When Sun first produced systems, the common way for users to move around a network and to distribute workload was to leverage the Berkeley "r" tools, such as "rsh", "rlogin", "rexec", etc. under Solaris. As academics became professional, security concerns over passwords being passed in the clear were raised and SSH was born. SSH was built with a compatible superset to "rsh", but this was later removed with the second version of the protocol. This document discusses the implementation
of SSH under Solaris.
Global Configurations:
SSH uses several global configuration files, one for the client, and another for the server. Each of these config files document the default compiler flags under Solaris. The "ssh" client global configuration file can be tailored on a per-user basis while the "sshd" server global configuration file is managed at the global level.
SSH Server Daemon
Under Solaris 10, related OS's, and above - SSHD is started through the services infrastructure.
sunserver/user$ svcs sshThere are built-in compiled defaults and global defaults which are reviewed, upon startup, and connection.
STATE STIME FMRI
online Aug_17 svc:/network/ssh:default
The following error may occur due to incorrect configurations:
channel 5: open failed: administratively prohibited: open failedUnder Solaris 10, forwarding agent is disabled as a compile flag, and is documented in the global configuration file. If one makes a connection via SSH, and proxies a port - an error message will be produced upon the first connection attempt to the proxied port.
To allow for the port forwarding, edit the configuration file "/etc/ssh/sshd_config".
AllowTcpForwarding yesRestart the "sshd" service, the administrative message disappears.
GatewayPorts yes
X11Forwarding yes
sunserver/root# svcadm restart ssh
No comments:
Post a Comment