ëÇÏ´Â perlÀº gcc·Î ÄÄÆÄÀÏÇÑ perlÀ̾î¾ßÇÑ´Ù. ¼Ö¶ó¸®½º ½Ãµð·Î ¼³Ä¡ÇÑ perlÀº SUNÀÇ CC·Î ÄÄÆÄÀϵǾî Àֱ⶧¹®¿¡ gcc°¡ ÀÎ½Ä ¸øÇÏ´Â ¿É¼ÇÀ» »ç¿ëÇؼ­, °á±¹ egd°¡ ÄÄÆÄÀϵÇÁö ¾Ê´Â´Ù.

# gzip -cd egd-0.8.tar.gz | tar -xf -
# cd egd-0.8
# perl Makefile.pl
# make
# make test
# make install

±×¸®°í EGD¸¦ ½ÇÇàÇÑ´Ù.
EGD´Â ¿É¼ÇÀ¸·Î random device·Î ¾µ ÆÄÀÏÀÇ °æ·Î¸¦ ÇÊ¿ä·ÎÇÑ´Ù.
¼Ö¶ó¸®½º¿ë OpenSSH ¼³Ä¡½Ã¿¡µµ EGDÀÇ random deviceÀÇ ÆÄÀÏ °æ·Î¸¦ ÇÊ¿ä·Î Çϱ⶧¹®¿¡ ÀûÀýÈ÷ ¼±ÅÃÇÏ¸é µÈ´Ù. ¿©±â¼­´Â /dev/randomÀ¸·Î Çß´Ù.
# /usr/local/bin/egd.pl /dev/random

ÀÌÁ¦ OpenSSH¸¦ ¼³Ä¡ÇÒ Â÷·Ê´Ù.


# gzip -cd openssh-2.2.0p1.tar.gz | tar -xf -
# cd openssh-2.2.0p1

configure °úÁ¤¿¡¼­ MAKE º¯¼ö¸¦ GNU makeÀÇ À§Ä¡·Î ÁöÁ¤Çسõ´Â °ÍÀÌ ÁÁ´Ù.
# ./configure --with-ssl-dir=/usr/local/ssl --with-xauth=/usr/openwin/bin/xauth \
--with-egd-pool=/dev/random --sysconfdir=/etc/ssh
# make
# make install

¼³Á¤°úÁ¤
sshd°¡ Á¤»óÀûÀ¸·Î ÀÛµ¿Çϱâ À§Çؼ­´Â EGD¸¦ ¶ç¿î ´ÙÀ½¿¡ sshd¸¦ ¶ç¿ö¾ß ÇÑ´Ù.
egd¿Í sshd´Â /etc/init.d/¿¡ º¹»çÇÏ°í ½ÇÇà ±ÇÇÑÀ» Áà¾ßÇÑ´Ù.
±×¸®°í ÀûÀýÇÏ°Ô rc2.d³ª rc3.d¿¡ Æ÷¸Ë¿¡ ¸Â°Ô ¸µÅ©¸¦ ÇØÁÖ¸é µÈ´Ù.
S90egd¿Í S99sshd·Î ÇØÁÖ¸é µÉ °ÍÀÌ´Ù.
1. egd

----------
#!/sbin/sh
#
# AD 2000/9/28
#
# This script assumes that egd.pl is at /usr/local/bin/egd.pl and
# random device is /dev/random
# For Solaris 7 & 8 (pkill is supported since Solaris 7)
#

PERL='/usr/local/bin/perl'
EGD='/usr/local/bin/egd.pl'
RANDOM='/dev/random'

case "$1" in
'start')
        if [ -f $EGD ] ; then
                $PERL -w $EGD $RANDOM
        else
                echo "egd.pl is not found at $EGD"
                exit 1
        fi
        ;;
'stop')
        /usr/bin/pkill -x -u 0 egd.pl
        ;;

*)
        echo "Usage: $0 { start | stop }"
        exit 1
        ;;
esac
exit 0
----------


2. server key generating
/etc/ssh µð·ºÅ丮¿¡ ¾Æ·¡ 4°³ÀÇ ÆÄÀÏÀÌ ¾ø´Ù¸é ¸¸µé¾î Áà¾ß ÇÑ´Ù.

ssh_host_dsa_key
ssh_host_dsa_key.pub
ssh_host_key
ssh_host_key.pub

# ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N ""
# ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N ""

3. sshd
----------
#!/sbin/sh
#
# AD 2000/9/28
#
# This script assumes that sshd is at /usr/local/sbin/sshd
# For Solaris 7 & 8 (pkill is supported since Solaris 7)
# Use this script only with OpenSSH
#

SSHD='/usr/local/sbin/sshd'
PID_FILE='/var/run/sshd.pid'

case "$1" in
'start')
        if [ -f $SSHD ] ; then
                $SSHD
                echo "sshd is starting"
        else
                echo "sshd is not found at $SSHD"
                exit 1
        fi
        ;;
'stop') # stop just a master server
        if [ -f $PID_FILE ] ; then
                kill -9 `cat $PID_FILE`
        fi
        ;;
'stopall') # stop all server
        /usr/bin/pkill -x -u 0 sshd
        ;;
*)
        echo "Usage: $0 { start | stop | stopall }"
        exit 1
        ;;
esac
exit 0
----------

4. Âü°í ¹®Çå


¸ñ·Ï | ÀÔ·Â | ¼öÁ¤ | ´äº¯ | »èÁ¦