From: Joan Millington (j.millington@chester.ac.uk)
Date: Wed Jan 18 2006 - 06:46:42 EST
Hi Admins,
Thanks to everyone who responded. The choices we made are summarized below:
>> I want to run OpenSSH 4.1 as a daemon (sshd) rather than via inetd, on a
>> HP-UX 11.11 server.
We chose OpenSSH instead of HP's SSH program because our main application
supplier prefers it (they run on a number of platforms and want the consistency).
>> I have compiled ssh to /opt/sbin/sshd with config at /etc/ssh/sshd_config.
>> Does this sound okay or can you foresee problems with /opt? (I don't
>> want /usr/local/bin in the $PATH).
I have recompiled to /opt/sshd (the sbin made little sense) and kept the config files
in /etc/ssh (although, now I think of it, they should be in /etc/opt/ssh - will fix next
time).
>> What run level do you start sshd at (rc?.d) and can you email me a copy of
>> your start-up script? (/sbin/init.d/ssh).
We are starting in rc2.d:
lrwxr-xr-x 1 root sys 16 Jan 14 13:02 S393ssh -> /sbin/init.d/ssh
And stopping in rc1.d:
lrwxr-xr-x 1 root sys 16 Jan 14 13:02 K393ssh -> /sbin/init.d/ssh
With /sbin/init.d/ssh permissions:
-r-xr-xr-x 1 bin bin 6002 Jan 16 10:19 ssh
The script is:
#!/usr/bin/sh
#
# @(#)B.11.11_LR
#
#
# OpenSSH init.d script
#
# Allowed exit values:
# 0 = success; causes "OK" to show up in checklist.
# 1 = failure; causes "FAIL" to show up in checklist.
# 2 = skip; causes "N/A" to show up in the checklist.
# Use this value if execution of this script is overridden
# by the use of a control variable, or if this script is not
# appropriate to execute for some other reason.
# 3 = reboot; causes the system to be rebooted after execution.
# 4 = background; causes "BG" to show up in the checklist.
# Use this value if this script starts a process in background mode.
# Input and output:
# stdin is redirected from /dev/null
#
# stdout and stderr are redirected to the /etc/rc.log file
# during checklist mode, or to the console in raw mode.
PATH=/usr/sbin:/usr/bin:/sbin
export PATH
openSSHDir=/opt
configDir=/etc/ssh
# NOTE: If your script executes in run state 0 or state 1, then /usr might
# not be available. Do not attempt to access commands or files in
# /usr unless your script executes in run state 2 or greater. Other
# file systems typically not mounted until run state 2 include /var
# and /opt.
rval=0
DSAKeyFile=$configDir/ssh_host_dsa_key
RSA2KeyFile=$configDir/ssh_host_rsa_key
RSA1KeyFile=$configDir/ssh_host_key
keyGenerator=$openSSHDir/bin/ssh-keygen
sshdConfig=$configDir/sshd_config
sshdPIDFile=sshd.pid
sshdCmd=$openSSHDir/sshd
sshdCmdOptions=""
#
# Checks for the existence of the host DSA key (protocol version 2)
#
DSAKeyExists() {
[ -f "$DSAKeyFile" ] && return 0
return 1
}
#
# Checks for the existence of the host RSA key (protocol version 2)
#
RSA2KeyExists() {
[ -f "$RSA2KeyFile" ] && return 0
return 1
}
#
# Checks for the existence of the RSA host key (protocol version 1)
#
RSA1KeyExists() {
[ -f "$RSA1KeyFile" ] && return 0
return 1
}
#
# Generates DSA (protocol version 2) key
#
generateDSAKey() {
echo "Generating OpenSSH server DSA (protocol version 2) key...\c"
if $keyGenerator -q -t dsa -f $DSAKeyFile -N ''; then
echo "done."
else
echo "failed!"
fi
}
#
# Generates RSA (protocol version 2) key
#
generateRSA2Key() {
echo "Generating OpenSSH server RSA (protocol version 2) key...\c"
if $keyGenerator -q -t rsa -f $RSA2KeyFile -N ''; then
echo "done."
else
echo "failed!"
fi
}
#
# Generates RSA (protocol version 1) key
#
generateRSA1Key() {
echo "Generating OpenSSH server RSA (protocol version 1) key...\c"
if $keyGenerator -q -t rsa1 -f $RSA1KeyFile -N ''; then
echo "done."
else
echo "failed!"
fi
}
#
# Checks for keys and generates them if necessary
#
generateKeys() {
if DSAKeyExists; then
echo "OpenSSH DSA key exists: $DSAKeyFile"
else
generateDSAKey
fi
if RSA2KeyExists; then
echo "OpenSSH RSA2 key exists: $RSA2KeyFile"
else
generateRSA2Key
fi
if RSA1KeyExists; then
echo "OpenSSH RSA1 key exists: $RSA1KeyFile"
else
generateRSA1Key
fi
}
#
# Start the OpenSSH server process
#
startSSHD() {
# check for configuration file
if [ ! -f "$sshdConfig" ]; then
echo "OpenSSH is not configured. Missing file $sshdConfig."
exit 1
fi
# check for all of the keys
if DSAKeyExists && RSA2KeyExists && RSA1KeyExists; then
:
else
generateKeys
fi
$sshdCmd $sshdCmdOptions
}
#
# Stop the OpenSSH server process
#
stopSSHD() {
realPIDFile=""
if [ -r "/etc/$sshdPIDFile" ]; then
realPIDFile=/etc/$sshdPIDFile
elif [ -r "/var/run/$sshdPIDFile" ]; then
realPIDFile=/var/run/$sshdPIDFile
else
echo "OpenSSH server process ID (PID) file cannot be located."
fi
[ -n "$realPIDFile" ] && kill -TERM `cat $realPIDFile`
}
# Check the exit value of a command run by this script. If non-zero, the
# exit code is echoed to the log file and the return value of this script
# is set to indicate failure.
set_return() {
x=$?
if [ $x -ne 0 ]; then
echo "EXIT CODE: $x"
rval=1 # script FAILed
fi
}
# Kill the named process(es).
# $1=<search pattern for your process>
killproc() {
pid=`ps -el | awk '( ($NF ~ /'"$1"'/) && ($4 != mypid) && ($5 != mypid) )
{ print $4 }' mypid=$$ `
if [ "X$pid" != "X" ]; then
if kill "$pid"; then
echo "$1 stopped"
else
rval=1
echo "Unable to stop $1"
fi
fi
}
case $1 in
'start_msg')
# Emit a _short_ message relating to running this script with
# the "start" argument; this message appears as part of the checklist.
echo "Starting the SSH daemon"
;;
'stop_msg')
# Emit a _short_ message relating to running this script with
# the "stop" argument; this message appears as part of the checklist.
echo "Stopping the SSH daemon"
;;
'start')
# source the system configuration variables
if [ -f /etc/rc.config ] ; then
. /etc/rc.config
else
echo "ERROR: /etc/rc.config defaults file MISSING"
fi
# Check to see if this script is allowed to run...
if [ "$RUN_SSH" != 1 ]; then
rval=2
else
# Execute the commands to start your subsystem
startSSHD
fi
;;
'stop')
# source the system configuration variables
if [ -f /etc/rc.config ] ; then
. /etc/rc.config
else
echo "ERROR: /etc/rc.config defaults file MISSING"
fi
# Check to see if this script is allowed to run...
if [ "$RUN_SSH" != 1 ]; then
rval=2
else
# Execute the commands to stop your subsystem
stopSSHD
fi
;;
*)
echo "usage: $0 {start|stop|start_msg|stop_msg}"
rval=1
;;
esac
exit $rval
Thanks again!
Joan Millington
University of Chester, England
j.millington@chester.ac.uk
-- ---> Please post QUESTIONS and SUMMARIES only!! <--- To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl Name: hpux-admin@dutchworks.nl Owner: owner-hpux-admin@dutchworks.nl Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only) http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:51 EDT