AIXThis forum is for the discussion of IBM AIX.
eserver and other IBM related questions are also on topic.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I was under the impression that SSH would be default installed with AIX5...
I believe I tried connection once from home to my AIX5 box, via Putty set to SSH (port 22), and it did connect.. but then something hung up, and i just killed putty without logging off (I wasn't able to do anything else), and after that i wasn't ever able to connect via SSH again.
But I would really like to have SSH, because the box is open on the internet... and i don't feel safe enough as it is when someone is Telneting in to the box, unsecure.
So is SSH normall installed and activated? If so, how do i check and clear whatever i've done to screw it up.. and if not.. how do i go about installing an SSH daemon and setting it up.
OpenSSH is on the AIX 5L V 5.x Expansion Pack CD. It's not in the base CD set, so you'll have to add it in from that CD set if you didn't during the base os install.
You install it with smit or smitty fast path:
smitty installp
It installs just like any other piece of software, but the way it is started on boot is a little different.
Rather than putting the startup for this daemon in the normal places to start things (e.g., inetd.conf, rc.tcpip, etc....) it adds this one in with a SYS V like configuration.
Once it's installed, if you look for what is calling it you'll be puzzled and first and then finally get around to checking:
/etc/rc.d/rc2.d
which is where you'll see:
Ksshd* Ssshd*
Not that it matters much, but I just wanted to point that out to you.
Incidentally, I'd also recommend disallowing remote root logins via SSH for security reasons. Make people (you included) ssh in with a normal account and then SU to root.
To do that:
i. Edit /etc/ssh/sshd_config
ii. PermitRootLogin no
On that same note, in fact, I'd prevent root from directly loggin in remotely under any circumstance.
i. Edit /etc/security/user
ii. Under the default settings: rlogin = false
iii. add rlogin = true for each user account in their own stanza (for anyone you want to log in remotely)
thank you.. I will try this.. i do not have the expansion CD's... As the company I bought the box from only sent me a copy of the first CD...
although I was able to source documentation about installing and obtaining OpenSSH from IBM's infocenter...
Thanks for u'r tips tho... and yes I would consider removing root access compleatly from remote logins...
One question tho... if I log in as a normal user, and su to root... do I actually become root? are there any drawbacks in comparison to running/logging in as root directly?
really makes you root and by using the space and dash in this manner it loads root's profile so the paths and such are correct. If you just do:
su root
It keeps your paths and customization.
Always do:
su - root
so that you get what you expect.
Many people don't allow a direct root login at all. This way a person would need to have cracked two passwords to get into the root account. We only allow direct root login at the terminal attached to the box, because if someone has broken into the server room AND knows the root password, you're screwed anyway. This is common practice.
and then Click the AIX Toolbox Cryptographic Content link on the right side of the AIX Toolbox for Linux Applications Web site. which is this URL: http://www6.software.ibm.com/dl/aixtbx/aixtbx-p
but it doesn't work...
So does anyone know where I can DL the proper rpm? I checked OpenSSL's site, but they seem to be generic RPM's and I wouldn't know if they're properly ported for AIX.
So i'd rather have someone with some knowledge chime in.
I agree... and I will do so.. seeing that it's really only $30 US plus shipping, I can't go wrong having original CD's, especially for the extra little options it comes with.
but I would like to get this installed ASAP, as transactions are done daily and i'm affraid that "people" are watching...
If there any place (FTP for example) that has this file i'm looking for that you know of?
btw, I have now disabled rlogin except for the users that should have it... thanks for the tip
Just an update... the installtion went great.. but I did use the proper files from the IBM site.. the site was working today... so i decided to do it that way... and SSH works like a charm!
So far the AIX migration has gone very well.. Thanks to everyone that helped!
One thing... is there a way for me to deny telnet access to certain people and have them only use SSH?
I'd like to leave telnet for the local network users, but only allow SSH connections for the remote users.
There is probably a smart way, let's see if someone has an idea.
I see a very brutal way : comment the telnetd line in /etc/inetd.conf
#telnet stream tcp6 nowait root /usr/sbin/telnetd telnetd -a
if you do so and reboot your system, probably telnetd will not start, and nobody will be able to connect through telnet...
i would not recommend ALWAYS becoming root with the root environment, it is not always needed and if you are making use of exports or any custom shell varibles, history, or even if you are in a specific working directory it will all be blown away by entering the root's environment. think about what you need to accomplish before execution and use best judgement.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.