#!/bin/sh # # openssh-install.sh # # OpenSSH installation script for Solaris 2.6 & 7, based on instructions from # # http://www.sunfreeware.com/openssh26-7.html # # THIS SCRIPT WILL NOT WORK WITH SOLARIS 8 OR 9! # # This really isn't that smart, and depends on certain version numbers for the # different packages. It could easily be made to work with Solaris 8; it just # needs to check for existence of certain patches. # # @author Erick Mechler # directories DIST=/usr/local/work PKGDIR=/var/sadm/pkg # binaries we need PKGADD=/usr/sbin/pkgadd GUNZIP=/sww/bin/gunzip CAT=/bin/cat SED=/bin/sed ID=/usr/xpg4/bin/id GROUPADD=/usr/sbin/groupadd USERADD=/usr/sbin/useradd # determine which Solaris we're on, and set package names accordingly if [ `/bin/uname -r` = "5.6" ] then R=26 elif [ `/bin/uname -r` = "5.7" ] then R=7 else echo "This script only works on Solaris 2.6 or Solaris 7." exit 1 fi SSH=openssh-3.4p1-sol${R}-sparc-local SSL=openssl-0.9.6d-sol${R}-sparc-local ZLIB=zlib-1.1.4-sol${R}-sparc-local EGD=egd-0.8-sol${R}-sparc-local PRNGD=prngd-0.9.25-sol${R}-sparc-local PERL=perl-5.6.1-sol${R}-sparc-local # who am I? if [ `$ID -u` != "0" ] then echo "You need to be root to run this script." exit 1 fi # check for necessary binaries for i in $PKGADD $GUNZIP $CAT $SED $ID do if [ ! -x $i ] then echo "$i is missing..." exit 1 fi done # unzip all the packages cd ${DIST} && $GUNZIP *.gz cd ${PKGDIR} # figure out which Perl we're using for i in /usr/local/bin/perl /usr/bin/perl /bin/perl do if [ -x $i ] then echo "Using Perl installed in $i" PERL_BIN=$i break fi done if [ ! ${PERL_BIN} ] then echo "You don't seem to have Perl installed on your system." if [ -f ${DIST}/${PERL} ] then echo "Proceeding with Perl installation..." ${PKGADD} -d ${DIST}/${PERL} echo "Done with Perl installation!" else echo "No Perl package found. Please download." exit 1 fi fi # check for missing dependencies, and if OpenSSH is already installed if [ ! -d SMCossld ] && [ ! -f ${DIST}/${SSL} ] then ERR=1 echo "You're missing the required OpenSSL package. Please download." fi if [ ! -d SMCzlib ] && [ ! -f ${DIST}/${ZLIB} ] then ERR=1 echo "You're missing the required Zlib package. Please download." fi if [ ! -d SMCprngd ] && [ ! -f ${DIST}/${PRNGD} ] then ERR=1 echo "You're missing the required prngd package. Please download." fi if [ ! -d SMCegd ] && [ ! -f ${DIST}/${EGD} ] then ERR=1 echo "You're missing the required egd package. Please download." fi if [ -d SMCossh ] then ERR=1 echo "" echo "Seems you already have an OpenSSH package installed. It might" echo "be good to remove the existing one before continuing, or at" echo "least back it up first." fi if [ "${ERR}" = "1" ] then echo "Fix above errors first, then try again." exit 1 fi # do the package installs echo "Getting ready to do package installs..." cd ${DIST} for i in $PRNGD $EGD $ZLIB $SSL $SSH do ${PKGADD} -d $i done echo "" echo "All packages installed!" # fix paths to Perl binary, if necessary if [ "${PERL_BIN}" != "/usr/local/bin/perl" ] then echo "Fixing paths to Perl binary...\c" cd /usr/local/bin/ for i in egd.pl egc.pl sucker.pl test.pl do cp $i $i.dist ${SED} -e "s,^#\!/usr/local/bin/perl$,#\!${PERL_BIN}," \ < $i.dist > $i done echo "done." fi # do prngd stuff echo "Starting prngd for the first time..." touch /usr/local/etc/prngd/prngd-seed for i in /var/adm/messages /var/log/syslog do $CAT $i >> /usr/local/etc/prngd/prngd-seed done if [ ! -d /var/spool/prngd ]; then mkdir /var/spool/prngd; fi /usr/local/sbin/prngd /var/spool/prngd/pool /usr/local/bin/egc.pl /var/spool/prngd/pool get echo "done." # setting up chroot'd environment for sshd and create necessary user/group echo "Setting up chroot environment for sshd...\c" if [ ! -d /var/empty ]; then mkdir /var/empty; fi chown root:sys /var/empty chmod 755 /var/empty echo "done." echo "Creating sshd user and group...\c" ${GROUPADD} sshd ${USERADD} -g sshd -c 'sshd PrivSep User' -d /var/empty -s /bin/false sshd echo "done." # comment re: ssh keys echo "" echo "OpenSSH will assume your ssh host keys are put into:" echo " /usr/local/etc/ssh_host_key (version 1)" echo " /usr/local/etc/ssh_host_rsa_key (version 2 RSA)" echo " /usr/local/etc/ssh_host_dsa_key (version 2 DSA)" echo "" echo "To generate them, run the following commands, respectively (this script" echo "isn't going to try to do this for fear of overwriting existing keys):" echo " ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N \"\"" echo " ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N \"\"" echo " ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N \"\"" echo "" echo "Also, don't forget to put your startup scripts in place and generate the" echo "necessary hardlinks." echo "" echo "OpenSSH installation complete. You can now startup your shiny new sshd" echo "by running '/usr/local/sbin/sshd'."