|
     |
This section introduces how Tectia Client and Server are installed on Linux versions running on the 64-bit x86-64 platform architecture.
The installation packages of Tectia products are compressed into installation bundles.
There are three bundles for each supported operating system version, the
Tectia Quantum Safe Edition commercial version (-comm-pqc), the commercial version
(-comm) and the upgrade and evaluation version
(-upgrd-eval). The commercial versions require that you also purchase a
license. The evaluation versions can be used for 45 days without a license file.
Tectia Client for Linux is supplied in RPM (Red Hat Package Manager) binary packages for Red Hat Enterprise Linux, Rocky Linux and SUSE Linux running on the 64-bit x86-64 architecture.
The Tectia installation bundle contains the RPM installation files and the license file.
To install Tectia Client on Linux, follow the instructions below:
Download the relevant installation bundle according to your license type:
Commercial Tectia Quantum Safe Edition License:
tectia-client-<version>-linux-x86_64-comm-pqc.tar
Commercial License:
tectia-client-<version>-linux-x86_64-comm.tar
Evaluation:
tectia-client-<version>-linux-x86_64-upgrd-eval.tarIn the package names, <version> corresponds to
the release version and build number, for example
7.0.0.123.
Unpack the downloaded tar package.
Select the installation packages. Two packages are always required: one for the common components of Tectia Client and Server, and one for the specific components of Tectia Client. If you want to use the product with a graphical user interface (GUI), install also the optional GUI support package.
ssh-tectia-common-<version>-linux-x86_64.rpm ssh-tectia-client-<version>-linux-x86_64.rpm ssh-tectia-guisupport-<version>-linux-x86_64.rpm
Install the packages with root privileges:
# rpm -ivh ssh-tectia-common-<version>-linux-x86_64.rpm # rpm -ivh ssh-tectia-client-<version>-linux-x86_64.rpm # rpm -ivh ssh-tectia-guisupport-<version>-linux-x86_64.rpm
Or upgrade the packages if you already have an older Tectia Client version installed:
# rpm -Uvh ssh-tectia-common-<version>-linux-x86_64.rpm # rpm -Uvh ssh-tectia-client-<version>-linux-x86_64.rpm # rpm -Uvh ssh-tectia-guisupport-<version>-linux-x86_64.rpm
Copy the license file to the /etc/ssh2/licenses directory.
(This is not necessary in "third-digit" maintenance
updates.) See also License File.
Before you can run the PrivX Desktop client GUI, you will need to enable and install the EPEL repository. Then install the following dependencies:
# dnf install xcb-util-wm xcb-util-keysyms xcb-util-cursor
![[Note]](images/note.gif) | Note |
|---|---|
Extra dependencies for PrivX Desktop have been verified on RHEL/Rocky 8.x and later, and may need to be adapted for other RPM-based distributions. |
Tectia Client for Debian GNU/Linux is supplied in Debian (DEB) binary packages for Ubuntu and Debian running on the 64-bit x86-64 architecture.
The Tectia installation bundle contains the DEB installation files and the license file.
To install Tectia Client on Debian Linux, follow the instructions below:
Download the relevant installation bundle according to your license type:
Commercial Tectia Quantum Safe Edition License:
tectia-client-<version>-linux-ubuntu-x86_64-comm-pqc.tarCommercial License:
tectia-client-<version>-linux-ubuntu-x86_64-comm.tarEvaluation:
tectia-client-<version>-linux-ubuntu-x86_64-upgrd-eval.tarIn the package names, <version> corresponds to
the release version and build number, for example
7.0.0.123-1.
Unpack the downloaded tar package.
Select the installation packages. Two packages are always required: one for the common components of Tectia Client and Server, and one for the specific components of Tectia Client.
ssh-tectia-common-<version>_linux-x86_64.deb ssh-tectia-client-<version>_linux-x86_64.deb
Install the packages with root privileges:
# dpkg -i ssh-tectia-common-<version>_linux-x86_64.deb # dpkg -i ssh-tectia-client-<version>_linux-x86_64.deb
Copy the license file to the /etc/ssh2/licenses directory.
(This is not necessary in "third-digit" maintenance
updates.)
Before you can run the PrivX Desktop client GUI, install the following dependencies:
# apt install libxcb-cursor0
| Note |
|---|---|
Extra dependencies for PrivX Desktop have been verified on Ubuntu, and may need to be adapted for other Debian-based distributions. |
The downloaded installation package contains the compressed installation files.
Two packages are required: one for the common components of Tectia Client and Server, and one for the specific components of Tectia Client and Server.
To install Tectia Client and Server on AIX, follow the instructions below:
Unpack the downloaded tar package.
Unpack the installation packages:
$ uncompress ssh-tectia-common-<version>-aix-6-7-powerpc.bff.Z $ uncompress ssh-tectia-client-<version>-aix-6-7-powerpc.bff.Z
In the commands, <version> is the current package
version of Tectia Client and Server (for example, 7.0.0.123).
Install the packages by running the following commands with root privileges:
# installp -d ssh-tectia-common-<version>-aix-6-7-powerpc.bff SSHTectia.Common # installp -d ssh-tectia-client-<version>-aix-6-7-powerpc.bff SSHTectia.Client
Copy the license file to directory: /etc/ssh2/licenses.
(This is not necessary in "third-digit" maintenance updates.)
The downloaded installation package contains the compressed installation files.
Two packages are required: one for the common components of Tectia Client and Server, and one for the specific components of Tectia Client and Server.
Tectia Client and Server includes support for Zones on Solaris 11. The Tectia software can be installed into the global and local zones. When the Tectia software is installed into the global zone, it becomes automatically installed also into the existing local zones. However, if the local zones are added into the system later, the Tectia Client and Server needs to be separately installed on them.
In case you are installing Tectia Client and Server into a sparse zone, note that
the installation process will report a failure in creating symlinks. The actual installation
is finished successfully, but you need to manually add the
/opt/tectia/bin to the path settings.
For information on the Solaris Zones, see the Oracle documentation: System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.
To install Tectia Client and Server on Solaris, follow the instructions below:
Unpack the downloaded tar package.
When installing on Solaris version 11 running on the SPARC architecture, use the packages named:
ssh-tectia-common-<version>-solaris-11-sparc.pkg.Z ssh-tectia-client-<version>-solaris-11-sparc.pkg.Z
When installing on Solaris version 11 running on the x86-64 architecture, use the packages named:
ssh-tectia-common-<version>-solaris-11-x86_64.pkg.Z ssh-tectia-client-<version>-solaris-11-x86_64.pkg.Z
In the commands, <version> indicates the product
release version and the current build number (for example,
7.0.0.123).
Unpack the installation packages to a suitable place. The standard place is
/var/spool/pkg in Solaris environment. In the command examples
below, we use Solaris 11 x86-64:
$ uncompress ssh-tectia-common-<version>-solaris-11-x86_64.pkg.Z $ uncompress ssh-tectia-client-<version>-solaris-11-x86_64.pkg.Z
Install the packages with the pkgadd tool with root privileges:
# pkgadd -d ssh-tectia-common-<version>-solaris-11-x86_64.pkg all # pkgadd -d ssh-tectia-client-<version>-solaris-11-x86_64.pkg all
Copy the license file to directory: /etc/ssh2/licenses
(This is not necessary in "third-digit" maintenance updates.) .
Tectia Server for Linux platforms is supplied in RPM (Red Hat Package Manager) binary packages for Red Hat Enterprise Linux, Rocky Linux and SUSE Linux running on the 64-bit x86-64 architecture.
The Tectia Server installation bundle contains the RPM files and the license files for both the Tectia Server and Tectia Client that can be optionally installed on the same host.
To install Tectia Server on Linux, follow the instructions below:
Make sure no other Secure Shell software is using port 22 (Tectia Server default listen port). Also make sure the firewall is open for port 22.
Download the installation bundle according to your license type:
Commercial Tectia Quantum Safe Edition License:
tectia-server-<version>-linux-x86_64-comm-pqc.tar
Commercial License:
tectia-server-<version>-linux-x86_64-comm.tar
Evaluation:
tectia-server-<version>-linux-x86_64-upgrd-eval.tarIn the package names, <version> is the current
product release (for example, 7.0.0.123).
Unpack the downloaded tar package.
Select the installation packages (in this example, we install Tectia Server only). Two packages are always required: one for the common components of Tectia Client and Server, and one for the specific components of Tectia Server.
ssh-tectia-common-<version>-linux-x86_64.rpm ssh-tectia-server-<version>-linux-x86_64.rpm
| Note |
|---|---|
If you have already installed Tectia Client, you don't need to install the
|
Install the packages with root privileges:
# rpm -ivh ssh-tectia-common-<version>-linux-x86_64.rpm # rpm -ivh ssh-tectia-server-<version>-linux-x86_64.rpm
The server host key is generated during the initial installation. The key generation may take several minutes on slow machines.
Or upgrade the packages if you already have an older Tectia Server version installed:
# rpm -Uvh ssh-tectia-common-<version>-linux-x86_64.rpm # rpm -Uvh ssh-tectia-server-<version>-linux-x86_64.rpm
Copy the license file to the /etc/ssh2/licenses directory.
(This is not necessary in "third-digit" maintenance
updates.) See also License File.
If this is the initial installation of Tectia, the directory does not yet exist. You can either create it manually or copy the license after the installation. In the latter case, you have to start Tectia Server manually after copying the license file.
The installation should (re)start Tectia Server automatically.
If Tectia Server does not start (for example because of a missing license or because some other secure shell software is running on port 22), you can start it after correcting the problem by issuing the command:
# ssh-server-ctl start
For troubleshooting instructions, see Tectia Server Administrator Manual.
Tectia Server for Debian GNU/Linux platforms is supplied in Debian (DEB) binary packages for Ubuntu and Debian running on the 64-bit x86-64 architecture.
The Tectia Server installation bundle contains the DEB files and the license files for both the Tectia Server and Tectia Client that can be optionally installed on the same host.
To install Tectia Server on Debian, follow the instructions below:
Make sure no other Secure Shell software is using port 22 (Tectia Server default listen port). Also make sure the firewall is open for port 22.
Download the installation bundle according to your license type:
Commercial Tectia Quantum Safe Edition License:
tectia-server-<version>-linux-ubuntu-x86_64-comm-pqc.tarCommercial License:
tectia-server-<version>-linux-ubuntu-x86_64-comm.tarEvaluation:
tectia-server-<version>-linux-ubuntu-x86_64-upgrd-eval.tarIn the package names, <version> is the current
product release (for example, 7.0.0.123-1).
Unpack the downloaded tar package.
Select the installation packages (in this example, we install Tectia Server only). Two packages are always required: one for the common components of Tectia Client and Server, and one for the specific components of Tectia Server.
ssh-tectia-common-<version>_linux-x86_64.deb ssh-tectia-server-<version>-linux-x86_64.deb
Install the packages with root privileges:
# dpkg -i ssh-tectia-common-<version>_linux-x86_64.deb # dpkg -i ssh-tectia-server-<version>_linux-x86_64.deb
| Note |
|---|---|
If you have already installed Tectia Client, you don't need to install the
|
The server host key is generated during the initial installation. The key generation may take several minutes on slow machines.
Copy the license file to the /etc/ssh2/licenses directory.
(This is not necessary in "third-digit" maintenance
updates.)
If this is the initial installation of Tectia, the directory does not yet exist. You can either create it manually or copy the license after the installation. In the latter case, you have to start Tectia Server manually after copying the license file.
The installation should (re)start Tectia Server automatically.
If Tectia Server does not start (for example because of a missing license or because some other secure shell software is running on port 22), you can start it after correcting the problem by issuing the command:
# ssh-server-ctl start
The downloaded installation package contains the compressed installation files.
Two packages are required: one for the common components of Tectia Client and Server, and one for the specific components of Tectia Client and Server.
If you are upgrading Tectia Server version 6.2.1 or earlier to 7.0, you must do the following steps before installing the new version:
Rename the subsystem group from tcpip to
ssh-tectia-server:
# /usr/bin/rmssys -s ssh-tectia-server
Redefine ssh-tectia-server with the new group option:
# mkssys -s ssh-tectia-server -p "/opt/tectia/sbin/ssh-server-g3" -q -u 0 -S \ -n 15 -f 9 -R -G ssh-tectia-server -i /dev/null -o /dev/null -e \ /dev/null
Restart the ssh-tectia-server:
# stopsrc -s ssh-tectia-server
# startsrc -s ssh-tectia-server
Now you can continue with the installation steps.
Note that upgrading from Tectia Server version 6.2.x or 6.3.x will not restart the server automatically after installing the upgrade packages. Upgrading from Tectia Server versions 6.1.x (or earlier), and versions 6.4.2 (or later) will work normally and restart the server after upgrade.
To install Tectia Client and Server on AIX, follow the instructions below:
Unpack the downloaded tar package.
Make sure no other software is using port 22 (Tectia Server default listen port). Stop any competing server software or change their listen port.
Unpack the installation packages:
$ uncompress ssh-tectia-common-<version>-aix-6-7-powerpc.bff.Z $ uncompress ssh-tectia-server-<version>-aix-6-7-powerpc.bff.Z
In the commands, <version> is the current package
version of Tectia Client and Server (for example, 7.0.0.123).
Install the packages by running the following commands with root privileges:
# installp -d ssh-tectia-common-<version>-aix-6-7-powerpc.bff SSHTectia.Common # installp -d ssh-tectia-server-<version>-aix-6-7-powerpc.bff SSHTectia.Server
The server host key is generated during the initial installation. The key generation may take several minutes on slow machines.
Copy the license file to directory: /etc/ssh2/licenses.
(This is not necessary in "third-digit" maintenance updates.)
If this is the initial installation of Tectia Client and Server, the directory does not yet exist. You can either create it manually or copy the license after the installation. In the latter case, you have to start the server manually after copying the license file.
The installation should (re)start the server automatically.
| Note |
|---|---|
If you upgraded from Tectia Server 6.2.x or 6.3.x, the server will not restart automatically. |
| Note |
|---|---|
If the server does not start (for example because of a missing license or because some other secure shell software is running on port 22), correct the problem and you can start the server process by using the System Resource Controller (SRC). To start Tectia Server manually, enter command: # startsrc -s ssh-tectia-server |
There is a 32-bit binary ssh-aix-lam-proxy32 shipped with the
Tectia Server installation package for AIX. In some cases there is a need to use a 32-bit
Lightweight Authentication Module (LAM) in a 64-bit operating system, for example, when
using Safeword authentication via LAM.
There are two binaries in /opt/tectia/libexec:
ssh-aix-lam-proxy (64-bit binary)
ssh-aix-lam-proxy32 (32-bit binary)
By default, the 64-bit binary is used. If the 32-bit binary is to be used, follow these steps:
Backup the ssh-aix-lam-proxy to a safe place.
Copy the ssh-aix-lam-proxy32 to
ssh-aix-lam-proxy.
This will automatically start using the 32-bit LAM on the 64-bit AIX host.
The downloaded installation package contains the compressed installation files.
Two packages are required: one for the common components of Tectia Client and Server, and one for the specific components of Tectia Client and Server.
Tectia Client and Server includes support for Zones on Solaris 11. The Tectia software can be installed into the global and local zones. When the Tectia software is installed into the global zone, it becomes automatically installed also into the existing local zones. However, Tectia Server needs to be separately installed into local zones added later into the system.
In case you are installing Tectia Client and Server into a sparse zone, note that the installation
process will report a failure in creating symlinks. The actual installation is finished
successfully, but you need to manually add the /opt/tectia/bin to the
path settings.
For information on Solaris Zones, see the Oracle's documentation: System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.
To install Tectia Client and Server on Solaris, follow the instructions below:
Unpack the downloaded tar package.
Make sure no other software is using port 22 (Tectia Server default listen port). Stop any competing server software or change their listen port.
When installing on Solaris version 11 running on the SPARC architecture, use the following packages:
ssh-tectia-common-<version>-solaris-11-sparc.pkg.Z ssh-tectia-server-<version>-solaris-11-sparc.pkg.Z
When installing on Solaris version 11 running on the x86-64 architecture, use the following packages:
ssh-tectia-common-<version>-solaris-11-x86_64.pkg.Z ssh-tectia-server-<version>-solaris-11-x86_64.pkg.Z
In the commands, <version> indicates the product
release version and the current build number (for example,
7.0.0.123).
Unpack the installation packages to a suitable location. The standard location is
/var/spool/pkg in Solaris environment. In the command examples
below, we use the x86-64 version for Solaris 11:
$ uncompress ssh-tectia-common-<version>-solaris-11-x86_64.pkg.Z $ uncompress ssh-tectia-server-<version>-solaris-11-x86_64.pkg.Z
Install the packages with the pkgadd tool with root privileges:
# pkgadd -d ssh-tectia-common-<version>-solaris-11-x86_64.pkg all # pkgadd -d ssh-tectia-server-<version>-solaris-11-x86_64.pkg all
The server host key is generated during the installation. The key generation may take several minutes on slow machines.
Copy the license file to the /etc/ssh2/licenses directory.
(This is not necessary in "third-digit" maintenance updates.)
If this is the initial installation of Tectia Client and Server, the directory does not yet exist. You can either create it manually or copy the license after the installation. In the latter case, you have to start the server manually after copying the license file.
The installation should (re)start the server automatically.
| Note |
|---|---|
If the server does not start (for example because of a missing license or because some other secure shell software is running on port 22), you can start it after correcting the problem by issuing the command: # /etc/init.d/ssh-server-g3 start |
![[Tip]](images/tip.gif) | Tip |
|---|---|
On Solaris, it is recommended that you raise the maximum open files limit. The default limit for open files per process is set to 256, but it is too low for Tectia Server that will receive lots of connections. The servant may run out of file descriptors causing the connections to fail. How much the maximum open files limit must be raised, depends on the system and the number of servants running; 8192 should be sufficient in most cases. To set the maximum open files limit to 8192, before starting ssh-server-g3, run this command in shell:
# ulimit -n 8192
The default limit set for open files varies between operating system versions. Refer to the instructions of your operating system for more information. |
After a successful installation, Tectia Server is automatically started at reboot and keeps running in the background until you stop it manually, or shut the host down.
You can use Tectia Client and Tectia Server with the default settings to test their functions. For instructions on opening a secure connection for the first time, see Chapter 3.
It is also possible to customize the behavior of the Tectia client/server solution according to your needs. To learn more about modifying the Tectia configuration for different purposes, refer to the later chapters in this manual:
| |