Installing OpenSSH on Tru64 UNIX 4.0F
This is going to be a very unpopular post as Tru64 UNIX is a history. I have acquired an AlphaServer DS10 recently and installed Tru64 UNIX 4.0F (all packages) but it does not have an SSH server. I think there is a binary somewhere on internet but it is hard to find instructions for building it from the source. So here is one.
The purpose of this post is not to have a very secure SSH server build, it is I guess difficult for 20+ years old system to do this. The purpose is only to have an SSH server, with reasonable features.
These instructions are for Tru64 UNIX 4.0F but probably they will work for 4.0G and also maybe also for earlier 4.x releases. If you try, let me know if they work or not.
Requirements
First, you need an OpenSSH portable release. The problem is which version to use. I tried many and decided to use 4.9p1, this is the latest release of 4.x line, released in 2008. If I try to build (make) the versions after this release, it returns errors (different errors depending on the version). Maybe some of these errors can be fixed but I do not want to change the source code, so I am using the version 4.9p1.
Second, there are two dependencies of OpenSSH, 4.9p1 requires:
You will also need prngd.
zlib
The latest version of zlib is 1.2.13 and there is no problem to use this. Download the source, uncompress and untar, and:
$ ./configure
$ make
$ make install
installs it to /usr/local/.
OpenSSL
Similar to OpenSSH, there are many OpenSSL releases. OpenSSH 4.9p1 says 0.9.6 or greater, and the latest release in 0.9.x line is 0.9.8zf. I also tried building 1.x releases but again they cannot be build (at least without any change to source code). I tried 0.9.8zf and it can be built, so I am using this version.
After you download the source, uncompress and untar, and then:
$ ./config
$ make
$ make install
installs it to /usr/local/openssl.
If you look at the OpenSSH documentation, it says to build OpenSSL as a position independent code (PIC). However, I think, the compiler and/or linker in Tru64 does not have -fPIC flag, so if you add it to config above, make will return an error. I do not build it as PIC, and then use corresponding directive (--without-pie) for OpenSSH as well.
prngd
This is not a direct dependency of OpenSSH, but because Tru64 UNIX 4.0f does not have /dev/[u]random entropy source, there is a need for a randomness source. prngd uses different things and the output can be used by programs (like OpenSSL) that require random data. The latest version of prngd is 0.9.29 and it can be used.
After downloading the source, uncompress and untar, and then modify Makefile and uncomment these two lines under For Tru64 section:
CFLAGS=-O -DTRU64
LDFLAGS=-ldb
and then issuing make builds the source and you can see prngd in the same folder. There is no make install, so I copied prngd to /usr/local/sbin and also the configuration file contrib/Tru64/prngd.conf.tru64 to /etc as prngd.conf.
OpenSSH
After downloading the source of release 4.9p1, uncompress and untar, and then:
$ ./configure --without-pie --with-zlib=/usr/local --with-prngd-socket=/tmp/prngd.socket
$ make
builds OpenSSH. As I mentioned above, --without-pie is used because OpenSSL is not built as PIC. Also, the path to prngd socket is also provided here, otherwise it gives an error.
In order for make install to succeed, two things has to be done:
Disable Privilege Separation by uncommenting
UsePrivilege Separation noinsshd_configin the same folder. This file will be copied to target directory during install. This is definitely not recommended for security but as I said it is not the purpose here (also as far as I know Privilege Separation is not 100% supported in Tru64).Run prngd as
prngd /tmp/prngd.socket. This unix socket (file) will be checked in install.
After these steps, make install installs OpenSSH to /usr/local with configuration files under /usr/local/etc. make install also generates the host key, which can also be generated by make host-key, so OpenSSH is ready to be used.
Configuration
Naturally you have to start prngd before starting OpenSSH daemon (sshd), and start both of these at system startup, this is done by creating init scripts in /sbin/init.d and creating symbolic links to these files in /sbin/rc3.d.
Here is the init script /sbin/init.d/prngd:
##!/sbin/sh
pid=`/sbin/init.d/bin/getpid /usr/local/sbin/prngd -uroot`
case "$1" in
'start')
set `who -r`
if [ $9 = "S" ] && [ "X$pid" = "X" ]
then
[ -f /usr/local/sbin/prngd ] && {
/usr/local/sbin/prngd /tmp/prngd.socket &
echo "PRNGD started"
}
fi
;;
'stop')
if [ "X$pid" != "X" ]
then
/bin/kill $pid
fi
;;
*)
echo "usage: $0 {start|stop}"
;;
esac
Here is the init script for /sbin/init.d/sshd:
##!/sbin/sh
pid=`/sbin/init.d/bin/getpid /usr/local/sbin/sshd -uroot`
case "$1" in
'start')
set `who -r`
if [ $9 = "S" ] && [ "X$pid" = "X" ]
then
[ -f /usr/local/sbin/sshd ] && {
/usr/local/sbin/sshd &
echo "SSHD started"
}
fi
;;
'stop')
if [ "X$pid" != "X" ]
then
/bin/kill $pid
fi
;;
*)
echo "usage: $0 {start|stop}"
;;
esac
Then create the symbolic links:
$ cd /sbin/rc3.d
$ ln -s ../init.d/prngd S90prngd
$ ln -s ../init.d/prngd K90prngd
$ ln -s ../init.d/sshd S91sshd
$ ln -s ../init.d/sshd K91sshd
This will make prngd and sshd to start at runlevel 3 (networked multi-user level).
By default, the host offers ssh-rsa and ssh-dss host key types. In your ssh client, you might need to add these to accepted list. For example, in Ubuntu, I add these lines to ~/.ssh/config:
Host myhost
HostKeyAlgorithms +ssh-rsa
myhost is the hostname that I use to connect to this host e.g. ssh myhost.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.