Installing on Solaris

The downloaded installation package contains the compressed installation files.

Two packages are required: one for the common components of Tectia Client and Server, and one for the specific components of Tectia Server.

Tectia Server includes support for Zones on Solaris 10 and 11. The Tectia software can be installed into the global and local zones. When the Tectia software is installed into the global zone, it becomes automatically installed also into the existing local zones. However, Tectia Server needs to be separately installed into local zones added later into the system.

In case you are installing Tectia Server into a sparse zone, note that the installation process will report a failure in creating symlinks. The actual installation is finished successfully, but you need to manually add the /opt/tectia/bin to the path settings.

For information on Solaris Zones, see the Oracle's documentation: System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.

To install Tectia Server on Solaris, follow the instructions below:

  1. Unpack the downloaded tar package.

  2. Make sure no other software is using port 22 (Tectia Server default listen port). Stop any competing server software or change their listen port.

  3. Select the installation package according to your Solaris version.

    When installing on Solaris version 10 running on the SPARC architecture, use the following packages:


    When installing on Solaris version 11 running on the SPARC architecture, use the following packages:


    When installing on Solaris version 10 or 11 running on the x86-64 architecture, use the following packages:


    In the commands, <version> indicates the product release version and the current build number (for example, <solaris-version> refers to the Solaris version number (10 or 11), in case of installing on x86-64 architecture.

  4. Unpack the installation packages to a suitable location. The standard location is /var/spool/pkg in Solaris environment. In the command examples below, we use the x86-64 version for Solaris 10:

    $ uncompress ssh-tectia-common-<version>-solaris-10-x86_64.pkg.Z
    $ uncompress ssh-tectia-server-<version>-solaris-10-x86_64.pkg.Z
  5. Install the packages with the pkgadd tool with root privileges:

    # pkgadd -d ssh-tectia-common-<version>-solaris-10-x86_64.pkg all
    # pkgadd -d ssh-tectia-server-<version>-solaris-10-x86_64.pkg all

    The server host key is generated during the installation. The key generation may take several minutes on slow machines.

  6. Copy the license file to the /etc/ssh2/licenses directory. (This is not necessary in "third-digit" maintenance updates.) See Licensing.

    If this is the initial installation of Tectia Server, the directory does not yet exist. You can either create it manually or copy the license after the installation. In the latter case, you have to start the server manually after copying the license file.

  7. The installation should (re)start the server automatically.


    If the server does not start (for example because of a missing license or because some other secure shell software is running on port 22), you can start it after correcting the problem by issuing the command:

    # /etc/init.d/ssh-server-g3  start

On Solaris, it is recommended that you raise the maximum open files limit. The default limit for open files per process is set to 256, but it is too low for Tectia Server that will receive lots of connections. The servant may run out of file descriptors causing the connections to fail.

How much the maximum open files limit must be raised, depends on the system and the number of servants running; 8192 should be sufficient in most cases.

To set the maximum open files limit to 8192, before starting ssh-server-g3, run this command in shell:

# ulimit -n 8192 

The default limit set for open files varies between operating system versions. Refer to the instructions of your operating system for more information.

In case you want to use the BSM to record Secure Shell log-in and log-out events, see also Auditing with Solaris BSM.