|
     |
This section gives instructions on installing Tectia Server locally on the supported operating systems.
The downloaded installation package contains the compressed installation files.
Two packages are required: one for the common components of Tectia Client and Server, and one for the specific components of Tectia Server.
If you are upgrading Tectia Server version 6.2.1 or earlier to 7.0, you must do the following steps before installing the new version:
Rename the subsystem group from tcpip to
ssh-tectia-server:
# /usr/bin/rmssys -s ssh-tectia-server
Redefine ssh-tectia-server with the new group option:
# mkssys -s ssh-tectia-server -p "/opt/tectia/sbin/ssh-server-g3" -q -u 0 -S \ -n 15 -f 9 -R -G ssh-tectia-server -i /dev/null -o /dev/null -e \ /dev/null
Restart the ssh-tectia-server:
# stopsrc -s ssh-tectia-server
# startsrc -s ssh-tectia-server
Now you can continue with the installation steps.
Note that upgrading from Tectia Server version 6.2.x or 6.3.x will not restart the server automatically after installing the upgrade packages. Upgrading from Tectia Server versions 6.1.x (or earlier), and versions 6.4.2 (or later) will work normally and restart the server after upgrade.
To install Tectia Server on AIX, follow the instructions below:
Unpack the downloaded tar package.
Make sure no other software is using port 22 (Tectia Server default listen port). Stop any competing server software or change their listen port.
Unpack the installation packages:
$ uncompress ssh-tectia-common-<version>-aix-6-7-powerpc.bff.Z $ uncompress ssh-tectia-server-<version>-aix-6-7-powerpc.bff.Z
In the commands, <version> is the current package
version of Tectia Server (for example, 7.0.0.123).
Install the packages by running the following commands with root privileges:
# installp -d ssh-tectia-common-<version>-aix-6-7-powerpc.bff SSHTectia.Common # installp -d ssh-tectia-server-<version>-aix-6-7-powerpc.bff SSHTectia.Server
The server host key is generated during the initial installation. The key generation may take several minutes on slow machines.
Copy the license file to directory: /etc/ssh2/licenses.
(This is not necessary in "third-digit" maintenance updates.) See
Licensing.
If this is the initial installation of Tectia Server, the directory does not yet exist. You can either create it manually or copy the license after the installation. In the latter case, you have to start the server manually after copying the license file.
The installation should (re)start the server automatically.
![[Note]](images/note.gif) | Note |
|---|---|
If you upgraded from Tectia Server 6.2.x or 6.3.x, the server will not restart automatically. |
| Note |
|---|---|
If the server does not start (for example because of a missing license or because some other secure shell software is running on port 22), correct the problem and you can start the server process by using the System Resource Controller (SRC). To start Tectia Server manually, enter command: # startsrc -s ssh-tectia-server |
There is a 32-bit binary ssh-aix-lam-proxy32 shipped with the
Tectia Server installation package for AIX. In some cases there is a need to use a 32-bit
Lightweight Authentication Module (LAM) in a 64-bit operating system, for example, when
using Safeword authentication via LAM.
There are two binaries in /opt/tectia/libexec:
ssh-aix-lam-proxy (64-bit binary)
ssh-aix-lam-proxy32 (32-bit binary)
By default, the 64-bit binary is used. If the 32-bit binary is to be used, follow these steps:
Backup the ssh-aix-lam-proxy to a safe place.
Copy the ssh-aix-lam-proxy32 to
ssh-aix-lam-proxy.
This will automatically start using the 32-bit LAM on the 64-bit AIX host.
Tectia Server for Linux platforms is supplied in RPM (Red Hat Package Manager) binary packages for Red Hat Enterprise Linux, Rocky Linux and SUSE Linux running on the 64-bit architecture.
The downloaded installation package contains the RPM installation files.
Two packages are always required: one for the common components of Tectia Client and Server, and one for the specific components of Tectia Server.
To install Tectia Server on Linux, follow the instructions below:
If installing on SELinux-enabled systems, ensure that the semanage
command is available. In older Linux versions semanage is
typically installed via policycoreutils-python-utils or
policycoreutils-python.
| Note |
|---|---|
On SELinux system, if an alternate port is used, for example "222"
instead of the default secure shell port, use the following # semanage port --add --type ssh_port_t --proto tcp 222 |
If installing on SUSE, install prerequisite package:
# zypper install insserv-compat
Unpack the downloaded tar package.
Make sure no other software is using port 22 (Tectia Server default listen port). Stop any competing server software or change their listen port.
Select the installation packages (in this example, we install Tectia Server only).
When installing on Red Hat Enterprise Linux, Rocky Linux or SUSE Linux versions running on the 64-bit x86-64 architecture, use the following packages:
ssh-tectia-common-<version>-linux-x86_64.rpm ssh-tectia-server-<version>-linux-x86_64.rpm
In the commands, <version> indicates the product
release version and the current build number (for example,
7.0.0.123).
Install the packages with root privileges:
# rpm -ivh ssh-tectia-common-<version>-linux-x86-64.rpm # rpm -ivh ssh-tectia-server-<version>-linux-x86-64.rpm
The server host key is generated during the initial installation. The key generation may take several minutes on slow machines.
Or upgrade the packages if you already have an older Tectia Server version installed:
# rpm -Uvh ssh-tectia-common-<version>-linux-x86_64.rpm # rpm -Uvh ssh-tectia-server-<version>-linux-x86_64.rpm
Copy the license file to the /etc/ssh2/licenses directory.
(This is not necessary in "third-digit" maintenance updates.) See
Licensing.
If this is the initial installation of Tectia Server, the directory does not yet exist. You can either create it manually or copy the license after the installation. In the latter case, you have to start the server manually after copying the license file.
The installation should (re)start the server automatically.
| Note |
|---|---|
If the server does not start (for example because of a missing license or because some other secure shell software is running on port 22), you can start it manually after correcting the problem.
|
Tectia Server for Debian GNU/Linux platforms is supplied in Debian (DEB) binary packages for Ubuntu and Debian running on the 64-bit x86-64 architecture.
The Tectia Server installation bundle contains the DEB files and the license files for both the Tectia Server and Tectia Client that can be optionally installed on the same host.
To install Tectia Server on Debian, follow the instructions below:
Make sure no other Secure Shell software is using port 22 (Tectia Server default listen port). Also make sure the firewall is open for port 22.
Download the installation bundle according to your license type:
Commercial Tectia Quantum Safe Edition License:
tectia-server-<version>-linux-ubuntu-x86_64-comm-pqc.tarCommercial License:
tectia-server-<version>-linux-ubuntu-x86_64-comm.tarEvaluation:
tectia-server-<version>-linux-ubuntu-x86_64-upgrd-eval.tarIn the package names, <version> is the current
product release (for example, 7.0.0.123-1).
Unpack the downloaded tar package.
Select the installation packages (in this example, we install Tectia Server only). Two packages are always required: one for the common components of Tectia Client and Server, and one for the specific components of Tectia Server.
ssh-tectia-common-<version>_linux-x86_64.deb ssh-tectia-server-<version>-linux-x86_64.deb
Install the packages with root privileges:
# dpkg -i ssh-tectia-common-<version>_linux-x86_64.deb # dpkg -i ssh-tectia-server-<version>_linux-x86_64.deb
| Note |
|---|---|
If you have already installed Tectia Client, you don't need to install the
|
The server host key is generated during the initial installation. The key generation may take several minutes on slow machines.
Copy the license file to the /etc/ssh2/licenses directory.
(This is not necessary in "third-digit" maintenance
updates.)
If this is the initial installation of Tectia, the directory does not yet exist. You can either create it manually or copy the license after the installation. In the latter case, you have to start Tectia Server manually after copying the license file.
The installation should (re)start Tectia Server automatically.
If Tectia Server does not start (for example because of a missing license or because some other secure shell software is running on port 22), you can start it after correcting the problem by issuing the command:
# ssh-server-ctl start
The downloaded installation package contains the compressed installation files.
Two packages are required: one for the common components of Tectia Client and Server, and one for the specific components of Tectia Server.
Tectia Server includes support for Zones on Solaris 11. The Tectia software can be installed into the global and local zones. When the Tectia software is installed into the global zone, it becomes automatically installed also into the existing local zones. However, Tectia Server needs to be separately installed into local zones added later into the system.
In case you are installing Tectia Server into a sparse zone, note that the installation
process will report a failure in creating symlinks. The actual installation is finished
successfully, but you need to manually add the /opt/tectia/bin to the
path settings.
For information on Solaris Zones, see the Oracle's documentation: System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.
To install Tectia Server on Solaris, follow the instructions below:
Unpack the downloaded tar package.
Make sure no other software is using port 22 (Tectia Server default listen port). Stop any competing server software or change their listen port.
When installing on Solaris version 11 running on the SPARC architecture, use the following packages:
ssh-tectia-common-<version>-solaris-11-sparc.pkg.Z ssh-tectia-server-<version>-solaris-11-sparc.pkg.Z
When installing on Solaris version 11 running on the x86-64 architecture, use the following packages:
ssh-tectia-common-<version>-solaris-11-x86_64.pkg.Z ssh-tectia-server-<version>-solaris-11-x86_64.pkg.Z
In the commands, <version> indicates the product
release version and the current build number (for example,
7.0.0.123).
Unpack the installation packages to a suitable location. The standard location is
/var/spool/pkg in Solaris environment. In the command examples
below, we use the x86-64 version for Solaris 11:
$ uncompress ssh-tectia-common-<version>-solaris-11-x86_64.pkg.Z $ uncompress ssh-tectia-server-<version>-solaris-11-x86_64.pkg.Z
Install the packages with the pkgadd tool with root privileges:
# pkgadd -d ssh-tectia-common-<version>-solaris-11-x86_64.pkg all # pkgadd -d ssh-tectia-server-<version>-solaris-11-x86_64.pkg all
The server host key is generated during the installation. The key generation may take several minutes on slow machines.
Copy the license file to the /etc/ssh2/licenses directory.
(This is not necessary in "third-digit" maintenance updates.) See
Licensing.
If this is the initial installation of Tectia Server, the directory does not yet exist. You can either create it manually or copy the license after the installation. In the latter case, you have to start the server manually after copying the license file.
The installation should (re)start the server automatically.
| Note |
|---|---|
If the server does not start (for example because of a missing license or because some other secure shell software is running on port 22), you can start it after correcting the problem by issuing the command: # /etc/init.d/ssh-server-g3 start |
![[Tip]](images/tip.gif) | Tip |
|---|---|
On Solaris, it is recommended that you raise the maximum open files limit. The default limit for open files per process is set to 256, but it is too low for Tectia Server that will receive lots of connections. The servant may run out of file descriptors causing the connections to fail. How much the maximum open files limit must be raised, depends on the system and the number of servants running; 8192 should be sufficient in most cases. To set the maximum open files limit to 8192, before starting ssh-server-g3, run this command in shell:
# ulimit -n 8192
The default limit set for open files varies between operating system versions. Refer to the instructions of your operating system for more information. |
In case you want to use the BSM to record Secure Shell log-in and log-out events, see also Auditing with Solaris BSM.
The Windows installation package is provided in the MSI (Windows Installer) format for Microsoft Windows versions running on the 64-bit (x86-64) platform architecture. Tectia Server installation packages can be used to install also Tectia Client.
The installation package is a zip file containing the Tectia Client/Server license files and the executable Windows Installer (MSI) packages.
You must have administrator rights to install Tectia Client/Server on Windows.
For Tectia Client/Server to be fully functional after installation, you must restart the computer.
| Note |
|---|---|
If you do not restart the computer after installing Tectia Server, the server will run with the following limitations in the authentication of local users and domain users from one-way trusted domains:
Tectia Server will write warning messages into the Windows Event Log. Use the Windows Event Viewer to examine the log contents (On the Tectia Server Configuration tool's Tectia Server page, click the button. |
| Note |
|---|---|
Tectia Server cannot be installed on file systems that do not support permissions (for example, FAT16 or FAT32). The hard disk partition where Tectia Server is installed must use the NTFS file system. |
The installation is carried out by a standard installation wizard. The wizard will prompt you for information and will copy the program files, install the services, and generate the host key pair for the server.
To install Tectia Server and (optionally) Tectia Client on Windows, follow the instructions below:
Make sure no other software is using port 22 (Tectia Server default listen port). Stop any competing server software or change their listen port. Also make sure the firewall is open for incoming connections to TCP port 22.
Extract the contents of the installation zip file to any temporary location.
Locate the correct Windows Installer file
ssh-tectia-server-,
where:<version>-windows-<platform>.msi
<version> shows the Tectia Client/Server release version and
build number, for example 7.0.0.123.
<platform> shows the platform architecture
x86_64 for 64-bit Windows versions.
Double-click the installation file, and the installation wizard will start.
| Note |
|---|---|
The license files will be imported automatically when you extract the contents of
the If you run the
On Windows 10, Tectia packages downloaded via browser may trigger a Windows protected your PC warning. In such cases, proceed with the installation by clicking More info and Run anyway. |
Follow the wizard through the installation steps and fill in information as requested.
The installation wizard will display options Typical, Custom and Complete.
If you do not want to install both Tectia Server and Client, select Custom and choose which product components you wish to install.
The server host key is generated during the installation.
When the installation has finished, click Finish to exit the wizard.
Fresh installation always requires restarting the computer. In case you were performing an upgrade, a restart is not necessarily required.
Restart the computer.
Tectia Server will start automatically every time the computer is started, and it stays running in the background. Tectia Server displays no icons on the desktop, but you can see it listed in the Windows Start → Programs menu.
In case the server does not (re)start automatically, you can start it manually according to the instructions given in Starting and Stopping on Windows.
Tectia Server can also be installed silently on a server host. Silent (non-interactive) installation means that the installation procedure will not display any user interface and will not ask any questions from the user. This option is especially useful for system administrators, as it allows remotely-operated automated installations.
In silent mode, Tectia Server is installed with the default settings and without any additional features.
| Note |
|---|---|
After Tectia Server has been installed, it is automatically restarted. |
The following command can be used to install Tectia Server silently:
msiexec /q /i ssh-tectia-server-<version>-windows-<platform>.msi INSTALLDIR="<path>"
In the command:
<version> shows the current version of
Tectia Server, for example 7.0.0.123.
<platform> shows the platform architecture
x86_64 for 64-bit Windows versions.
<path> is the path to the desired installation
directory. If the INSTALLDIR variable is omitted, Tectia Server is
installed to the default location.
The above command installs all features available in the Tectia Server installer, including Tectia Client. If you wish to install only Tectia Server, use the ADDLOCAL property as follows:
msiexec /q /i ssh-tectia-server-<version>-windows-<platform>.msi ADDLOCAL=tectia_server \ INSTALLDIR="<path>"
It is also possible to use the Tectia Server installer to install only Tectia Client:
msiexec /q /i ssh-tectia-server-<version>-windows-<platform>.msi ADDLOCAL=tectia_client \ INSTALLDIR="<path>"
| |