Q's: Openssl and AIX 5.1???

[BobMCT]

I'm having a dickens of a time trying to get openssl working on my aix 5.1 box. I downloaded the bff of version 0.9.6 something from bull and installed it with smit. Went OK.
However, I'm trying to install SSLeay and it's telling me that I don't have ssl installed.

Is there anything magical that must be done with openssl to get it to work properly? I noticed there is an openssl.cnf file in /usr/local/ssl that I have not touched. Must that be configured appropriately?

Anyone? Please advise?

Thanks

 

[vidmar]

BobMFDC,

Here is my procedure for installing/configuring OpenSSH/SSL on AIX 5.1.

This procedure assumes you have gnu gcc, gnu make & gnu zlib already installed.
=====================
;*****
;Compile and install the PRNGD - Pseudo Random Number Generator Daemon
;*****

;FTP prngd-0.9.27.tar.gz to /local/tmp
cd /local/tmp
gunzip -c prngd-0.9.27.tar.gz | tar xvf -
cd prngd-0.9.27
vi Makefile

;Remove the comment from the Compiler section so that gcc is selected
From:
# CC=gcc
TO:
CC=gcc

;Find the AIX 4.3 w/cc section in Makefile; uncomment and change the CFLAGS line so that it appears like the following:

# AIX 4.3 w/cc (&quot;Joerg Petersen <j.petersen@msh.de>)
# Please also check out contrib/AIX-4.3/00README.aix-src
CFLAGS=-O -DAIX43
# SYSLIBS=

;The source can then be compiled by issuing the make command
make

;Copy the compiled files to their destination
cp /local/tmp/prngd-0.9.27/prngd /usr/local/sbin

;Copy /local/tmp/prngd.conf to /etc/prngd.conf
cp /local/tmp/prngd.conf /etc/prngd.conf

;To create a subsystem for controlling the prngd daemon, issue the following command:
/usr/bin/mkssys -s prngd -p /usr/local/sbin/prngd -a '-f -c /etc/prngd.conf -s /var/tmp/egd-seed /dev/egd-pool' -u 0 -S -n 15 -f 9 -R -G local

;Now lets Generate an initial seed
ls -alniR /var/adm > /var/tmp/egd-seed

;The prngd subsystem can now be started by executing the &quot;startsrc -s prngd&quot; command.
startsrc -s prngd

;You can check to see if the service is running with this command:
lssrc -s prngd

;If you want to stop the prngd service run this command:
stopsrc -s prngd

;To remove the subsystem:
rmssys -s prngd

;To have the prngd subsystem start at system boot, enter the following command, which adds an entry to /etc/inittab:
/usr/sbin/mkitab &quot;prngd:2:wait:startsrc -s prngd > /dev/console 2>&1&quot;

;Cleanup the prngd install
cd /local/tmp
rm prngd-0.9.27.tar.gz
rm -R prngd-0.9.27


;*****
;Build and Install OpenSSL libraries
;*****

;FTP OpenSSL to /local/tmp
cd /local/tmp
gunzip -c openssl-0.9.7c.tar.gz | tar xvf -
cd openssl-0.9.7c

;This guesses at your operating system (and compiler, if necessary) and configures OpenSSL based on this guess
./config

;Build OpenSSL (may take up to 45 mins)
make

;After a successful build, the libraries should be tested
make test

;If everything tests ok, install OpenSSL, it will install into /usr/local/ssl by default (may take up to 20 mins)
make install

;Cleanup the SSL install
cd /local/tmp
rm openssl-0.9.7c.tar.gz
rm -R openssl-0.9.7c


;*****
;Build and Install OpenSSH
;*****

;Setup the privileged seperation

;When privsep is enabled, during the pre-authentication phase sshd will
;chroot(2) to &quot;/var/empty&quot; and change its privileges to the &quot;sshd&quot; user
;and its primary group. sshd is a pseudo-account that should not be
;used by other daemons, and must be locked and should contain a
;&quot;nologin&quot; or invalid shell.

;/var/empty should not contain any files.

;You should do something like the following to prepare the privsep
;preauth environment:

mkdir /var/empty
chown root /var/empty
chgrp system /var/empty
chmod 755 /var/empty
mkgroup -'a' id='444' sshd


;Start smitty and Create a sshd user using these parameters
username=sshd uid=5444 primgrp=sshd grpset=sshd home=/var/empty prog=/bin/ksh locked=true login=false

;FTP OpenSSH to /local/tmp
cd /local/tmp
gunzip -c openssh-3.7.1p2.tar.gz | tar xvf -
cd openssh-3.7.1p2

;This guesses at your operating system (and compiler, if necessary) and configures OpenSSH
;This may take up to 10 mins
./configure --sysconfdir=/etc/ssh --with-prngd-socket=/dev/egd-pool --with-pid-dir=/var/tmp

;Random number source will be: OpenSSL internal ONLY (Means SSL will use the prngd)

;Build OpenSSH (may take up to 20 mins)
make

;This will install the OpenSSH binaries in /usr/local/bin, configuration files
;in /etc/ssh, the server in /usr/local/sbin, etc (May take up to 20 mins)
make install

;To create a subsystem for controlling the ssh daemon, issue the following command:
/usr/bin/mkssys -s sshd -p /usr/local/sbin/sshd -a '-D' -u 0 -S -n 15 -f 9 -R -G local

;The sshd subsystem can now be started by executing the &quot;startsrc -s sshd&quot; command.
startsrc -s sshd

;You can check to see if the service is running with this command:
lssrc -s sshd

;If you want to stop the prngd service run this command:
stopsrc -s sshd

;To remove the subsystem:
rmssys -s sshd

;To have the sshd subsystem start at system boot, enter the following command, which adds an entry to /etc/inittab:
/usr/sbin/mkitab -i prngd &quot;sshd:2:wait:startsrc -s sshd > /dev/console 2>&1&quot;


;Cleanup the SSH install
cd /local/tmp
rm openssh-3.7.1p2.tar.gz
rm -R openssh-3.7.1p2


;Make final user changes in /local/usr
cd /local/usr
chown -R root *