Hi Developers, This is Viet at Sun Microsystems. Does openssh support Solaris 10 spacrc, sol 10 x86, and sol 10 x64. If so, could you please point me to the link in openssh web site, not sunfreeware.com, that says so and the link to download. I need an official link to declare to Sun that you do support sol 10. Thanks.
On Thu, 2005-03-10 at 11:24 -0800, Viet Pham wrote:> Hi Developers, > This is Viet at Sun Microsystems. Does openssh support Solaris 10 > spacrc, sol 10 x86, and sol 10 x64. If so, could you please point me to > the link in openssh web site, not sunfreeware.com, that says so and the > link to download. I need an official link to declare to Sun that you do > support sol 10. Thanks.Doesn't sun support their own fork of openssh...called Sun-SSH (That's what's installed in solaris 9 by default). Openssh works for solaris 7-9... (that's what I use), and I assume it'll work just as well on solaris 10. -- Mark Janssen -- maniac(at)maniac.nl -- pgp: 0x357D2178 | ,''`. | Unix / Linux Open-Source and Internet Consultant @ Snow.nl | : :' : | Maniac.nl MarkJanssen.nl NerdNet.nl Unix.nl | `. `' | Skype: markmjanssen ICQ: 129696007 irc: FooBar on undernet | `- | -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20050310/0c984749/attachment.bin
Viet Pham wrote:> Hi Developers, > This is Viet at Sun Microsystems. Does openssh support Solaris 10 > spacrc, sol 10 x86, and sol 10 x64.I tried it on Solaris 10 x86 on a test box before the 4.0 release and it worked. I don't see why it won't work on the other platforms (SPARC, x86-64) but I can't try it on either because I don't have access to hardware capable of running it. Feel free to try it yourself (the running the regress tests is just a matter of "make tests").> If so, could you please point me to > the link in openssh web site, not sunfreeware.com, that says so and the > link to download. I need an official link to declare to Sun that you do > support sol 10. Thanks.http://www.openssh.com/portable.html "Solaris 10" is a subset of "Solaris". -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Couple of things.
#1 - ISO Images of Solaris 10 can be downloaded for free from www.sun.com - for
x86 and Sparc platforms. No need for a media kit. You're on your own on
finding a hard drive.
#2 - Out of the box, using the Sun supplied opensource software contained in
/usr/sfw for compiling, breaks down during the "make" process.
PATH=/usr/sfw/bin:/usr/bin:/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin
export CFLAGS="-O3"
./configure --with-pam --disable-suid-ssh --without-rsh
--with-default-path=/usr/bin:/bin:/usr/sbin:/sbin:/usr/sfw/bin:/usr/local/bin:/usr/local/sbin
returns
OpenSSH has been configured with the following options:
User binaries: /usr/local/bin
System binaries: /usr/local/sbin
Configuration files: /usr/local/etc
Askpass program: /usr/local/libexec/ssh-askpass
Manual pages: /usr/local/man/manX
PID file: /var/run
Privilege separation chroot path: /var/empty
sshd default user PATH:
/usr/bin:/bin:/usr/sbin:/sbin:/usr/sfw/bin:/usr/local/bin:/usr/local/sbin
(If PATH is set in /etc/default/login it will be used instead. If
used, ensure the path to scp is present, otherwise scp will not work.)
Manpage format: man
PAM support: yes
KerberosV support: no
Smartcard support: no
S/KEY support: no
TCP Wrappers support: no
MD5 password support: no
libedit support: no
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: no
BSD Auth support: no
Random number source: OpenSSL internal ONLY
Host: sparc-sun-solaris2.10
Compiler: gcc
Compiler flags: -O3 -Wall -Wpointer-arith -Wno-uninitialized
Preprocessor flags:
Linker flags:
Libraries: -lpam -ldl -lresolv -lcrypto -lrt -lz -lsocket -lnsl
SVR4 style packages are supported with "make package"
PAM is enabled. You may need to install a PAM control file
for sshd, otherwise password authentication may fail.
Example PAM control files can be found in the contrib/
subdirectory
WARNING: the operating system that you are using does not
appear to support either the getpeereid() API nor the
SO_PEERCRED getsockopt() option. These facilities are used to
enforce security checks to prevent unauthorised connections to
ssh-agent. Their absence increases the risk that a malicious
user can connect to your agent.
$ gmake
gets to this point and dies
gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o
sshconnect2.o -L. -Lopenbsd-compat/ -lssh -lopenbsd-compat -lresolv -lcrypto
-lrt -lz -lsocket -lnsl
Undefined first referenced
symbol in file
EVP_aes_192_cbc ./libssh.a(cipher.o)
EVP_aes_256_cbc ./libssh.a(cipher.o)
ld: fatal: Symbol referencing errors. No output written to ssh
collect2: ld returned 1 exit status
gmake: *** [ssh] Error 1
It's probably a simple library pathing issue, just haven't had time to
dig into
it at this time.
guyverdh at mchsi.com wrote:> gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o > sshconnect2.o -L. -Lopenbsd-compat/ -lssh -lopenbsd-compat -lresolv -lcrypto > -lrt -lz -lsocket -lnsl > Undefined first referenced > symbol in file > EVP_aes_192_cbc ./libssh.a(cipher.o) > EVP_aes_256_cbc ./libssh.a(cipher.o) > ld: fatal: Symbol referencing errors. No output written to ssh > collect2: ld returned 1 exit status > gmake: *** [ssh] Error 1It looks like the Sun-supplied OpenSSL (which I believe is modified?) does not have the 192-bit and 256-bit AES functions. Does it work with the vanilla OpenSSL distribution? (Possibly you will have to "configure --with-ssl-dir=/usr/local/ssl"). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Darren Tucker wrote:> guyverdh at mchsi.com wrote: > >> gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o >> sshconnect1.o >> sshconnect2.o -L. -Lopenbsd-compat/ -lssh -lopenbsd-compat -lresolv >> -lcrypto >> -lrt -lz -lsocket -lnsl >> Undefined first referenced >> symbol in file >> EVP_aes_192_cbc ./libssh.a(cipher.o) >> EVP_aes_256_cbc ./libssh.a(cipher.o) >> ld: fatal: Symbol referencing errors. No output written to ssh >> collect2: ld returned 1 exit status >> gmake: *** [ssh] Error 1 > > > It looks like the Sun-supplied OpenSSL (which I believe is modified?) > does not have the 192-bit and 256-bit AES functions. Does it work with > the vanilla OpenSSL distribution? (Possibly you will have to "configure > --with-ssl-dir=/usr/local/ssl").That can bite you when you build apache2 with SSL as well (just for the record :) )
Thanks for the info.
It appears that the bundled openssl is version 0.9.7d.
Loaded up openssl-0.9.7e in the standard /usr/local/ssl location.
I then added the --with-ssl=/usr/local/ssl parameter to the config run.
It built just fine.
The regression tests fail due to issues with the location of the
ssh-rand-helper.
I ran the install then, and it went fine, and the binary works.
Once it had loaded the ssh-rand-helper to where it wanted it, I re-ran the make
tests command again, successfully.
So, the end-result is this.
Requirements.
PATH=/usr/sfw/bin:/usr/ccs/bin:${PATH}
Vanilla openssl-0.9.7e must be installed.
configure must be run with the --with-openssl-dir=/usr/local/ssl parameter.
Regression tests appear to want to run ssh-rand-helper from the install
location, not the build directory for some reason.
Otherwise, it makes fine, and installs correctly.
Thanks again.
Hope this helps someone out.
> Darren Tucker wrote:
> > guyverdh at mchsi.com wrote:
> >
> >> gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o
> >> sshconnect1.o
> >> sshconnect2.o -L. -Lopenbsd-compat/ -lssh -lopenbsd-compat
-lresolv
> >> -lcrypto
> >> -lrt -lz -lsocket -lnsl
> >> Undefined first referenced
> >> symbol in file
> >> EVP_aes_192_cbc ./libssh.a(cipher.o)
> >> EVP_aes_256_cbc ./libssh.a(cipher.o)
> >> ld: fatal: Symbol referencing errors. No output written to ssh
> >> collect2: ld returned 1 exit status
> >> gmake: *** [ssh] Error 1
> >
> >
> > It looks like the Sun-supplied OpenSSL (which I believe is modified?)
> > does not have the 192-bit and 256-bit AES functions. Does it work
with
> > the vanilla OpenSSL distribution? (Possibly you will have to
"configure
> > --with-ssl-dir=/usr/local/ssl").
>
> That can bite you when you build apache2 with SSL as well (just
> for the record :) )
>
>
Okay. Uninstalled OpenSSL 0.9.7e, re-compiled and installed OpenSSL 0.9.7f. Removed the copy of the ssh-rand-helper from /usr/local/libexec. gmake distclean re-ran config with appropriate params. re-ran gmake re-ran gmake tests - the bug regarding symbolic links appears to be fixed in new openssl release however, had some issues arise later in tests... run test multiplex.sh ... test connection multiplexing: envpass test connection multiplexing: transfer scp: failed copy /bin/ls cmp: cannot open /tech_svc/SSH/openssh-4.0p1/regress/ls.copy scp: corrupted copy of /bin/ls test connection multiplexing: status 0 test connection multiplexing: status 1 test connection multiplexing: status 4 test connection multiplexing: status 5 test connection multiplexing: status 44 Master running (pid=10834) Exit request sent. failed connection multiplexing gmake[1]: *** [t-exec] Error 1 gmake[1]: Leaving directory `/tech_svc/SSH/openssh-4.0p1/regress' gmake: *** [tests] Error 2 Noticed on the console that repeated messages were being sent to console from sshd daemon... copied from the /var/adm/syslog... Mar 24 15:02:43 srvname sshd[4368]: [ID 800047 auth.error] error: setsockopt SO_KEEPALIVE: Socket operation on non-socket Mar 24 15:02:46 srvname sshd[4400]: [ID 800047 auth.error] error: setsockopt SO_KEEPALIVE: Socket operation on non-socket Mar 24 15:02:47 srvname sshd[4402]: [ID 800047 auth.error] error: setsockopt SO_KEEPALIVE: Socket operation on non-socket So, there are still a few issues to resolve. Thanks, Larry