SSH, SFTP issue

Friday, February 19, 2010 at 9:28 AM
  1. If 'configure' can't find ssl, change the configure command to:
    ./configure --prefix=/usr --with-ssl-dir=\ /usr/local/ssl --with-tcp-wrappers 

  2. Sometimes compilation of openssh bombs out with the following error messages:
    sshd.c:1660: error: storage size of req isn't known sshd.c:1663: warning: implicit declaration of function fromhost sshd.c:1660: warning: unused variable req
  3. Another frequent problem is that configure bombs out with the message:
    configure: error: Your OpenSSL headers do not match your library 
    The easiest solution is to go to your openssl directory and type:
    make install cd include/openssl cp * /usr/include/openssl/ cp * /usr/local/ssl/include/openssl/ 
    Compile openssh, using the following command line, and substitute the appropriate path after --with-ssl-dir :
    ./configure --prefix=/usr --with-tcp-wrappers \ --with-ssl-dir=/usr/local/ssl make make install 
  4. If it says:
    Connecting to carbon...  OpenSSL version mismatch. Built against 90603f, you have 90607f  Couldn't read packet: Connection reset by peer 
    Get rid of your old libcrypto libraries in /usr/lib and rerun ldconfig:
    cd /usr/local/ssl/lib cp * /usr/lib/ ldconfig 
    Then rebuild and reinstall openssh (make clean; make; make install), and restart sshd.
  5. Sometimes ssh has the following connection problem:
    On client
    Request for subsystem 'sftp' failed on channel 0 Couldn't read packet: Connection reset by peer
    On server
    sshd[7079]: Accepted password for tjnelson from 63.127.146.196 port 32777 ssh2 sshd[7079]: subsystem request for sftp sshd[7079]: error: subsystem: cannot stat /usr/local/libexec/sftp-server:  No such file or directory sshd[7079]: subsystem request for sftp failed, subsystem not found
    To solve this problem, do the following:
    Edit /etc/ssh/sshd_config and add:
    Subsystem       sftp    /usr/local/libexec/sftp-server Protocol 2
    Create /usr/libexec and make a link to sftp-server. For some reason sshd sometimes looks there instead of the path specified in its configuration file.
    mkdir /usr/libexec cd /usr/libexec ln -s /usr/lib/ssh/sftp-server sftp-server 
    Stop and start sshd (don't restart, because the port takes a while to close).
    cd /etc/rc.d ./sshd stop ./sshd restart 
  6. If it says:
    checking for socklen_t equivalent... configure:  error: Cannot find a type to use in place of socklen_t
    this means your computer is totally screwed, and you should take it out back and shoot it.
  7. If it says:
    sshd re-exec requires execution with an absolute path
    The startup script needs to be modified to include the full path of sshd.
  8. If it says:
    Permission denied (publickey,keyboard-interactive).
    This can happen after an upgrade when you change from PAM to password authentication. Edit /etc/ssh/sshd_conf and change PasswordAuthentication to yes.

NISplus Client add to master server

Wednesday, February 3, 2010 at 5:21 AM
nisclient -c -v -o client-ser

Nisclient server:

nisclient -i -h master -a 152.9.101.17 -d domain.as

client-ser:/usr/bin# /usr/lib/nis/nisclient -i -h master -a 152.9.101.17 -d domain.as
******** ******** WARNING ******** ********
NIS+ might not be supported in a future release. Tools to aid
the migration from NIS+ to LDAP are available in the Solaris 9
operating environment. For more information, visit
http://www.sun.com/directory/nisplus/transition.html
******** ******** ******* ******** ********
Initializing client client-ser for domain "domain.as.".
Once initialization is done, you will need to reboot your
machine.

Do you want to continue? (type 'y' to continue, 'n' to exit this script) y

setting up domain information "domain.as."...

setting up the name service switch information...


Client initialization completed!!
Please reboot your machine for changes to take effect.
client-ser:/usr/bin#

master # nisclient -c -v -o client-ser

You will be adding DES credentials in domain domain.as. for
client-ser

** nisclient will overwrite existing entries in the credential
** table for hosts and users specified above.

Do you want to continue? (type 'y' to continue, 'n' to exit this script) y

checking domain.as. domain...

checking cred.org_dir.domain.as. permission...

checking info type for client-ser...
**ERROR: invalid name "client-ser".
It is neither an host nor an user name.
master #

Solaris | Powered by Blogger | Entries (RSS) | Comments (RSS) | Designed by MB Web Design | XML Coded By Cahayabiru.com