SSH Tectia

Installing on Solaris

The downloaded online installation package contains the compressed installation files.

On the installation disk, the installation packages for Solaris are located in the /install/solaris/ directory.

Two packages are required: one for the common components of SSH Tectia Client and Server, and one for the specific components of SSH Tectia Server.

SSH Tectia Server includes support for Zones on Solaris 10. The SSH Tectia software can be installed into the global and local zones. When the SSH Tectia software is installed into the global zone, it becomes automatically installed also into the existing local zones. However, SSH Tectia Server needs to be separately installed into local zones added later into the system.

In case you are installing SSH Tectia Server into a sparse zone, note that the installation process will report a failure in creating symlinks. The actual installation is finished successfully, but you need to manually add the /opt/tectia/bin to the path settings.

For information on Solaris Zones, see the Sun Microsystem documentation: System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.

To install SSH Tectia Server on Solaris, follow the instructions below:

  1. Make sure no other Secure Shell software is using port 22 (SSH Tectia Server default listen port). Stop any competing server software or change their listen port.

  2. Select the installation package according to your Sun Solaris version.

    When installing on Solaris version 9 or 10 running on the SPARC architecture, use the following packages:

    ssh-tectia-common-<version>-solaris-9-10-sparc.pkg.Z 
    ssh-tectia-server-<version>-solaris-9-10-sparc.pkg.Z 
    

    When installing on Solaris version 10 running on the x86-64 architecture, use the following packages:

    ssh-tectia-common-<version>-solaris-10-x86_64.pkg.Z 
    ssh-tectia-server-<version>-solaris-10-x86_64.pkg.Z 
    

    In the commands, <version> indicates the product release version and the current build number (for example, 6.1.9.123).

  3. Unpack the installation packages to a suitable place. The standard place is /var/spool/pkg in Solaris environment. In the command examples below, we use the x86-64 version:

    $ uncompress ssh-tectia-common-<version>-solaris-10-x86_64.pkg.Z
    $ uncompress ssh-tectia-server-<version>-solaris-10-x86_64.pkg.Z 
    
  4. Install the packages with the pkgadd tool with root privileges:

    # pkgadd -d ssh-tectia-common-<version>-solaris-10-x86_64.pkg all
    # pkgadd -d ssh-tectia-server-<version>-solaris-10-x86_64.pkg all
    

    The server host key is generated during the installation. The key generation may take several minutes on slow machines.

  5. Copy the license file to the /etc/ssh2/licenses directory. (This is not necessary in "third-digit" maintenance updates.) See Licensing.

    If this is the initial installation of SSH Tectia Server, the directory does not yet exist. You can either create it manually or copy the license after the installation. In the latter case, you have to start the server manually after copying the license file.

  6. The installation should (re)start the server automatically.

    If the server does not start (for example because of a missing license or because some other secure shell software is running on port 22), you can start it after correcting the problem by issuing the command:

    # /etc/init.d/ssh-server-g3  start
[Tip]Tip

On Solaris, it is recommended that you raise the maximum open files limit. The default limit for open files per process is set to 256, but it is too low for SSH Tectia Server that will receive lots of connections. The servant may run out of file descriptors causing the connections to fail.

How much the maximum open files limit must be raised, depends on the system and the number of servants running; 8192 should be sufficient in most cases.

You can set the maximum open files limit to 8192 as follows:

  • Before starting the ssh-server-g3, run this command in shell:

    # ulimit -n 8192 

The default limit set for open files varies between operating system versions. Refer to the instructions of your operating system for more information.

In case you want to use the BSM to record Secure Shell log-in and log-out events, see also Auditing with Solaris BSM.