IRIX and Software

Easy setup for neko_sshd?

I'm trying to setup neko_sshd,

I followed joerg's shortcut :

joerg wrote: Perform the following steps:
1. Check if the directoy '/var/empty' exits otherwise create it.
2. Check if a user and group named 'sshd' exits outherwise create [1] both and. The shell for this user is set to /bin/false and $home is the /var/empty dir from above
3. shutdown the IRIX sshd and disable it with chkconfig. Its not installed by default.
4. run 'chkconfig neko_sshd on'
5. start the daemon with '/etc/init.d/neko_sshd start'

[1] use the gui for that job or from commandline /usr/sysadm/privbin/addUserAccount. But create the group first by editing /etc/group with your favorite editor.


So far not so good, i get the following error:

Code: Select all

Privilege seperation user sshd does not exist


as for the rest of joerg's setup, i'm getting a bit confused (if not lost):

joerg wrote: A 'ps -edalf | grep sshd' shows you if now a process is up and running. Try to connect with a 'ssh [email protected]'. If it works stop the sshd and start editing the /usr/nekoware/etc/sshd_config and ssh_config files. You may want to limited the use of ssh version 2 protokoll, dont permit root logins, enable x-forwarding and some more.

Before you upgrading neko_sshd to a newer version make a copy of your existing config files because in previous versions of the neko package it overrides the files.


could anyone post a more detailed step-by-step guide (or link) please?
It seems you must create an "sshd" user ;)
fu wrote: I'm trying to setup neko_sshd,

I followed joerg's shortcut :

joerg wrote: Perform the following steps:
1. Check if the directoy '/var/empty' exits otherwise create it.
2. Check if a user and group named 'sshd' exits outherwise create [1] both and. The shell for this user is set to /bin/false and $home is the /var/empty dir from above
3. shutdown the IRIX sshd and disable it with chkconfig. Its not installed by default.
4. run 'chkconfig neko_sshd on'
5. start the daemon with '/etc/init.d/neko_sshd start'

[1] use the gui for that job or from commandline /usr/sysadm/privbin/addUserAccount. But create the group first by editing /etc/group with your favorite editor.


So far not so good, i get the following error:

Code: Select all

Privilege seperation user sshd does not exist



What did you not understood on step 2.?

regards
Joerg
deather wrote: It seems you must create an "sshd" user ;)


:D apparently, i messed up the passwd file, it's ok now though...

joerg wrote: What did you not understood on step 2.?


hi joerg,

i didn't mean step 2:
joerg wrote: Check if a user and group named 'sshd' exits outherwise create [1] both and. The shell for this user is set to /bin/false and $home is the /var/empty dir from above.


I got the first steps (1-5) right:

Code: Select all

ps -edalf | grep sshd
gives me feedback

and
is working fine too

I mean how to setup the second part of your suggestions:

joerg wrote: start editing the /usr/nekoware/etc/sshd_config and ssh_config files. You may want to limited the use of ssh version 2 protokoll, dont permit root logins, enable x-forwarding and some more


there seems to be a zillion of settings there...
fu wrote: there seems to be a zillion of settings there...


And there are all describe in the sshd_config manpage.


My /usr/nekoware/etc/sshd_config file:

Code: Select all

Port 22
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /usr/nekoware/etc/ssh_host_key
# HostKeys for protocol version 2
HostKey /usr/nekoware/etc/ssh_host_rsa_key
HostKey /usr/nekoware/etc/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in /usr/nekoware/etc/ssh_known_h                  osts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no

#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
#PrintMotd yes
PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
PidFile /usr/nekoware/var/run/sshd.pid
#MaxStartups 10

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem       sftp    /usr/nekoware/libexec/sftp-server


regards
Joerg
joerg wrote:
fu wrote: there seems to be a zillion of settings there...


And there are all describe in the sshd_config manpage.


yup, looking at the manpage is what got me dizzy in the first place :?


joerg wrote: My /usr/nekoware/etc/sshd_config file:
[code]Port 22
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ...


thanks!

that helps a bit, though i found out that for simple (secure) ftp transfers i could do without configuring sshd_config, just by using the command line...
fu wrote: ..
that helps a bit, though i found out that for simple (secure) ftp transfers i could do without configuring sshd_config, just by using the command line...


Work as a real men and use 'scp' for secure copy :)

regards
Joerg
joerg wrote: Work as a real men and use 'scp' for secure copy :)
regards
Joerg


:D :D :D

hex! thanks for the tip!
Hello from Riga, Latvia! :) I'm happy that there is SGI fan club. -) Have not had enough time for getting on with my O2 workstation and now seems I'll have it.

But my question is about problem running neko_sshd:
I've installed neko_openssh and neko_openssl packages successfully. Then created group and user named 'sshd'. It's OK. But when I tried to start daemon with '/etc/init.d/neko_sshd start' I've got an error:

Code: Select all

999:/usr/nekoware/sbin/sshd: rld: Fatal Error: Cannot Successfully Map soname 'libwrap.so.7' under any of the filenames /usr/nekoware/lib/libwrap.so.7:/usr/lib32/libwrap.so.7:/usr/lib32/internal/libwrap.so.7:/lib32/libwrap.so.7:/opt/lib32/libwrap.so.7:
/usr/nekoware/lib/libwrap.so.7.7:/usr/lib32/libwrap.so.7.7:/usr/lib32/internal/libwrap.so.7.7:/lib32/libwrap.so.7.7:
/opt/lib32/libwrap.so.7.7:

find succesfully located libwrap.so.7 in /usr/nekoware/lib

Code: Select all

iris : ~#  find / -name 'libwrap.so.7'
/usr/nekoware/lib/libwrap.so.7

Thanks for help in advance.))
:O2: :Octane2: :Fuel:
inca wrote: But my question is about problem running neko_sshd:
I've installed neko_openssh and neko_openssl packages successfully. Then created group and user named 'sshd'. It's OK. But when I tried to start daemon with '/etc/init.d/neko_sshd start' I've got an error:

Code: Select all

999:/usr/nekoware/sbin/sshd: rld: Fatal Error: Cannot Successfully Map soname 'libwrap.so.7' under any of the filenames /usr/nekoware/lib/libwrap.so.7:/usr/lib32/libwrap.so.7:/usr/lib32/internal/libwrap.so.7:/lib32/libwrap.so.7:/opt/lib32/libwrap.so.7:
/usr/nekoware/lib/libwrap.so.7.7:/usr/lib32/libwrap.so.7.7:/usr/lib32/internal/libwrap.so.7.7:/lib32/libwrap.so.7.7:
/opt/lib32/libwrap.so.7.7:

find succesfully located libwrap.so.7 in /usr/nekoware/lib

Code: Select all

iris : ~#  find / -name 'libwrap.so.7'
/usr/nekoware/lib/libwrap.so.7

Thanks for help in advance.))


Sounds like a library path problem. Check LD_LIBRARYN32_PATH in your shell and make sure /usr/nekoware/lib is included in it. You can set this in some appropriate system-wide config as well, such as /etc/profile
:A350R: :Onyx2: :4D220VGX: :Indigo: :Octane2: :O2: :Indigo2IMP: :O3x0: :Indy:
zuluchas wrote: Sounds like a library path problem. Check LD_LIBRARYN32_PATH in your shell and make sure /usr/nekoware/lib is included in it. You can set this in some appropriate system-wide config as well, such as /etc/profile

Have just checked that out:

Code: Select all

iris : ~#  echo $LD_LIBRARYN32_PATH
LD_LIBRARYN32_PATH: Undefined variable.
iris : ~#  setenv LD_LIBRARYN32_PATH /usr/nekoware/lib
iris : ~#  echo $LD_LIBRARYN32_PATH
/usr/nekoware/lib

Perhaps, it's wrong with the libwrap.so.7 file:

Code: Select all

iris : ~#  ls -lh /usr/nekoware/lib | grep libwrap
lrwxr-xr-x    1 root     sys           30b Nov  1  1970 libwrap.so.7 -> /usr/freeware/lib/libwrap.so.7
iris : ~#  ls -lh /usr/freeware/lib/
total 0
drwxr-xr-x    3 root     sys           29b Jan  2  1970 gcc-lib
drwxr-xr-x    2 root     sys            6b Mar 28 13:07 openssl

If I'm right, there is only a symlink to nonexistent file?
:O2: :Octane2: :Fuel:
Is there a similar guide for Indigo2 setup, this may be pushing it a bit to the limits of 'legacy'.

I am getting a
/usr/nekoware/sbin/sshd: Program not supported by architecture

The octanes worked just fine

Thanks!
jay, looks like you also pm'ed me your post ^

unfortunately i'm not your man for fancy commands and nekoware builds, someone else will answer that for you
jaymax wrote: Is there a similar guide for Indigo2 setup, this may be pushing it a bit to the limits of 'legacy'.

I am getting a
/usr/nekoware/sbin/sshd: Program not supported by architecture

The octanes worked just fine

Thanks!


Looks like you have an Indigo2 R4xxx which only supports MIPS3. So take a look into Nekoware MIPS3 or use the old packages from SGI Freeware. (IIRC comes the last IRIX 6.5.22 also with an SSH Server but not installed by default).

The standard Nekoware Package Tree is MIPS4 needs an R5000 or better CPU.

Regards
Joerg