SSH

Installing on AIX

The downloaded installation package contains the compressed installation files.

Two packages are required: one for the common components of Tectia Client and Server, and one for the specific components of Tectia Server.

If you are upgrading Tectia Server version 6.2.1 or earlier to 6.5, you must do the following steps before installing the new version:

  1. Rename the subsystem group from tcpip to ssh-tectia-server:

    # /usr/bin/rmssys -s ssh-tectia-server
  2. Redefine ssh-tectia-server with the new group option:

    # mkssys -s ssh-tectia-server -p "/opt/tectia/sbin/ssh-server-g3" -q -u 0 -S \
     -n 15 -f 9 -R -G ssh-tectia-server -i /dev/null -o /dev/null -e \
     /dev/null
  3. Restart the ssh-tectia-server:

    # stopsrc -s ssh-tectia-server
    # startsrc -s ssh-tectia-server

    Now you can continue with the installation steps.

Note that upgrading from Tectia Server version 6.2.x or 6.3.x will not restart the server automatically after installing the upgrade packages. Upgrading from Tectia Server versions 6.1.x (or earlier), and versions 6.4.2 (or later) will work normally and restart the server after upgrade.

To install Tectia Server on AIX, follow the instructions below:

  1. Unpack the downloaded tar package.

  2. Make sure no other software is using port 22 (Tectia Server default listen port). Stop any competing server software or change their listen port.

  3. Unpack the installation packages:

    $ uncompress ssh-tectia-common-<version>-aix-6-7-powerpc.bff.Z
    $ uncompress ssh-tectia-server-<version>-aix-6-7-powerpc.bff.Z

    In the commands, <version> is the current package version of Tectia Server (for example, 6.5.2.123).

  4. Install the packages by running the following commands with root privileges:

    # installp -d ssh-tectia-common-<version>-aix-6-7-powerpc.bff SSHTectia.Common
    # installp -d ssh-tectia-server-<version>-aix-6-7-powerpc.bff SSHTectia.Server

    The server host key is generated during the installation. The key generation may take several minutes on slow machines.

  5. Copy the license file to directory: /etc/ssh2/licenses. (This is not necessary in "third-digit" maintenance updates.) See Licensing.

    If this is the initial installation of Tectia Server, the directory does not yet exist. You can either create it manually or copy the license after the installation. In the latter case, you have to start the server manually after copying the license file.

  6. The installation should (re)start the server automatically.

    [Note]Note

    If you upgraded from Tectia Server 6.2.x or 6.3.x, the server will not restart automatically.

    [Note]Note

    If the server does not start (for example because of a missing license or because some other secure shell software is running on port 22), correct the problem and you can start the server process by using the System Resource Controller (SRC).

    To start Tectia Server manually, enter command:

    # startsrc -s ssh-tectia-server

Installing 32-bit LAM package for AIX

There is a 32-bit binary ssh-aix-lam-proxy32 shipped with the Tectia Server installation package for AIX. In some cases there is a need to use a 32-bit Lightweight Authentication Module (LAM) in a 64-bit operating system, for example, when using Safeword authentication via LAM.

There are two binaries in /opt/tectia/libexec:

  • ssh-aix-lam-proxy (64-bit binary)

  • ssh-aix-lam-proxy32 (32-bit binary)

By default, the 64-bit binary is used. If the 32-bit binary is to be used, follow these steps:

  1. Backup the ssh-aix-lam-proxy to a safe place.

  2. Copy the ssh-aix-lam-proxy32 to ssh-aix-lam-proxy.

This will automatically start using the 32-bit LAM on the 64-bit AIX host.