advertisement
ssh-add sftp scp ssh-keygen ssh-keyscan ssh-keysign sshd sftp-server
Tool that adds keys to ssh-agent
Similar to the FTP program that works over SSH1 and SSH2 protocol
File copy program similar to rcp
Key generation tool
Utility for gathering public host keys from a number of hosts
Utility for host-based authentication
Daemon that permits you to log in
SFTP server subsystem (started automatically by sshd daemon)
The following general information covers OpenSSH: v The /etc/ssh/ssh_config directory contains the sshd daemon and the configuration files for the ssh command.
v The /usr/openssh directory contains the readme file and the original OpenSSH open-source license text file.
v The sshd daemon is under AIX SRC control. You can start, stop, and view the status of the daemon by issuing the following commands: startsrc -s sshd OR startsrc -g ssh (group) stopsrc -s sshd OR stopsrc -g ssh lssrc -s sshd OR lssrc -s ssh
You can also start and stop the daemon by issuing the following commands:
/etc/rc
.d/rc2.d/Ksshd start
OR
/etc/rc.d/rc2.d/Ssshd start
/etc/rc.d/rc2.d/Ksshd stop
OR
/etc/rc.d/rc2.d/Ssshd stop v When the OpenSSH server fileset is installed, an entry is added to the directory /etc/rc.d/rc2.d. An entry is in inittab to execute run level 2 processes (l2:2:wait:/etc/rc.d/rc 2), so the sshd daemon will start automatically at boot time. To prevent the daemon from starting at boot time, remove the
/etc/rc.d/rc2.d/Ksshd and /etc/rc.d/rc2.d/Ssshd files.
v OpenSSH software logs information to SYSLOG.
v The IBM Redbook, Managing AIX Server Farms, provides information about configuring OpenSSH in
AIX and is available at the following Web site: http://www.redbooks.ibm.com
Using OpenSSH with PAM
Beginning with AIX 5.2, OpenSSH is compiled with Pluggable Authentication Module (PAM) support. PAM is an alternate way of authenticating users. It provides an adaptable mechanism for authenticating AIX users by allowing a user-written module to be added to the login process. A user can write his own module or use the pam_aix module provided with AIX. The pam_aix module provides interfaces to AIX security services.
The following is an example of the /etc/pam.conf configuration file using the pam_aix PAM module, but other modules may be used if installed on the system. Create the /etc/pam.conf file with the following information in that file:
116
AIX 5L Version 5.2: Security Guide
sshd auth
OTHER auth sshd account
OTHER account sshd password
OTHER password sshd session
OTHER session required required required required required required required required
/usr/lib/security/pam_aix
/usr/lib/security/pam_aix
/usr/lib/security/pam_aix
/usr/lib/security/pam_aix
/usr/lib/security/pam_aix
/usr/lib/security/pam_aix
/usr/lib/security/pam_aix
/usr/lib/security/pam_aix
Chapter 8. OpenSSH Software Tools
117
118
AIX 5L Version 5.2: Security Guide
Part 2. Network and Internet Security
Part 2 of this guide provides information about network and Internet security measures. These chapters describe how to install and configure IP Security; how to identify necessary and unecessary network services; auditing and monitoring network security, and more.
© Copyright IBM Corp. 2002, 2003
119
120
AIX 5L Version 5.2: Security Guide
advertisement
Related manuals
advertisement