Obscure SSH Version

On a recent security audit we we hit because our Cisco devices revealed their SSH version.
Is there any way to fix that?

I don't believe so. We've had auditors complain about the version (v1 vs v2), but never about it showing the version.

Similar Messages

  • Authentication failed on device 3 times. Failed to detect SSH version running on the device. PRIMARY-STARTUP config Fetch Operation failed for TFTP

    I have devices loaded but new devices keep getting this error "Authentication failed on device 3 times. Failed to detect SSH version running on the device. PRIMARY-STARTUP config Fetch Operation failed for TFTP" - which trying to get configurations. I am using LMS 3.0.1
    I tried to TELNET on devices via Putty port 22 no good. Please help?
    Name Version License Status Size CiscoWorks  Common Services 3.1.1 Licensed Not applicable  Campus  Manager 5.0.3 Purchased 1500  CiscoView 6.1.7 Licensed Not applicable  CiscoWorks  Assistant 1.0.1 Licensed Not applicable  Device  Fault Manager 3.0.3 Purchased 1500  Internetwork  Performance Monitor 4.0.1 Purchased 1500  Integration  Utility 1.7.1 Licensed Not applicable  LMS  Portal 1.0.1 Licensed Not applicable  Resource  Manager Essentials 4.1.1 Purchased 1500

    Showing 1-1 of 1 records
    Go to page:
    of 1 pages
    Device Name
    SysObjectID
    Model
    Device Status
    Inventory Status
    Inventory Last Updated Time
    Config Status
    Config Last Updated Time
    1.
    R2020012_01
    .1.3.6.1.4.1.9.1.576
    Cisco 2811 Integrated Services Router
    Normal
    Success
    Jan 13 2011 10:43:49 EST
    Failed
    Jan 13 2011 10:37:24 EST
      Rows per page:
    20 50 100 500
    Go to page:
    of 1 pages

  • Ssh version

    I get the following output when I type in ssh -V on the console...I am using Solaris 9.
    SSH Version Sun_SSH_1.0, protocol versions 1.5/2.0.
    Does this mean tht the ssh version is ssh protocol v 2.

    It means that your SSH version is "Suns SSH 1.0". However Suns SSH is just a certain version of OpenSSH (can't remember which one) with a new name.
    The SSH in question supports the SSH protocols 1.5 and 2.0.
    Currently there are three SSH protocols that i know of, the first one was 1 (highly insecure), followed by 1.5 (not to secure either) and lastly 2.0 (fairly secure unless you got one with a security bug in :-)
    //Magnus

  • CiscoWorks2k RME3.5 IDU 9.0 ssh version 2 ???

    Does anyone know when ssh v2 will be supported or I missed something?
    It seems like I can manage my devices with telnet or ssh v1. Having been able to do much with all of my ssh v2 devices.

    I heard that support for SSH version 2 will be added in the next release of CiscoWorks, may be in 1st quarter of 2005.

  • Difference ssh version 1and version 2

    Hi,Can anyone say what is the difference ssh version 1and version 2

    SSH protocol, version 2
    SSH protocol, version 1
    Separate transport, authentication, and connection protocols
    One monolithic protocol
    Strong cryptographic integrity check
    Weak CRC-32 integrity check; admits an insertion attack in conjunction with some bulk ciphers.
    Supports password changing
    N/A
    Any number of session channels per connection (including none)
    Exactly one session channel per connection (requires issuing a remote command even when you don't want one)
    Full negotiation of modular cryptographic and compression algorithms, including bulk encryption, MAC, and public-key
    Negotiates only the bulk cipher; all others are fixed
    Encryption, MAC, and compression are negotiated separately for each direction, with independent keys
    The same algorithms and keys are used in both directions (although RC4 uses separate keys, since the algorithm's design demands that keys not be reused)
    Extensible algorithm/protocol naming scheme allows local extensions while preserving interoperability
    Fixed encoding precludes interoperable additions
    User authentication methods:
    publickey (DSA, RSA*, OpenPGP)
    hostbased
    password
    (Rhosts dropped due to insecurity)
    Supports a wider variety:
    public-key (RSA only)
    RhostsRSA
    password
    Rhosts (rsh-style)
    TIS
    Kerberos
    Use of Diffie-Hellman key agreement removes the need for a server key
    Server key used for forward secrecy on the session key
    Supports public-key certificates
    N/A
    User authentication exchange is more flexible, and allows requiring multiple forms of authentication for access.
    Allows for exactly one form of authentication per session.
    hostbased authentication is in principle independent of client network address, and so can work with proxying, mobile clients, etc. (though this is not currently implemented).
    RhostsRSA authentication is effectively tied to the client host address, limiting its usefulness.
    periodic replacement of session keys
    N/A

  • SSH version in the CUCM

    Hi,
    I have an issue between my Iomega/EMC NAS and the DRS of my CUCMs.
    It's OK with a 8.6 CUCM and NOK with 7.1.3 and 8.0.3.
    I would like to know the SSH version in SFTP protocol used by the DRS service for the three version.
    Thank you for your help.
    BR

    Michael,
    I had the same question, so this is very helpful and I appreciate it.
    Emmanuel,
    I have a current issue with SFTP to a NAS and am curious if you were able to resolve. My storage engineers were also concerned about SSH version compatibility.

  • SSH Version Supported by Access Points

    Hi,
    I'm hoping this is an easy question...so apologies if it appears facile, but I can't find a definitive answer in any Cisco docs I've looked through.
    When access points are used with a WLC, its possible to allow the access points to accept SSH connections (Under the advanced tab of the AP config).
    My question is this: which version of SSH will be used when SSH sessions are created to the AP? (SSH v2?)
    All of the data sheets etc. talk about SSH support, but give now version details.
    Thanks in advance.
    Nigel.

    Hi Nigel,
    Scott is right (as usual )
    Just to confirm, I accessed a CAPWAP AP and looked at the #sh derived-config and this was the only SSH output shown, with SSH enabled on the AP:
    ip ssh version 2
    So, it looks like only SSH2 is allowed. Just to let you know the code ver was 7.0.116.0
    Rocky

  • PCI Audit - SSH version 3 & above

    Hi,
    Suggest which version of ASA IOS version supports SSH ver. 3.0 & above. I'm currently having IOS 8.2 (5) version.
    Regards
    Alexander M

    Hi Alex,
    ASA currently support only version 1 & 2.
    Thanks,
    Varun Rao
    Security Team,
    Cisco TAC

  • Cisco IDS 4250XL - SSH protocol versions supported

    I recently had a vulnerability scan completed and "SSH protocol versions supported" showed up in it for my IDS. Has anyone come across this and if so, how am I able to mitigate it. Is there a way to change the SSH version on the device?

    What vulnerability is being asserted in the OpenSSH implementation of SSH protocol version 1?
    I have not seen a new problem discovered in more than three years in the SSH protocol version 1. OpenSSH-3.7.1p2 contains all the fixes for all vulnerabilities that I am aware.
    When a vulnerability assessment recommends shutting down SSH protocol version 1, they need to back it up with some facts to show that SSH1 as implemented in the IDS 4.x sensor is insecure.
    =====
    That having been said, you can disable SSH protocol version 1 by editing /etc/ssh/sshd_config and restarting the service. What you will lose is the ability to manage keys in the IDS CLI. So you cannot use authorized keys to log into the sensor.
    The "copy scp:..." and "upgrade scp:..." commands will fail. When you start an SSH2 client, it will refuse to connect to the remote server because it won't trust the host key.
    You also won't be able to manange network devices to perform blocking using the SSH protocol.

  • Ssh has stopped working - reverse mapping causes segmentation fault

    This was working on Friday, believe me. I haven't done anything that I'm aware of (apart from reboot the machine) to change things, except in trying to fix it.
    Briefly, ssh crashes out with a segmentation fault and a crash log (below). Poking around with verbosity gives (real ip obscured):
    % ssh ip4 -vvvv
    OpenSSH_3.8.1p1, OpenSSL 0.9.7i 14 Oct 2005
    debug1: Reading configuration data /etc/ssh_config
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to ip4 [ip4] port 22.
    debug1: Connection established.
    debug1: identity file /Users/rpg/.ssh/identity type -1
    debug1: identity file /Users/rpg/.ssh/id_rsa type -1
    debug1: identity file /Users/rpg/.ssh/id_dsa type -1
    debug1: Remote protocol version 1.99, remote software version OpenSSH_3.8.1p1
    debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
    debug3: Trying to reverse map address ip4.
    Segmentation fault
    I get similar reports for %ssh FQDN and %ssh $USER@[FQDN*|*ip4].
    Although I'm trying to ssh to a machine on another continent, trying to ssh into my own machine (from a Terminal window on my own machine) also does not work. Setting UseDNS no in /etc/sshd_config on my machine does not help. Oddly, trying to ssh to my own machine by
    %ssh 127.0.0.1 gives
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
    debug3: Trying to reverse map address 127.0.0.1.
    debug1: An invalid name was supplied
    Configuration file does not specify default realm
    debug1: An invalid name was supplied
    A parameter was malformed
    Validation error
    debug1: An invalid name was supplied
    Configuration file does not specify default realm
    debug1: An invalid name was supplied
    A parameter was malformed
    Validation error
    debug1: SSH2MSGKEXINIT sent
    debug1: SSH2MSGKEXINIT received
    and then works (after a lot more info).
    I can ssh into this machine from elsewhere, I just can't ssh out. Below the crash log is a report from running a server with
    % sudo sshd -D -ddd -e -p 10000
    and connecting with
    % ssh -vvv -p 10000 $USER@FQDN
    ssh crash log:
    Date/Time: 2006-05-29 15:42:09.284 +1000
    OS Version: 10.4.6 (Build 8I1119)
    Report Version: 4
    Command: ssh
    Path: /usr/bin/ssh
    Parent: bash [1020] (note: also fails under tcsh)
    Version: ??? (???)
    PID: 1021
    Thread: 0
    Exception: EXCBADACCESS (0x0001)
    Codes: KERNINVALIDADDRESS (0x0001) at 0xb1d255e4
    Thread 0 Crashed:
    0 libstdc++.6.dylib 0x90b37e3a _cxa_getglobals + 324
    1 libstdc++.6.dylib 0x90b3853a _gxx_personalityv0 + 658
    2 libgcc_s.1.dylib 0x90bcabf7 UnwindRaiseException + 147
    3 libstdc++.6.dylib 0x90b38857 _cxathrow + 87
    4 edu.mit.Kerberos 0x94c4a238 CCIContextDataMachIPCStub::OpenCCache(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) + 314
    5 edu.mit.Kerberos 0x94c49fde CCEContext::OpenCCache(cccontextd*, char const*, ccccached**) + 160
    6 edu.mit.Kerberos 0x94c49d5e cc_open + 64
    7 edu.mit.Kerberos 0x94c49bf6 krb5stdccresolve + 182
    8 edu.mit.Kerberos 0x94c4f1a1 __KLGetCCacheByName + 254
    9 edu.mit.Kerberos 0x94c4ee8a __KLAcquireInitialTicketsForCache + 179
    10 edu.mit.Kerberos 0x94c4ed7f krb5intccdefault + 85
    11 edu.mit.Kerberos 0x94c40215 krb5gss_acquirecred + 2409
    12 edu.mit.Kerberos 0x94c4ed11 kggetdefcred + 73
    13 edu.mit.Kerberos 0x94c4da14 krb5gss_init_seccontext + 208
    14 ssh 0x00024305 0x1000 + 144133
    15 ssh 0x000246f4 0x1000 + 145140
    16 ssh 0x000247fb 0x1000 + 145403
    17 ssh 0x0000c462 0x1000 + 46178
    18 ssh 0x0000a251 0x1000 + 37457
    19 ssh 0x000042c7 0x1000 + 12999
    20 ssh 0x000025f2 0x1000 + 5618
    21 ssh 0x0000250d 0x1000 + 5389
    Thread 0 crashed with i386 Thread State:
    eax: 0x00000000 ebx: 0x90b3880d ecx:0xbfffda7c edx: 0xa4c425a0
    edi: 0xb1d255e4 esi: 0xa4c425a0 ebp:0xbfffd9e8 esp: 0xbfffd9b0
    ss: 0x0000002f efl: 0x00010246 eip:0x90b37e3a cs: 0x00000027
    ds: 0x0000002f es: 0x0000002f fs:0x00000000 gs: 0x00000037
    sudo sshd -D -ddd -e -p 10000:
    debug2: readserverconfig: filename /etc/sshd_config
    debug1: sshd version OpenSSH_3.8.1p1
    debug1: private host key: #0 type 0 RSA1
    debug3: Not a RSA1 key file /etc/sshhost_rsakey.
    debug1: read PEM private key done: type RSA
    debug1: private host key: #1 type 1 RSA
    debug3: Not a RSA1 key file /etc/sshhost_dsakey.
    debug1: read PEM private key done: type DSA
    debug1: private host key: #2 type 2 DSA
    debug1: Bind to port 10000 on ::.
    Server listening on :: port 10000.
    debug1: Bind to port 10000 on 0.0.0.0.
    Server listening on 0.0.0.0 port 10000.
    Generating 768 bit RSA key.
    RSA key generation complete. <- pause here
    debug1: Server will not fork when running in debugging mode.
    Connection from ip4 port 50148
    debug1: Current Session ID is 00B16810 / Session Attributes are 00008030
    debug1: Creating new security session...
    debug1: New Session ID is 0F7C2940 / Session Attributes are 00009020
    debug1: Client protocol version 2.0; client software version OpenSSH_3.8.1p1
    debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-1.99-OpenSSH_3.8.1p1
    debug2: Network child is on pid 1101
    debug3: preauth child monitor started
    debug3: mmrequestreceive entering
    debug3: privsep user:group 75:75
    debug1: permanentlysetuid: 75/75
    debug1: listhostkeytypes: ssh-rsa,ssh-dss
    debug3: mmrequestsend entering: type 40
    debug3: mmrequest_receiveexpect entering: type 41
    debug3: mmrequestreceive entering
    debug3: monitor_read: checking request 40
    debug1: Miscellaneous failure
    No such file or directory
    debug3: mmrequestsend entering: type 41
    debug3: mmrequestreceive entering
    debug1: no credentials for GSSAPI mechanism Kerberos
    debug1: SSH2MSGKEXINIT sent
    Connection closed by ip4
    debug1: do_cleanup
    debug1: PAM: cleanup
    debug3: PAM: sshpamthreadcleanup entering
    debug1: do_cleanup
    debug1: PAM: cleanup
    debug3: PAM: sshpamthreadcleanup entering
    and
    % ssh -vvv -p 10000 $USER@FQDN :
    OpenSSH_3.8.1p1, OpenSSL 0.9.7i 14 Oct 2005
    debug1: Reading configuration data /etc/ssh_config
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to FQDN [ip4] port 10000.
    debug1: Connection established.
    debug1: identity file /Users/rpg/.ssh/identity type -1
    debug1: identity file /Users/rpg/.ssh/id_rsa type -1
    debug1: identity file /Users/rpg/.ssh/id_dsa type -1
    debug1: Remote protocol version 1.99, remote software version OpenSSH_3.8.1p1
    debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
    debug3: Trying to reverse map address ip4.
    Segmentation fault

    10.4.7 fixed this.
    But broke iCal. . .
    Actually, I never had any problems with 10.4.6, but ssh on my nat'ed Intel Macbook now segfaults when doing reverse mapping after upgrading to 10.4.7.
    OpenSSH_3.8.1p1, OpenSSL 0.9.7i 14 Oct 2005
    debug1: Reading configuration data /etc/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to amrshampine [10.4.51.45] port 22.
    debug1: Connection established.
    debug1: identity file /Users/lindkvis/.ssh/identity type -1
    debug1: identity file /Users/lindkvis/.ssh/id_rsa type -1
    debug1: identity file /Users/lindkvis/.ssh/id_dsa type -1
    debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2
    debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
    debug3: Trying to reverse map address 10.4.51.45.
    Macbook White 13" 1.83GHz 1GB   Mac OS X (10.4.6)  

  • Not able to login after configuring SSH.Please reply

    i have configured AAA on Cisco aeronet 1400 series wireless bridge (AIR-BR1410A-A-K9).After configuring i am not able to login to the device via telnet and via putty.Soon after enabling SSH i am not able to login even through SSH.The below are the commands i have configured on the device.I used to configure the same commands on my Cisco Switches also.
    Layer -2
    ip domain-name NETS
    crypto key generate rsa general-keys modulus 1024
    ip ssh version 2
    aaa new-model
    aaa authentication login Login-LAN group tacacs+ line
    aaa authentication enable default group tacacs+ enable
    aaa accounting exec EXEC-LAN-L2 start-stop group tacacs+
    aaa accounting commands 1 Level-1-LAN-L2 start-stop group tacacs+
    aaa accounting commands 15 Level-15-LAN-L2 start-stop group tacacs+
    tacacs-server host 10.254.0.140 key !n01#zh3r3@|2
    line vty 0 4
    accounting commands 1 Level-1-LAN-L2
    accounting commands 15 Level-15-LAN-L2
    accounting exec EXEC-LAN-L2
    login authentication Login-LAN
    transport input ssh

    Hi,
    Check out the connectivity between cisco aeronet and TACAS server and what is the failed logs says in tacas server.
    If possible try to change the configuration to aaa authentication login Login-LAN(default) group tacacs+ line and then try what exactly happens.
    Hope that helps
    Regards
    Ganesh.H

  • Cisco ASA 5505 - problem with ssh, icmp on OUTSIDE interface

    Hi all,
    I have a very strange problem with OUTSIDE interface and remote ssh. Well, I have followed documentation and configure remote access for ssh like this [1.]. If I want to connect from internet to OUTSIDE interface [2.] get no response and in log I can see this message [3.]. I really do not understand why is ssh connection dropped by OUTSIDE access-list [4.]? If I understand documentation correctly there is no impact for remote mangement/access like icmp, ssh, http(s) by interface access-list. So, why?
    When I try ssh connection form internal network to INSIDE interface everything works fine and I can log in to ASA. If I try allow ssh in OUTSIDE access-list still no success and a get this message [5.]? It is strange, isn't?
    The same problem with icmp if I want to "ping" OUTSIDE interface from internet a get thish message in log [6.] and configuration for ICMP like this [7.].
    Full ASA config is in attachment.
    Can anybody help how to fix it and explain what is exactly wrong.Thanks.
    Regards,
    Karel
    [1.]
    ssh stricthostkeycheck
    ssh 10.0.0.0 255.255.255.0 INSIDE
    ssh 0.0.0.0 0.0.0.0 OUTSIDE
    ssh timeout 60
    ssh version 2
    ssh key-exchange group dh-group1-sha1
    ASA-FW01# show ssh
    Timeout: 60 minutes
    Version allowed: 2
    10.0.0.0 255.255.255.0 INSIDE
    0.0.0.0 0.0.0.0 OUTSIDE
     [2.]
    ASA-FW01# show nameif
    Interface                Name                     Security
    Vlan10                   INSIDE                   100
    Vlan20                   EXT-VLAN20                 0
    Vlan30                   EXT-WIFI-VLAN30           10
    Vlan100                  OUTSIDE                    0
    ASA-FW01# show ip
    System IP Addresses:
    Interface                Name                   IP address      Subnet mask     Method
    Vlan10                   INSIDE                 10.0.0.1        255.255.255.0   CONFIG
    Vlan20                   EXT-VLAN20             10.0.1.1        255.255.255.0   CONFIG
    Vlan30                   EXT-WIFI-VLAN30        10.0.2.1        255.255.255.0   CONFIG
    Vlan100                  OUTSIDE                85.71.188.158   255.255.255.255 CONFIG
    Current IP Addresses:
    Interface                Name                   IP address      Subnet mask     Method
    Vlan10                   INSIDE                 10.0.0.1        255.255.255.0   CONFIG
    Vlan20                   EXT-VLAN20             10.0.1.1        255.255.255.0   CONFIG
    Vlan30                   EXT-WIFI-VLAN30        10.0.2.1        255.255.255.0   CONFIG
    Vlan100                  OUTSIDE                85.71.188.158   255.255.255.255 CONFIG
    ASA-FW01# show interface OUTSIDE detail
    Interface Vlan100 "OUTSIDE", is up, line protocol is up
      Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
            Description: >>VLAN pro pripojeni do internetu<<
            MAC address f44e.05d0.6c17, MTU 1480
            IP address 85.71.188.158, subnet mask 255.255.255.255
      Traffic Statistics for "OUTSIDE":
            90008 packets input, 10328084 bytes
            60609 packets output, 13240078 bytes
            1213 packets dropped
          1 minute input rate 15 pkts/sec,  994 bytes/sec
    [3.]
    Jan 13 2015 06:45:30 ASA-FW01 : %ASA-6-106100: access-list OUTSIDE denied tcp OUTSIDE/193.86.236.70(46085) -> OUTSIDE/85.71.188.158(22) hit-cnt 1 first hit [0xb74026ad, 0x0]
    [4.]
    access-list OUTSIDE remark =======================================================================================
    access-list OUTSIDE extended permit icmp any any echo-reply
    access-list OUTSIDE extended deny ip any any log
    access-group OUTSIDE in interface OUTSIDE
    [5.]
    Jan 12 2015 23:00:46 ASA-FW01 : %ASA-2-106016: Deny IP spoof from (193.86.236.70) to 85.71.188.158 on interface OUTSIDE
    [6.]
    Jan 13 2015 06:51:16 ASA-FW01 : %ASA-4-400014: IDS:2004 ICMP echo request from 193.86.236.70 to 85.71.188.158 on interface OUTSIDE
    [7.]
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit 10.0.0.0 255.0.0.0 INSIDE
    icmp permit 10.0.0.0 255.0.0.0 EXT-WIFI-VLAN30
    icmp permit any OUTSIDE

    You're right that the ACL should not affect otherwise allowed communications to the interface address.
    Try disabling the ip audit feature on your outside interface.
    no ip audit interface OUTSIDE AP_OUTSIDE_INFO
    no ip audit interface OUTSIDE AP_OUTSIDE_ATTACK

  • Writing a file using ssh in OSB 11g

    Hi
    OSB 11G
    Once I fetch from DB, i am able to write a flat file(delimiter with pipe) using Messaging Service and MFL.
    Now, my requirement is to write using SSH .
    Can anyone let me know how do I configure it in my Business Service?
    Thanks
    Edited by: soauser on Jul 12, 2011 9:08 AM

    OSB supports SSH File Transfer Protocol (SFTP) using SSH version 2 with SFTP transport -
    section "26.5 SFTP Transport" at http://download.oracle.com/docs/cd/E17904_01/doc.1111/e15866/http_poller.htm#i1085854
    If existing options are not sufficient, you may also create custom transport using transport SDK and use that in OSB -
    http://download.oracle.com/docs/cd/E17904_01/doc.1111/e15866/part_tsdk.htm#sthref954
    Regards,
    Anuj

  • Ssh configuration issue by enable UsePrivilegeSeparation

    Hi,
    I have the following error message after I set UsePrivilegeSeparation yes in /etc/ssh/sshd_configuration file:
    . Solaris 10 with default ssh version come with solaris 10
    . After I set the line 'UsePrivilegeSeparation yes' then complain about user sshd does not exist so I created the user and ssh started fine.
    However, when I try to ssh to the box and won't let me login in, here is the error from messages log:
    fatal: Userauth method unknown while starting PAM
    Thank you for your help!

    https://wiki.archlinux.org/index.php/Fo … s_and_Code

  • INSTALLING SSH IN SOLARIS 8

    Hello,
    I�m trying to install openssh in a Solaris 8 machine. I followed these setps:
    1.- Install the patch 112438-03 and boot -r
    2.- pkgadd -d openssh-4.4p1-sol8-sparc-local
    pkgadd -d openssl-0.9.6i-sol8-sparc-local
    pkgadd -d zlib-1.2.3-sol8-sparc-local
    3.- mkdir /var/empty
    chown root:sys /var/empty
    chmod 755 /var/empty
    groupadd sshd
    useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
    4.-modify /usr/local/etc/sshd_config (making reference to /usr/local/libexec/sftp-server)
    5.-implement the files /etc/hosts.allow and /etc/hosts.deny
    6.- NOW I HAVE TRIED THE FOLLOWING ACCORDING WITH THE INSTRUCTIONS IN INSTALL.openssl document:
    $ ./config
    PROBLEMS: WHERE IS THE "config" script localted? I get the message "ksh: ./config: not found"
    Please, help me! How can I follow from this point. I don`t know from where execute the config script.
    thanks

    Follow this steps recently i did it in a solaris 8 box
    hope this will solve your issue
    Ssh installation for Solaris 8
    Introduction:
    Secure shell (SSH) is a protocol that provides a secure, remote connection to any device with ssh support. SSH is a substitute to Berkeley r-tools like telnet, rlogin, rsh and rcp which are not secure. SSH provides more security to any data that is being transported to the Internet by providing more authentication, encryption and authorization procedures. There are currently two versions of SSH available, SSH Version 1 and SSH Version 2
    openssh
    openssl (SSL)
    prngd (Psuedo Random Generator Daemon)
    zlib (Z library)
    Installation:
    #pkgadd -d openssl-0.9.6c-sol8-sparc-local
    The following packages are available:
    1 SMCosslc openssl
    (sparc) 0.9.6c
    Select package(s) you wish to process (or 'all' to process
    all packages). (default: all) [?,??,q]:
    #pkgadd -d prngd-0.9.23-sol8-sparc-local
    The following packages are available:
    1 SMCprngd prngd
    (sparc) 0.9.23
    Select package(s) you wish to process (or 'all' to process
    all packages). (default: all) [?,??,q]:
    #pkgadd -d zlib-1.1.4-sol8-sparc-local
    The following packages are available:
    1 SMCzlib zlib
    (sparc) 1.1.4
    Select package(s) you wish to process (or 'all' to process
    all packages). (default: all) [?,??,q]:
    #pkgadd -d openssh-3.1p1-sol8-sparc-local
    The following packages are available:
    1 SMCossh openssh
    (sparc) 3.1p1
    Select package(s) you wish to process (or 'all' to process
    all packages). (default: all) [?,??,q]:
    Note:- If you are facing any problem like PRNG is not seeded please apply 112438-01 patch and reboot the system and create a symbolic link
    ln -s /devices/pseudo/random@0:random /dev/random
    ln -s /devices/pseudo/random@0:urandom /dev/urandom
    This is because of missing /dev/random
    Create SSHD account and directory
    # mkdir /var/empty
    # chown root:sys /var/empty
    # groupadd sshd
    # useradd -g sshd -c "SSHD Admin" -d /var/empty �s /bin/false sshd
    Startup Scripts:
    Create a startup script for the ssh daemon.
    /etc/init.d/sshd
    #! /bin/sh
    # start/stop the secure shell daemon
    case "$1" in
    'start')
    # Start the ssh daemon
    if [ -f /usr/local/sbin/sshd ]; then
    echo "starting SSHD daemon"
    /usr/local/sbin/sshd &
    fi
    'stop')
    # Stop the ssh deamon
    PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep sshd | /usr/bin/awk '{print $1}'`
    if [ ! -z "$PID" ] ; then
    /usr/bin/kill ${PID} >/dev/null 2>&1
    fi
    echo "usage: /etc/init.d/sshd {start|stop}"
    esac
    Make the script executable and create a startup script on run level 2.
    #sh sshd start
    #chmod +x /etc/init.d/sshd
    #ln �s /etc/init.d/sshd /etc/rc2.d/S99sshd
    Create a startup script for the pseudo random generator daemon.
    /etc/init.d/prngd
    #! /bin/sh
    # start/stop the pseudo random generator daemon
    case "$1" in
    'start')
    # Start the ssh daemon
    if [ -f /usr/local/bin/prngd ]; then
    echo "starting PRNG daemon"
    /usr/local/bin/prngd /var/spool/prngd/pool&
    fi
    'stop')
    # Stop the ssh deamon
    PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep prngd | /usr/bin/awk '{print $1}'`
    if [ ! -z "$PID" ] ; then
    /usr/bin/kill ${PID} >/dev/null 2>&1
    fi
    echo "usage: /etc/init.d/prngd {start|stop}"
    esac
    Make the script executable and create a startup script on run level 2.
    #chmod +x /etc/init.d/prngd
    #ln �s /etc/init.d/prngd /etc/rc2.d/S99prngd
    # /etc/init.d/prngd start
    starting PRNG daemon
    Info: Random pool not (yet) seeded
    Could not bind socket to /var/spool/prngd/pool: No such file or directory
    # mkdir -p /var/spool/prngd
    #/etc/init.d/prngd start
    starting PRNG daemon
    # Info: Random pool not (yet) seeded
    Next is to start the actual ssh daemon,
    # /etc/init.d/sshd start
    starting SSHD daemon
    Could not load host key: /usr/local/etc/ssh_host_key
    Could not load host key: /usr/local/etc/ssh_host_rsa_key
    Could not load host key: /usr/local/etc/ssh_host_dsa_key
    Disabling protocol version 1. Could not load host key
    Disabling protocol version 2. Could not load host key
    sshd: no hostkeys available -- exiting.
    The errors above are due to the fact that we didn't create any key pairs for our ssh server.
    Create a public key pair to support the new, DSA-based version 2 protocol
    # /usr/local/bin/ssh-keygen -d -f /usr/local/etc/ssh_host_dsa_key -N ""
    Generating public/private dsa key pair.
    Your identification has been saved in /usr/local/etc/ssh_host_dsa_key.
    Your public key has been saved in /usr/local/etc/ssh_host_dsa_key.pub.
    The key fingerprint is:
    00:91:f5:8a:55:7c:ac:ff:b7:08:1f:ce:23:aa:f2:79 root@solaris8
    Create a public key pair to support the old, RSA-based version 1 protocol
    # /usr/local/bin/ssh-keygen -b 1024 -f /usr/local/etc/ssh_host_rsa_key -t rsa -N ""
    Generating public/private rsa1 key pair.
    Your identification has been saved in /usr/local/etc/ssh_host_rsa_key.
    Your public key has been saved in /usr/local/etc/ssh_host_rsa_key.pub.
    The key fingerprint is:
    8e:b0:1d:8a:22:f2:d2:37:1f:92:96:02:e8:74:ca:ea root@solaris8
    Edit ssh daemon configuration file /usr/local/etc/sshd_config, enable protocol 2 and 1
    Uncomment the line, that says
    protocol 2,1
    # /etc/init.d//sshd start
    starting SSHD daemon
    Thnaks
    RK

Maybe you are looking for

  • Can't watch Netflix on new Macbook Pro and getting error message.

    I recently got a new MacBook Pro and I am new to using Macs. I logged into Netflix and clicked on a movie but I get a message saying "An unknown error has occured". I tried setting up the device or whatever but where am I supposed to get the code? I

  • HT1311 What if i have some credit les than $1 i can't even use them ,, so i want to change country region , how can i change ?

    I actually have some us gift card credits in my account ,, and right now i want to change my region to my country so i can enter my visa card ,, but it don't allow me because there are credit les than 1$ that even i can't buy any thing to finish it !

  • Binary file compare

    I'm sorry. I didn't want to have to post here, but I've been banging my head on this all week. Hopefully somebody here can shed some light on this for me. I'm trying to write an application that compares a series of binary files in a user-defined ord

  • Each record of table in new page

    experts help i will be having records in table  and each record i want to print in new page. suppose if i have 5 records ie 5 items i need to print in 5 pages. I was looping at table. and printing each record , but all are comming in the same page. P

  • Can i use Custom Tags for Database retrieval (as per MVC pattern)?

    In our project we are dealing with database, and i've used the Cutom Tags for database retrieval (as per the Article from Mr Faisal Khan) and it is working fine. But i have a doubt if it affects the performance in any way . I wanted to know if its re