IRIX and Software

Easy setup for neko_sshd?

fu
From constant traveler [nyc/london/berlin]
Who joined Sept. 29, 2005, 9:39 a.m.

Wrote the following at Nov. 24, 2005, 12:14 p.m...

I'm trying to setup neko_sshd,

I followed joerg's shortcut :

joerg wrote: Perform the following steps:
1. Check if the directoy '/var/empty' exits otherwise create it.
2. Check if a user and group named 'sshd' exits outherwise create [1] both and. The shell for this user is set to /bin/false and $home is the /var/empty dir from above
3. shutdown the IRIX sshd and disable it with chkconfig. Its not installed by default.
4. run 'chkconfig neko_sshd on'
5. start the daemon with '/etc/init.d/neko_sshd start'

[1] use the gui for that job or from commandline /usr/sysadm/privbin/addUserAccount. But create the group first by editing /etc/group with your favorite editor.

So far not so good, i get the following error:

Code: Select all


Privilege seperation user sshd does not exist

as for the rest of joerg's setup, i'm getting a bit confused (if not lost):

joerg wrote: A 'ps -edalf | grep sshd' shows you if now a process is up and running. Try to connect with a 'ssh $user@localhost'. If it works stop the sshd and start editing the /usr/nekoware/etc/sshd_config and ssh_config files. You may want to limited the use of ssh version 2 protokoll, dont permit root logins, enable x-forwarding and some more.

Before you upgrading neko_sshd to a newer version make a copy of your existing config files because in previous versions of the neko package it overrides the files.

could anyone post a more detailed step-by-step guide (or link) please?

deather
Who joined Oct. 4, 2005, 2:13 a.m.

Wrote the following at Nov. 24, 2005, 1:10 p.m...

It seems you must create an "sshd" user

joerg
From In an origin rack - Germany
Who joined Jan. 8, 2004, 6:57 a.m.

Wrote the following at Nov. 24, 2005, 1:20 p.m...

fu wrote: I'm trying to setup neko_sshd,

I followed joerg's shortcut :

joerg wrote: Perform the following steps:
1. Check if the directoy '/var/empty' exits otherwise create it.
2. Check if a user and group named 'sshd' exits outherwise create [1] both and. The shell for this user is set to /bin/false and $home is the /var/empty dir from above
3. shutdown the IRIX sshd and disable it with chkconfig. Its not installed by default.
4. run 'chkconfig neko_sshd on'
5. start the daemon with '/etc/init.d/neko_sshd start'

[1] use the gui for that job or from commandline /usr/sysadm/privbin/addUserAccount. But create the group first by editing /etc/group with your favorite editor.

So far not so good, i get the following error:

Code: Select all
Privilege seperation user sshd does not exist

What did you not understood on step 2.?

regards
Joerg

fu
From constant traveler [nyc/london/berlin]
Who joined Sept. 29, 2005, 9:39 a.m.

Wrote the following at Nov. 24, 2005, 1:41 p.m...

deather wrote: It seems you must create an "sshd" user

apparently, i messed up the passwd file, it's ok now though...

joerg wrote: What did you not understood on step 2.?

hi joerg,

i didn't mean step 2:

joerg wrote: Check if a user and group named 'sshd' exits outherwise create [1] both and. The shell for this user is set to /bin/false and $home is the /var/empty dir from above.

I got the first steps (1-5) right:

Code: Select all


ps -edalf | grep sshd

gives me feedback

and

Code: Select all


ssh $user@localhost

is working fine too

I mean how to setup the second part of your suggestions:

joerg wrote: start editing the /usr/nekoware/etc/sshd_config and ssh_config files. You may want to limited the use of ssh version 2 protokoll, dont permit root logins, enable x-forwarding and some more

there seems to be a zillion of settings there...

joerg
From In an origin rack - Germany
Who joined Jan. 8, 2004, 6:57 a.m.

Wrote the following at Nov. 24, 2005, 2:27 p.m...

fu wrote: there seems to be a zillion of settings there...

And there are all describe in the sshd_config manpage.

My /usr/nekoware/etc/sshd_config file:

Code: Select all


Port 22


Protocol 2


#AddressFamily any


#ListenAddress 0.0.0.0


#ListenAddress ::




# HostKey for protocol version 1


#HostKey /usr/nekoware/etc/ssh_host_key


# HostKeys for protocol version 2


HostKey /usr/nekoware/etc/ssh_host_rsa_key


HostKey /usr/nekoware/etc/ssh_host_dsa_key




# Lifetime and size of ephemeral version 1 server key


#KeyRegenerationInterval 1h


#ServerKeyBits 768




# Logging


# obsoletes QuietMode and FascistLogging


#SyslogFacility AUTH


LogLevel INFO




# Authentication:




#LoginGraceTime 2m


PermitRootLogin no


#StrictModes yes


#MaxAuthTries 6




#RSAAuthentication yes


PubkeyAuthentication yes


#AuthorizedKeysFile     .ssh/authorized_keys




# For this to work you will also need host keys in /usr/nekoware/etc/ssh_known_h                  osts


#RhostsRSAAuthentication no


# similar for protocol version 2


#HostbasedAuthentication no


# Change to yes if you don't trust ~/.ssh/known_hosts for


# RhostsRSAAuthentication and HostbasedAuthentication


#IgnoreUserKnownHosts no


# Don't read the user's ~/.rhosts and ~/.shosts files


#IgnoreRhosts yes




# To disable tunneled clear text passwords, change to no here!


#PasswordAuthentication yes


PermitEmptyPasswords no




# Change to no to disable s/key passwords


#ChallengeResponseAuthentication yes




# Kerberos options


#KerberosAuthentication no


#KerberosOrLocalPasswd yes


#KerberosTicketCleanup yes


#KerberosGetAFSToken no




# GSSAPI options


#GSSAPIAuthentication no


#GSSAPICleanupCredentials yes




# Set this to 'yes' to enable PAM authentication, account processing,


# and session processing. If this is enabled, PAM authentication will


# be allowed through the ChallengeResponseAuthentication mechanism.


# Depending on your PAM configuration, this may bypass the setting of


# PasswordAuthentication, PermitEmptyPasswords, and


# "PermitRootLogin without-password". If you just want the PAM account and


# session checks to run without PAM authentication, then enable this but set


# ChallengeResponseAuthentication=no


#UsePAM no




#AllowTcpForwarding yes


#GatewayPorts no


X11Forwarding yes


X11DisplayOffset 10


X11UseLocalhost yes


#PrintMotd yes


PrintLastLog yes


#TCPKeepAlive yes


#UseLogin no


UsePrivilegeSeparation yes


#PermitUserEnvironment no


#Compression delayed


#ClientAliveInterval 0


#ClientAliveCountMax 3


#UseDNS yes


PidFile /usr/nekoware/var/run/sshd.pid


#MaxStartups 10




# no default banner path


#Banner /some/path




# override default of no subsystems


Subsystem       sftp    /usr/nekoware/libexec/sftp-server

regards
Joerg

fu
From constant traveler [nyc/london/berlin]
Who joined Sept. 29, 2005, 9:39 a.m.

Wrote the following at Nov. 25, 2005, 11:30 a.m...

joerg wrote:

fu wrote: there seems to be a zillion of settings there...

And there are all describe in the sshd_config manpage.

yup, looking at the manpage is what got me dizzy in the first place

joerg wrote: My /usr/nekoware/etc/sshd_config file:
[code]Port 22
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ...

thanks!

that helps a bit, though i found out that for simple (secure) ftp transfers i could do without configuring sshd_config, just by using the command line...

joerg
From In an origin rack - Germany
Who joined Jan. 8, 2004, 6:57 a.m.

Wrote the following at Nov. 25, 2005, 2:23 p.m...

fu wrote: ..
that helps a bit, though i found out that for simple (secure) ftp transfers i could do without configuring sshd_config, just by using the command line...

Work as a real men and use 'scp' for secure copy :)

regards
Joerg

fu
From constant traveler [nyc/london/berlin]
Who joined Sept. 29, 2005, 9:39 a.m.

Wrote the following at Nov. 25, 2005, 2:28 p.m...

joerg wrote: Work as a real men and use 'scp' for secure copy
regards
Joerg

hex! thanks for the tip!

inca
From Riga, Latvia
Who joined March 28, 2010, 5:05 a.m.

Wrote the following at March 28, 2010, 5:20 a.m...

Hello from Riga, Latvia!

I'm happy that there is SGI fan club. -) Have not had enough time for getting on with my O2 workstation and now seems I'll have it.

But my question is about problem running neko_sshd:
I've installed neko_openssh and neko_openssl packages successfully. Then created group and user named 'sshd'. It's OK. But when I tried to start daemon with '/etc/init.d/neko_sshd start' I've got an error:

Code: Select all


999:/usr/nekoware/sbin/sshd: rld: Fatal Error: Cannot Successfully Map soname 'libwrap.so.7' under any of the filenames /usr/nekoware/lib/libwrap.so.7:/usr/lib32/libwrap.so.7:/usr/lib32/internal/libwrap.so.7:/lib32/libwrap.so.7:/opt/lib32/libwrap.so.7:


/usr/nekoware/lib/libwrap.so.7.7:/usr/lib32/libwrap.so.7.7:/usr/lib32/internal/libwrap.so.7.7:/lib32/libwrap.so.7.7:


/opt/lib32/libwrap.so.7.7:

find succesfully located libwrap.so.7 in /usr/nekoware/lib

Code: Select all


iris : ~#  find / -name 'libwrap.so.7'


/usr/nekoware/lib/libwrap.so.7

Thanks for help in advance.))

zuluchas
From Washington, DC, USA
Who joined June 25, 2008, 10:41 a.m.

Wrote the following at March 28, 2010, 9:50 a.m...

inca wrote: But my question is about problem running neko_sshd:
I've installed neko_openssh and neko_openssl packages successfully. Then created group and user named 'sshd'. It's OK. But when I tried to start daemon with '/etc/init.d/neko_sshd start' I've got an error:

Code: Select all
999:/usr/nekoware/sbin/sshd: rld: Fatal Error: Cannot Successfully Map soname 'libwrap.so.7' under any of the filenames /usr/nekoware/lib/libwrap.so.7:/usr/lib32/libwrap.so.7:/usr/lib32/internal/libwrap.so.7:/lib32/libwrap.so.7:/opt/lib32/libwrap.so.7: /usr/nekoware/lib/libwrap.so.7.7:/usr/lib32/libwrap.so.7.7:/usr/lib32/internal/libwrap.so.7.7:/lib32/libwrap.so.7.7: /opt/lib32/libwrap.so.7.7:

find succesfully located libwrap.so.7 in /usr/nekoware/lib

Code: Select all
iris : ~# find / -name 'libwrap.so.7' /usr/nekoware/lib/libwrap.so.7

Thanks for help in advance.))

Sounds like a library path problem. Check LD_LIBRARYN32_PATH in your shell and make sure /usr/nekoware/lib is included in it. You can set this in some appropriate system-wide config as well, such as /etc/profile

inca
From Riga, Latvia
Who joined March 28, 2010, 5:05 a.m.

Wrote the following at March 28, 2010, 1:02 p.m...

zuluchas wrote: Sounds like a library path problem. Check LD_LIBRARYN32_PATH in your shell and make sure /usr/nekoware/lib is included in it. You can set this in some appropriate system-wide config as well, such as /etc/profile

Have just checked that out:

Code: Select all


iris : ~#  echo $LD_LIBRARYN32_PATH


LD_LIBRARYN32_PATH: Undefined variable.


iris : ~#  setenv LD_LIBRARYN32_PATH /usr/nekoware/lib


iris : ~#  echo $LD_LIBRARYN32_PATH


/usr/nekoware/lib

Perhaps, it's wrong with the libwrap.so.7 file:

Code: Select all


iris : ~#  ls -lh /usr/nekoware/lib | grep libwrap


lrwxr-xr-x    1 root     sys           30b Nov  1  1970 libwrap.so.7 -> /usr/freeware/lib/libwrap.so.7


iris : ~#  ls -lh /usr/freeware/lib/


total 0


drwxr-xr-x    3 root     sys           29b Jan  2  1970 gcc-lib


drwxr-xr-x    2 root     sys            6b Mar 28 13:07 openssl

If I'm right, there is only a symlink to nonexistent file?

jaymax
Who joined Aug. 1, 2007, 5:05 a.m.

Wrote the following at June 11, 2010, 9:10 p.m...

Is there a similar guide for Indigo2 setup, this may be pushing it a bit to the limits of 'legacy'.

I am getting a
/usr/nekoware/sbin/sshd: Program not supported by architecture

The octanes worked just fine

Thanks!

fu
From constant traveler [nyc/london/berlin]
Who joined Sept. 29, 2005, 9:39 a.m.

Wrote the following at June 11, 2010, 9:49 p.m...

jay, looks like you also pm'ed me your post ^

unfortunately i'm not your man for fancy commands and nekoware builds, someone else will answer that for you

joerg
From In an origin rack - Germany
Who joined Jan. 8, 2004, 6:57 a.m.

Wrote the following at June 12, 2010, 12:09 a.m...

jaymax wrote: Is there a similar guide for Indigo2 setup, this may be pushing it a bit to the limits of 'legacy'.

I am getting a
/usr/nekoware/sbin/sshd: Program not supported by architecture

The octanes worked just fine

Thanks!

Looks like you have an Indigo2 R4xxx which only supports MIPS3. So take a look into Nekoware MIPS3 or use the old packages from SGI Freeware. (IIRC comes the last IRIX 6.5.22 also with an SSH Server but not installed by default).

The standard Nekoware Package Tree is MIPS4 needs an R5000 or better CPU.

Regards
Joerg

http://www.irixworld.net