Re: openssh on os400 or aix

From: Darren Tucker (dtucker_at_gate.dodgy.net.au)
Date: 05/25/05 

Date: 25 May 2005 11:24:26 GMT

On 2005-05-24, Paride Desimone <mlist@ferramentazizzi.it> wrote:
> i ned openssh compiled for aix, because i want run run it on AS400.

AS/400's (running OS/400, presumably) can run AIX binaries? News to me
(but then my experience with AS/400's extends only as far as "I maybe
walked past one once" :-). Or did you mean "RS/6000"?

Anyway, for precompiled OpenSSH packages for AIX in lpp/bff format:

* IBM offer them, formerly at IBM DeveloperWorks, now Sourceforge:
http://sourceforge.net/projects/openssh-aix

* Bullfreeware offer some (although from a quick glance the versions are
somewhat old):
http://www.bullfreeware.com/

Both of those will require that you install some prerequisite packages
(openssl and zlib packages from different sources, and possibly prngd).

* Last, and quite probably least, I offer prebuilt packages with the
dependancies built-in:
http://www.zip.com.au/~dtucker/openssh/#aixbff

> I'll try to compile it on AS400 with gcc 3.4.3 for aix, but i have not
> found instruction on how to compile openssl.

It's not hard: unpack the openssl tarball, then:
$ ./config && make && make tests

If all goes well, you can then do a "make install".

That said, I've seen some problems with OpenSSH linked against recent
OpenSSL versions (> 0.9.7e), built with the default gcc configuration
(ie ./Configure aix-gcc) on AIX 4.x. I haven't pinpointed the cause.

It shows up as a regress failure during "make tests" in OpenSSH, and
seems to affect SSHv1 RSA operations.

I have had success with the following OpenSSL configure incantation:

$ ./Configure "aix-gcc:gcc -DOPENSSL_SYSNAME_AIX -DDSO_DLFCN \
   -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -O2 -DB_ENDIAN -D_THREAD_SAFE" 

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Relevant Pages

  • Re: openssh on aix
    ... that is the "official" site even linked to by IBM. ... AIX OpenSSL DTLS remote denial of service ... If you would like to receive AIX Security Advisories via email, ...
    (AIX-L)
  • creating thread safe programs on aix
    ... I am working on AIX 5.1 and have wrote a program that uses ... cryptographic libraries), while running Configure for the openssl I ... applications as the compiler options required on this system are not ...
    (comp.unix.aix)
  • Re: OpenSSL vs GSKIT on AIX
    ... > I see that AIX has something called GSKIT that seems to be an SSL ... Anybody out there using OpenSSL under AIX? ... It used by IBM products ...
    (comp.unix.aix)
  • Re: Error "PGNG not seeded" due OPENSSH installation with NIM
    ... For an SSH Installation on AIX 5.2 you need openssl & openssh ... # Download from: (But you must register) ... BUT in the latest release of openssl for AIX 5.X you DO NOT NEED and should ...
    (comp.unix.aix)
  • [CLA-2003:751] Conectiva Security Announcement - openssl
    ... SUMMARY: Remote vulnerabilities ... in the OpenSSL implementation: ... It is recommended that all users upgrade their openssl packages. ... Detailed instructions reagarding the use of apt and upgrade examples ...
    (Bugtraq)