[SUMMARY]OpenSSH on multiple Servers

From: Unix Learner <solaris_sky_at_yahoo.com>
Date: Mon Aug 26 2002 - 22:04:54 EDT
Thanks to all the people for pointing me in the right direction regarding this and of course a special one to "System Administration Account" for giving me the biggest clue.
Here is what i did,
Compiled and built openssh3.4p1 on my trusted host in /var/tmp with my prefix as "/var/tmp/openssh"  and my sysconfdir as /etc/ssh on the local host. This copied all my ssh specific files to /var/tmp/openssh and system specific files including the hostkey to /etc/ssh. One thing i noticed in version 3.4p1 was that  whatever prefix directory we specify during the build is hardcoded into the sshd binary and cannot be changed elsewhere (i thought we could do that in sshd_config but no).
I copied the whole of /var/tmp/openssh onto the temporarily mounted netapp location on my trusted host. For ref purposes let us say /usr/misc (mounted to /mnt).
All that remained to be done was copy the /etc/ssh directory to what ever host you want ssh on and create a /var/tmp/openssh with a sym link to the  netapp location viz;/usr/misc/openssh
After copying over the ssh dir to the desired host, it is essential to run the ssh-keygen to create a unique host_key and host_key_dsa (the syntax is better described in the INSTALL file) and bingo you are ready to launch sshd without any probs. The whole process became pretty much painless after i put all the above mentioned things in a very simple and basic shell script and put the same in a postinstall script if we want it as part of jumpstart with the startup and shutdown scripts and all.
There are some minor things to be care of like creating /var/empty for privelege separation and such but these are self explanatory and are overcome as we go along with the process.
thanks much guys,
 
 Note: forwarded message attached.
Yahoo! Finance - Get real-time stock quotes
Received: from [136.182.2.221] by web12908.mail.yahoo.com via HTTP; Mon,
  26 Aug 2002 08:39:53 PDT
Date: Mon, 26 Aug 2002 08:39:53 -0700 (PDT)
From: Unix Learner <solaris_sky@yahoo.com>
Subject: [Update]OpenSSH on multiple Servers
To: sunmanagers@sunmanagers.org
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Length: 1175
X-Converted-To-Plain-Text: from multipart/alternative by demime 0.99c.7
X-Converted-To-Plain-Text: Alternative section used was text/plain

Sent this mail on Friday evening (my fault)..I did get some replies and thanks a lot for those. Would like to get some more opinions before i really experiment any thing on our production servers. Thanks guys..

 

Hello gurus,

We have a large number of Solaris servers with most of the application 
data residing on netapps. I am trying to upgrade openSSH in our 
environment by mounting or application location on the netapp onto a trusted 
machine and trying to build from there.

[trusted machine]# mount netapp:location /mnt

[trusted machine]#cd /var/tmp/openssh-3.4.p1

Here i configure with the necessary options such as openssl and zlib 
and sysconfdir as /etc/ssh. Now all my binaries go perfectly into the 
netapp locations specified and my sysconf dir is created without any pblm 
and sshd starts up fine on the trusted server.  

I know i am going wrong in the next step..

I am copying the /etc/ssh onto another server i want sshd to run on, 
and when i fire up sshd on this server using the netapp location, it 
complains ,

exec [rand] /mnt/xxxxxx/libexec/ssh-rand-helper not found.... (this is 
not the exact  message but it is something similar..)

why is this server trying to find the mount point i specified on the 
trusted host? I changed the sshd_config to contain the correct 
location(netapp) yet i fail..

Is there a better way to install in a central location (using a trusted 
host) and updating all the servers i need ssh on without having to 
install on each and every server.
Yahoo! Finance - Get real-time stock quotes
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Tue Aug 27 03:11:59 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:53 EST