OpenSSH - 윈디하나의 솔라나라
|
# wget https://www.zlib.net/zlib-1.3.1.tar.xz # tar xvfJ zlib-1.3.1.tar.xz # cd zlib-1.3.1 # ./configure --64 # make # make test ... *** zlib test OK *** ... *** zlib shared test OK *** ... *** zlib 64-bit test OK *** # sudo make install
# wget http://thrysoee.dk/editline/libedit-20210714-3.1.tar.gz # tar xvfz libedit-20210714-3.1.tar.gz # cd libedit-20210714-3.1 # ./configure CFLAGS="-m64" # vi src/vis.c 2) #define MIN(a,b) (((a)<(b))?(a):(b)) #define MAX(a,b) (((a)>(b))?(a):(b)) # make 1) # sudo make install1) GNUAwk 4.x 가 필요하다.
/usr/include/sys/param.h
에 MIN, MAX 매크로가 있지만 솔라리스에는 없다. 매크로를 추가해준다.
솔라리스 11에서 64bit 로 빌드하고 설치하자. 빌드에는 GCC를 사용해야 한다.
windy@wl ~/src $ wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.7p1.tar.gz windy@wl ~/src $ tar xvfz openssh-9.7p1.tar.gz windy@wl ~/src $ cd openssh-9.7p1 windy@wl ~/src/openssh-9.7p1 $ CFLAGS="-m64" LDFLAGS="-m64" CC="gcc" ./configure \ --prefix=/usr/local/ssh \ --with-ssl-dir=/usr/local/ssl \ --with-ssl-engine \ --with-pam \ --with-solaris-contracts \ --with-solaris-projects \ --with-solaris-privs \ --with-ipaddr-display \ --with-zlib=/usr/local \ --with-libedit=/usr/local \ --without-openssl-header-check 1) ... OpenSSH has been configured with the following options: User binaries: /usr/local/ssh/bin System binaries: /usr/local/ssh/sbin Configuration files: /usr/local/ssh/etc Askpass program: /usr/local/ssh/libexec/ssh-askpass Manual pages: /usr/local/ssh/share/man/manX PID file: /var/run Privilege separation chroot path: /var/empty sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/ssh/bin (If PATH is set in /etc/default/login it will be used instead. If used, ensure the path to scp is present, otherwise scp will not work.) Manpage format: doc PAM support: yes OSF SIA support: no KerberosV support: no SELinux support: no libedit support: yes libldns support: no Solaris process contract support: yes Solaris project support: yes Solaris privilege support: yes IP address in $DISPLAY hack: yes Translate v4 in v6 hack: no BSD Auth support: no Random number source: OpenSSL internal ONLY Privsep sandbox style: solaris PKCS#11 support: yes U2F/FIDO support: yes Host: x86_64-pc-solaris2.11 Compiler: gcc Compiler flags: -m64 -pipe -Wno-error=format-truncation -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -Wmisleading-indentation -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong Preprocessor flags: -I/usr/local/ssl/include -I/usr/local/include -I/usr/local/include Linker flags: -L/usr/local/ssl/lib -R/usr/local/ssl/lib -L/usr/local/lib -R/usr/local/lib -L/usr/local/lib -R/usr/local/lib -m64 -Wl,-z,now -fstack-protector-strong Libraries: -lresolv -lcrypto -lmd -lz -lcontract -lproject +for sshd: -lpam -ldl SVR4 style packages are supported with "make package" PAM is enabled. You may need to install a PAM control file for sshd, otherwise password authentication may fail. Example PAM control files can be found in the contrib/ subdirectory windy@wl ~/src/openssh-9.7p1 $ make windy@wl ~/src/openssh-9.7p1 $ make package 2) windy@wl ~/src/openssh-9.7p1 $ useradd -d /var/empty -s /bin/false -u 27 -c "sshd privsep" sshd UX: useradd: WARNING: uid 27 is reserved. windy@wl ~/src/openssh-9.7p1 $ sudo make install 3)1)
--with-kerberos5=/usr
옵션은 7.3 에서 사용 할 수 없다. 반드시 필요하다면 6.x 버전을 이용하자. (7.3의 kerberos5 용 모듈은 gss_krb5_copy_ccache
을 찾지만 솔라리스에 있는 kerberos5 라이브러리가 예전버전이라 해당 메소드가 없다)OpenSSH-OpenSSH_9.7p1-Solaris-i386.pkg
패키지 파일을 생성한다./usr/local/ssh/etc
에 있다.
/usr/local/ssh/etc/sshd_config
파일을 수정하면 된다.
windy@wl ~ $ ls -al /usr/local/ssh/etc/ windy@wl ~ $ sudo vi /usr/local/ssh/etc/sshd_config ...
시작 스크립트를 아래와 같이 /etc/init.d/sshd
에 생성한 후, /etc/rc2.d
디렉토리에 링크를 걸자.
windy@wl ~ $ sudo vi /etc/init.d/sshd #!/bin/sh . /etc/profile PID_FILE=/var/run/sshd.pid case "$1" in 'start') if [ -f "$PID_FILE" ]; then echo "Found PID file. ($PID_FILE) Cannot run sshd." else /usr/local/ssh/sbin/sshd fi ;; 'stop') if [ -f "$PID_FILE" ]; then /usr/bin/kill `/usr/bin/cat /var/run/sshd.pid` else echo "Cannot found PID file. ($PID_FILE)" fi ;; 'stopall') pid=`/usr/bin/ps -e | /usr/bin/grep sshd | /usr/bin/sed -e 's/^ *//' -e 's/ .*//'` if [ "${pid}" != "" ] then /usr/bin/kill ${pid} fi ;; *) echo "usage: $0 {start|stop|stopall}" ;; esac windy@wl ~ $ sudo chmod u+x /etc/init.d/sshd windy@wl ~ $ cd /etc/rc2.d windy@wl /etc/rc2.d $ sudo ln -s /etc/init.d/sshd S99sshd서버를 재시작한 후, SSH 로 서버에 접속되는지 확인해보자.
솔라리스에 실행중인 ssh 를 종료하고, openssh 를 실행하자. 현재 접속이 끊길 수 있으니 아래의 명령을 실행할 때에는 가급적 원격에서 하지 말자. (하지만 필자의 경우 안 끊겼다)
root@wl ~ # svcadm disable ssh root@wl ~ # /etc/init.d/sshd start
종료는 아래와 같이 한다.
root@wl ~ # /etc/init.d/sshd stop이미 연결된 접속까지 끊으려면 stop 대신 stopall 을 사용하자.
RSS ATOM XHTML 5 CSS3 |
Copyright © 2004-2025 Jo HoSeok. All rights reserved. |