Location: on the road for work; home is private time
Posts: 456
Thanks Given: 10
Thanked 108 Times in 100 Posts
First of all - my bad re: the FIPS numbering - you are quite right.
re: part of AIX for ages - yes and no - imho. First it was not on the "bos" cd/dvd, later it was. However, even back when AIX 5.3 TL7 was released (openssh-*.4500) ssh and sshd did not link with openssl.base - they had internal aka static libraries they linked with).
Once upon a time AIX started releasing a version of OpenSSH that was based on openbsd (who are nice enough to maintain openssh) openssh-6.0p1
Hence on AIX
Code:
root@x072:[/]oslevel -s
ssh -V
7100-03-05-1524
root@x072:[/]ssh -V
OpenSSH_6.0p1, OpenSSL 1.0.1e 11 Feb 2013
root@x072:[/]lslpp -L | grep openss
openssh.base.client 6.0.0.6103 C F Open Secure Shell Commands
openssh.base.server 6.0.0.6103 C F Open Secure Shell Server
openssl.base 1.0.1.513 C F Open Secure Socket Layer
openssl.license 1.0.1.513 C F Open Secure Socket License
FYI: openssl.*.1.0.1.514 is the latest one I have seen as an installp. I have not looked for while for a later one. And I have quite a few versions of openssl (don't you love testing !!)
Code:
michael@x071:[/data/prj/AIX/openssl]ls -l
total 36
drwxr-xr-x 2 michael felt 4096 Jul 16 13:43 openssl-0.9.8.4
drwxr-xr-x 2 michael felt 4096 Jul 16 13:44 openssl-0.9.8.401-aix52
drwxr-xr-x 2 michael felt 4096 Jul 16 13:55 openssl-0.9.8.410
drwxr-xr-x 2 michael felt 4096 Jul 16 13:46 openssl-0.9.8.411
drwxr-xr-x 2 michael felt 4096 Jul 16 13:47 openssl-0.9.8.600
drwxr-xr-x 2 michael felt 4096 Jul 16 13:48 openssl-0.9.8.601
drwxr-xr-x 4 michael felt 4096 Jul 24 13:20 openssl-0.9.8.XXXX
lrwxrwxrwx 1 root system 36 Jul 30 10:07 openssl-1.0.1.514 -> openssl-1.0.1.XXXX/openssl-1.0.1.514
drwxr-xr-x 3 michael felt 4096 Jul 24 14:21 openssl-1.0.1.XXXX
drwxr-xr-x 2 michael felt 4096 Jul 16 14:22 openssl-aix52
And in the details ...
Code:
michael@x071:[/data/prj/AIX/openssl]ls -l openssl-0.9.8.XXXX
total 308852
-rw-r--r-- 1 michael felt 6450493 Jul 16 14:23 61ssl98m.tar.Z
-rw-r--r-- 1 michael felt 1620 Jul 16 14:19 Readme-0.9.8.1800.txt
-rw-r--r-- 1 michael felt 3157 Jul 16 14:17 Readme-0.9.8.1801.txt
-rw-r--r-- 1 michael felt 4650 Jul 16 14:17 Readme-0.9.8.1802.txt
-rw-r--r-- 1 michael felt 1617 Jul 16 14:16 Readme-0.9.8.2400.txt
-rw-r--r-- 1 michael felt 1617 Jul 16 14:16 Readme-0.9.8.2500.txt
-rw-r--r-- 1 michael felt 1720 Jul 16 14:15 Readme-0.9.8.2501.txt
-rw-r--r-- 1 michael felt 2892 Jul 16 14:15 Readme-0.9.8.2502.txt
-rw-r--r-- 1 michael felt 4035 Jul 16 14:14 Readme-0.9.8.2503.txt
-rw-r--r-- 1 michael felt 4444 Jul 16 14:14 Readme-0.9.8.2504.txt
-rw-r--r-- 1 michael felt 5165 Jul 16 14:13 Readme-0.9.8.2505.txt
-rw-r--r-- 1 michael felt 423 Jul 16 14:10 Readme-1.0.1.500.txt
-rw-r--r-- 1 michael felt 422 Jul 16 14:10 Readme-1.0.1.501.txt
-rw-r--r-- 1 michael felt 3014 Jul 16 14:12 Readme-12.9.8.2501.txt
-rw-r--r-- 1 michael felt 4413 Jul 16 14:12 Readme-12.9.8.2502.txt
-rw-r--r-- 1 michael felt 5554 Jul 16 14:11 Readme-12.9.8.2503.txt
-rw-r--r-- 1 michael felt 5963 Jul 16 14:11 Readme-12.9.8.2504.txt
-rw-r--r-- 1 michael felt 6927 Jul 16 14:11 Readme-12.9.8.2505.txt
-rw-r--r-- 1 michael felt 2911 Jul 16 14:16 Readme-fips-12.9.8.2400.txt
-rw-r--r-- 1 michael felt 2911 Jul 16 14:13 Readme-fips-12.9.8.2500.txt
-rw-r--r-- 1 michael felt 2693 Jul 16 13:54 Readme-fips.12.9.8.1100.txt
-rw-r--r-- 1 michael felt 2937 Jul 16 13:54 Readme-fips.12.9.8.1101.txt
-rw-r--r-- 1 michael felt 3081 Jul 16 13:59 Readme-fips.12.9.8.1102.txt
-rw-r--r-- 1 michael felt 3648 Jul 16 14:23 Readme-fips.12.9.8.1104.txt
-rw-r--r-- 1 michael felt 4918 Jul 16 14:21 Readme-fips.12.9.8.1301.txt
-rw-r--r-- 1 michael felt 5131 Jul 16 14:21 Readme-fips.12.9.8.1302.txt
-rw-r--r-- 1 michael felt 2902 Jul 16 14:19 Readme-fips.12.9.8.1800.txt
-rw-r--r-- 1 michael felt 4502 Jul 16 14:18 Readme-fips.12.9.8.1801.txt
-rw-r--r-- 1 michael felt 5995 Jul 16 14:17 Readme-fips.12.9.8.1802.txt
-rw-r--r-- 1 michael felt 1358 Jul 16 13:55 Readme.0.9.8.1100.txt
-rw-r--r-- 1 michael felt 1662 Jul 16 13:56 Readme.0.9.8.1102.txt
-rw-r--r-- 1 michael felt 2226 Jul 16 14:23 Readme.0.9.8.1104.txt
-rw-r--r-- 1 michael felt 1413 Jul 16 14:23 Readme.0.9.8.1300.txt
-rw-r--r-- 1 michael felt 3556 Jul 16 14:21 Readme.0.9.8.1301.txt
-rw-r--r-- 1 michael felt 3795 Jul 16 14:20 Readme.0.9.8.1302.txt
-rw-r--r-- 1 michael felt 1591 Jul 16 13:50 Readme.0.9.8.802
-rw-r--r-- 1 michael felt 1542 Jul 16 13:51 Readme.0.9.8.803-AIX-5.3_6.1.txt
-rw-r--r-- 1 michael felt 1555 Jul 16 13:54 Readme.0.9.8.840-AIX-5.3_6.1.txt
-rw-r--r-- 1 michael felt 1242 Jul 16 13:49 Readme.9.8.801.txt
drwxr-xr-x 2 michael felt 4096 Jul 24 13:21 openssl-0.9.8.1302
-rw-r--r-- 1 michael felt 6456887 Jul 16 14:20 openssl-0.9.8.1302.tar.Z
-rw-r--r-- 1 michael felt 6430789 Jul 16 14:19 openssl-0.9.8.1800.tar.Z
-rw-r--r-- 1 michael felt 6407523 Jul 16 14:17 openssl-0.9.8.1801.tar.Z
-rw-r--r-- 1 michael felt 6400451 Jul 16 14:16 openssl-0.9.8.1802.tar.Z
-rw-r--r-- 1 michael felt 6442513 Jul 16 14:16 openssl-0.9.8.2400.tar.Z
-rw-r--r-- 1 michael felt 6438535 Jul 16 14:15 openssl-0.9.8.2500.tar.Z
-rw-r--r-- 1 michael felt 10197469 Jul 16 14:15 openssl-0.9.8.2501.tar.Z
-rw-r--r-- 1 michael felt 10206027 Jul 16 14:14 openssl-0.9.8.2502.tar.Z
-rw-r--r-- 1 michael felt 10189176 Jul 16 14:14 openssl-0.9.8.2503.tar.Z
-rw-r--r-- 1 michael felt 17713505 Jul 16 14:13 openssl-0.9.8.2504.tar.Z
drwx------ 2 435159 417786 4096 Jul 16 14:28 openssl-0.9.8.2505
-rw-r--r-- 1 michael felt 10196756 Jul 16 14:13 openssl-0.9.8.2505.tar.Z
-rw-r--r-- 1 michael felt 7810255 Jul 16 14:21 openssl-fips-12.9.8.1302.tar.Z
-rw-r--r-- 1 michael felt 7777095 Jul 16 14:19 openssl-fips-12.9.8.1800.tar.Z
-rw-r--r-- 1 michael felt 7778075 Jul 16 14:18 openssl-fips-12.9.8.1801.tar.Z
-rw-r--r-- 1 michael felt 7785833 Jul 16 14:17 openssl-fips-12.9.8.1802.tar.Z
-rw-r--r-- 1 michael felt 7742959 Jul 16 14:16 openssl-fips-12.9.8.2400.tar.Z
-rw-r--r-- 1 michael felt 7777855 Jul 16 14:12 openssl-fips-12.9.8.2500.tar.Z
-rw-r--r-- 1 michael felt 12193100 Jul 16 14:12 openssl-fips-12.9.8.2501.tar.Z
-rw-r--r-- 1 michael felt 12219453 Jul 16 14:12 openssl-fips-12.9.8.2502.tar.Z
-rw-r--r-- 1 michael felt 12189522 Jul 16 14:11 openssl-fips-12.9.8.2503.tar.Z
-rw-r--r-- 1 michael felt 19710221 Jul 16 14:11 openssl-fips-12.9.8.2504.tar.Z
-rw-r--r-- 1 michael felt 12198169 Jul 16 14:10 openssl-fips-12.9.8.2505.tar.Z
-rw-r--r-- 1 michael felt 7715223 Jul 16 13:54 openssl-fips.12.9.8.1100.tar.Z
-rw-r--r-- 1 michael felt 7699778 Jul 16 13:54 openssl-fips.12.9.8.1101.tar.Z
-rw-r--r-- 1 michael felt 7703907 Jul 16 13:59 openssl-fips.12.9.8.1102.tar.Z
-rw-r--r-- 1 michael felt 7687487 Jul 16 14:23 openssl-fips.12.9.8.1104.tar.Z
-rw-r--r-- 1 michael felt 7819049 Jul 16 14:21 openssl-fips.12.9.8.1301.tar.Z
-rw-r--r-- 1 michael felt 6335431 Jul 16 13:56 openssl.0.9.8.1100.tar.Z
-rw-r--r-- 1 michael felt 6330255 Jul 16 13:55 openssl.0.9.8.1101.tar.Z
-rw-r--r-- 1 michael felt 6323679 Jul 16 13:56 openssl.0.9.8.1102.tar.Z
-rw-r--r-- 1 michael felt 6329549 Jul 16 14:22 openssl.0.9.8.1104.tar.Z
-rw-r--r-- 1 michael felt 6445169 Jul 16 14:21 openssl.0.9.8.1301.tar.Z
-rw-r--r-- 1 michael felt 6679931 Jul 16 13:49 openssl.0.9.8.802.tar.Z
-rw-r--r-- 1 michael felt 6679411 Jul 16 13:51 openssl.0.9.8.803-AIX-5.3_6.1.tar.Z
-rw-r--r-- 1 michael felt 6710648 Jul 16 13:53 openssl.0.9.8.840-AIX5.3_6.1.tar.Z
-rw-r--r-- 1 michael felt 6680723 Jul 16 13:49 openssl.9.8.801.tar.Z
So, from memory, the .2500 was OpenSSL-0.9.8z and the latest I have here (.2505) would be 0.9.8.ze
If you want the "latest" - may I "offer" OpenSSH-6.0p1 or OpenSSH-7.1p1?
root@x064:[/]installp -a -d /data/aixtools/tools aixtools.openbsd.openssh.rte
+-----------------------------------------------------------------------------+
Pre-installation Verification...
+-----------------------------------------------------------------------------+
Verifying selections...done
Verifying requisites...done
Results...
WARNINGS
--------
Problems described in this section are not likely to be the source of any
immediate or serious failures, but further actions may be necessary or
desired.
Conflicting Versions of Filesets
--------------------------------
The following filesets are conflicting versions of filesets for which there
are multiple versions on the installation media. Since a specific version
was not selected, the newest installable version has been selected.
aixtools.openbsd.openssh.rte 6.8.0.1601 # 1525 0625 1338
aixtools.openbsd.openssh.rte 7.1.0.1601 # 1537 0917 1039
aixtools.openbsd.openssh.rte 6.8.1.1601 # 1541 1016 0754
aixtools.openbsd.openssh.rte 6.9.1.1601 # 1541 1016 0753
aixtools.openbsd.openssh.rte 6.9.0.1601 # 1537 0917 0928
<< End of Warning Section >>
SUCCESSES
---------
Filesets listed in this section passed pre-installation verification
and will be installed.
Selected Filesets
-----------------
aixtools.openbsd.openssh.rte 7.1.1.1601 # 1541 1016 0755
<< End of Success Section >>
+-----------------------------------------------------------------------------+
BUILDDATE Verification ...
+-----------------------------------------------------------------------------+
Verifying build dates...done
FILESET STATISTICS
------------------
1 Selected to be installed, of which:
1 Passed pre-installation verification
----
1 Total to be installed
+-----------------------------------------------------------------------------+
Installing Software...
+-----------------------------------------------------------------------------+
installp: APPLYING software for:
aixtools.openbsd.openssh.rte 7.1.1.1601
+-------OpenSSH CONFIG Checking for Ciphers and KeyExchanges -----------------+
Creating host keys if required.
/var/openssh/etc/ssh_host_key already exists, skipping.
/var/openssh/etc/ssh_host_dsa_key already exists, skipping.
/var/openssh/etc/ssh_host_rsa_key already exists, skipping.
Generating public/private ecdsa key pair.
Your identification has been saved in /var/openssh/etc/ssh_host_ecdsa_key.
Your public key has been saved in /var/openssh/etc/ssh_host_ecdsa_key.pub.
The key fingerprint is:
SHA256:yGRoPkLu9zDHi9xmGwJepAhhcI2clKxdEe6R7y7Xx1A root@x064
The key's randomart image is:
+---[ECDSA 256]---+
|+=o=oo |
|.o*.oo |
|.o..B o |
|o+.* * . E |
|. = = + S. |
| o + + . |
| o = =. o |
| o.X+o. o |
| o=*. . |
+----[SHA256]-----+
Generating public/private ed25519 key pair.
Your identification has been saved in /var/openssh/etc/ssh_host_ed25519_key.
Your public key has been saved in /var/openssh/etc/ssh_host_ed25519_key.pub.
The key fingerprint is:
SHA256:+SzJ9nletCi7Pg8kG1zttB8penJ53vQY7iEqUT5yrDU root@x064
The key's randomart image is:
+--[ED25519 256]--+
| |
| . |
| . o |
| . o.o . . |
| S+. + + |
| .oOE. * o |
| **Bo* B .|
| .oo.X.* *.|
| oB*o.= o|
+----[SHA256]-----+
0513-044 The sshd Subsystem was requested to stop.
0513-071 The sshd Subsystem has been added.
0513-059 The sshd Subsystem has been started. Subsystem PID is 319700.
Finished processing all filesets. (Total time: 5 secs).
+-----------------------------------------------------------------------------+
Summaries:
+-----------------------------------------------------------------------------+
Installation Summary
--------------------
Name Level Part Event Result
-------------------------------------------------------------------------------
aixtools.openbsd.openssh.rt 7.1.1.1601 USR APPLY SUCCESS
aixtools.openbsd.openssh.rt 7.1.1.1601 ROOT APPLY SUCCESS
Note: OpenSSH-7.1p1 is NOT my favorite as there are many changes to the default behavior with regard to root logins. If you are not using PKI for root login (of course you are not using passwords) - then you will not have any issues. However, if you are - you may prefer the OpenSSH-6.0p1 (aixtools.openbsd.openssh-6.9.1.1601 packaging).
Hope this very long read actually helps !!!
IMPORTANT
Should you use my packaging - the key config files are copied from /etc/ssh to /var/openssh/etc - check out the files there and compare them. I have also setup the uninstall to restore the default AIX settings should you decide to not use it after all (i.e., they can co-exist side-by side)
For some reason, when I try copying my public key to the server, despite it showing as being successful:
rob@linux044:~$ ssh-copy-id -i /home/rob/Work/Keys/keys.txt.pub !@#$%.com
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/rob/Work/Keys/keys.txt.pub"... (7 Replies)
I need to automate a file transfer thru SFTP. But I cannot do a passwordless key with ssh-keygen between the servers. Is there any other way like we do something like below in FTP???
ftp -n hostIP << EOF
user userid password
get filename
EOF
Please use code tags! (5 Replies)
sftp username@host <<EOF
lcd /home/dirA
cd /home/dirB
mput *.txt
exit
EOF
Hi,
i have done the keygen-ssh settings but rite now I log through putty I enter my credentials and then when i successfully log in, then I issue the command ssh server name then I again enter into the server but... (1 Reply)
Hi,
I using ssh-keygen for passwordless authenciation firstly
and I am following these steps mentioned below...
1) Login to pngpcdb1 using your user/pass
2) type 'bash' (without quotes)
3) ssh-keygen #generates private and public key.
4) copy this private key to the location of your sftp... (1 Reply)
Hi,
I was going thruough the password less authentication of keygen-ssh that will help us in generating keys...One thing that is not clear to me that if in nearby future we conncet to remote ftp server in that case now we need to only provide the user id itself that is password would not be... (1 Reply)
Hi,
I am new to unix, recently i was exploring password less remote connection to the ftp server and in that I was exploring the ssh-keygen utility, that it generates private & public keys that helps in transmitting files in encrypted format.Could you please explain me in detail about the... (1 Reply)
Hi,
please guide me create a public/private key using ssh-keygen, lets say I have been access to server named pngpcdb1with a userid and password ...!!! and also please explain in detail the concept of these keys and ssh as I was planning to use them in ftp related scripts..! Thanks in... (1 Reply)
Hi,
I have two Unix servers A and B. I have a script in server A. I want to connect to server B from A using ssh only and without giving passwords everytime i connect. I went through other posts regarding this and I generated a public key in server A and copied that in server B. Now when I... (3 Replies)
While trying to upgrade ssh from v4.7 to v5.0 on AIX 5.3 TL9, I end up with the following error.
Has anyone come across this?
Note: openssl has been upgraded to 0.9.8.840 before this upgrade
Bala (0 Replies)
Hello friends,
I wanna to make new script which work as i defined below
(1) it connect (using ssh) to remote server
(2) remote server having passphrase key with password
(3) Generate new passphrase on local machine with random 8 character password.
(4) It will atomatically uploaded to... (4 Replies)
