Guide for setting up 'ssh2' on an Indy running IRIX 6.5.*

This page was written by Christopher Spry. 'ssh2' is the second  revision of the 'ssh' software which provides secure connections between computers. It replaces telnet and other connections that do not support a high level of encryption and authentication. This guide is based on my installation of 'ssh2' on 16 November 1999, on my SGI Indy running IRIX 6.5.5f. Note that 'sshd' version 1 and 2 are not compatible. I have a related guide to installing Windows software to access computers running 'ssh' v 1.

Note added on 10 February 2001: ssh v 2 and earlier versions have been found to have a security problem. A fix has been committed to the source tree. 'OpenSSH 2.3.0' does not have this security problem and as it is free and supports both ssh v 1 and 2, it has now become preferable to ssh v 1. 'OpenSSH' v 2.3 can be downloaded with  installation instructions.

This guide is based on a 'how-to' at http://www.scms.rgu.ac.uk/staff/jr/computing/unix/ssh.shtml. I also thank Arthur Hagen for help in compiling the source code and Dan Barrett for the PGP information.

Other links:

'SSHD man page'. A detailed description of ssh1, much of which is relevant to ssh2.
'Guide to installing ssh1 client software for Windows', to access computers running 'ssh1' from a PC.
'Guide to installing ssh1' on an Indy.

1. Prerequisites
2. Obtaining ssh2 
3. Compiling ssh2
3. Starting ssh2d
4. Checking that the startup procedure works and setting it to start automatically
5. User settings
6. Testing the connection
7. PGP and ssh2
7. ssh2 clients on Windows computers
8. Literature


Prerequisites

I had to have already installed on the Indy:

gcc v 2.8.1 from http://freeware.sgi.com/index-by-alpha.html and irix_dev.sw.headers which had to be installed using three CDs: two with the base software and one with the development software.

Obtaining ssh v 2.0.13

I downloaded 'ssh-2.0.13.tar.gz 1258 Kb Thu May 13 00:00:00 1999' from ftp://ftp.cs.hut.fi/pub/ssh/ to /tmp/ssh.

Compiling ssh

I cd to /tmp/ssh and executed 'gzip -dc ssh-2.0.13.tar.gz | tar xvf -'.
I cd to '/tmp/ssh/ssh-2.0.13' and ran the command './configure'

This output information and there were no serious errors.

I then ran 'make' which told me what is was doing. This took several minutes.

I then executed, as root, '/tmp/ssh/ssh-2.0.13/make install'. This installed files in

/usr/local/bin/ (ssh2, scp2, sftp2, sftp-server2, ssh-agent2, ssh-keygen2, ssh-signer2 and ssh-add2)
/usr/local/sbin/ (sshd2)
/usr/local/man/ (man pages for the new programs in /usr/local/bib) 

A 1024 bit host key was generated and a 1024-bit dsa key pair. 

The private key was saved to /etc/ssh2/hostkey and the public key was saved to /etc/ssh2/hostkey.pub

Finally, it installed '/etc/ssh2/sshd2_config' and '/etc/ssh2/ssh2_config'.

Starting ssh2d

I then set up a daemon to start sshd. I made an executable script called '/etc/init.d/sshd' with the following entries:

#!/bin/sh
# Startup/shutdown script for sshd
SSHD=/usr/local/sbin/sshd
pid=`/usr/bin/ps -Af | /usr/bin/grep $SSHD | awk '{ if ( $3 == "1" ) print $2 }'`
case $1 in
'start')
        if [ "${pid}" = "" ]
        then
                if [ -x $SSHD ]
                then
                        $SSHD
                fi
        fi
        ;;
'stop')
        if [ "${pid}" != "" ]
        then
                /usr/bin/kill ${pid}
        fi
        ;;
*)
        echo "usage: /etc/init.d/sshd {start|stop}"
        ;;
esac

Checking that the startup procedure works and setting it to start automatically

I checked that executing '/etc/init.d/sshd start' started a daemon called 'sshd2'.  Executing '/etc/init.d/sshd stop' stopped the daemon running.

I linked the script to enable it to run at startup and shutdown using the following commands:

'ln -s /etc/init.d/sshd /etc/rc2.d/S70sshd' to start it at startup
'ln -s /etc/init.d/sshd /etc/rc0.d/K32sshd' to close it at shutdown

I noted that the configuration files in '/etc/sshd' both ran through port 22.

User settings, locally and on the remote computer

As myself ('~cspry') I added /usr/local/ssh/bin to the path in '~cspry/.cshrc'. I then generated my (cspry's) host keys.

[[sprysgi] ~ ssh-keygen

Generating 1024-bit dsa key pair
  8 .oOo.oOo.oOo
Key generated.
1024-bit dsa, cspry@sprysgi.sghms.ac.uk, Tue Nov 16 1999 13:33:55
Passphrase :
Again      :
Private key saved to /disk6/usr2/people/cspry/.ssh2/id_dsa_1024_a
Public key saved to /disk6/usr2/people/cspry/.ssh2/id_dsa_1024_a.pub

Directory ~cspry/.ssh2 then contained the files:

id_dsa_1024_a             (which contained my secret key)
id_dsa_1024_a.pub     (which contained my public key)
random_seed                (a file to create the keys)

 I copied 'id_dsa_1024_a.pub' to my home directory on the remote UNIX computer that was running ssh2. I made a file there called '/ssh2/authorization' containing the line ' Key         id_dsa_1024_a.pub'. On the local Indy running ssh2, I opened a file called '~cspry/.ssh2/identification' and added the line 'IdKey id_dsa_1024_a'.

Testing the connection

I then tried to connect to the remote computer with ssh:

ssh <remote.computer.name>

cspry's password:
<password>
Last login: Tue Nov 16 1999 14:12:41
..

This showed that I was able to login remotely with a secure 'ssh2' connection.

I added to '~cspry/.cshrc' the path to /usr/local/ssh/bin. I did not need to alter the man path.

PGP and ssh2

Make sure you are running sshd2 2.0.13 or later. Make sure you are running the same (or compatible) versions of PGP on the SSH client and server machines.  I have used version PGP v 6.5.2 from Network Associates.

On the client machine:
- Copy your PGP secret key ring to (say) $HOME/.ssh2/secring.pgp. 
- At the top of $HOME/.ssh2/identification, put the line:
  PgpSecretKeyFile secring.pgp

On the server machine:
- Copy your PGP public key ring to (say) $HOME/.ssh2/pubring.pgp.
- In $HOME/.ssh2/authorization, identify your desired key by name:
  PgpPublicKeyFile pubring.pgp
  PgpKeyName mykey

To check that the settings are correct, type::
  $ ssh2 server.example.com
If everything is set up properly, you will be prompted for your PGP passphrase:
  Passphrase for pgp key "mykey":

ssh2 clients on Windows computers

A commercial SSH Windows version of ssh2 is available at http://www.datafellows.com/f-secure.  It costs US$99.00. There is a trial version there that works for 30 days after installation.

Literature

'SSH, The Secure Shell: The Definitive Guide' by Daniel J. Barrett & Richard Silverman, will be published by O'Reilly in about February 2001, ISBN 0-596-00011-1.

Return to the 'home page'

Return to the `Computing index page'

Return to the 'Indy administration index'

© Christopher Spry mailto:cspry@cspry.co.uk.  This page was last updated on 26 November 2003 10:13:53.