Sorry me again, just some follow up. I am able to do SSH from the firewall
to the host (100.101.70.90) without problem, there was something I missed
during my installation. But the problem now I failed to SSH from the host
(100.101.70.90) to the firewall Messages like "Secure connection to FW
refused". Is there something to do with the FW's inetd.conf file, as I only
enable FTP and telnet there?? Any Idea?
-----Original Message-----
From: Sim, CT (Chee Tong)
Sent: Monday, September 03, 2001 3:29 PM
Subject: problem using SSH-- Help please!!!
Dear all,
I have just installed open-ssh on my solaris Check point
firewall. The installation is successful. But when I tried to use SSH to
connect to another host (100.101.70.90) it prompts me a message (ld.so.1:
ssh: fatal: libz.so: open failed: No such file or directory Killed )as
below. May I know what is that mean? FYI, I had open the port TCP-22, and
UDP22 for SSH between the FW and the host (100.101.70.90). Are they the
right ports?? Besides, I want to know whether I need to amend the
inetd.conf file or not. As I only enable FTP and Telnet before I install
SSH. I thought after installation we should have a entry like "ssh stream
tcp nowait root /usr/sbin/in.sshd in.sshd" or something like
that?? Is that true?? Is yes, should we add the entry manually or if not,
what should we do in order to get it work.
bash-2.00# ssh 100.101.70.90
ld.so.1: ssh: fatal: libz.so: open failed: No such file or
directory
Killed
bash-2.00# which ssh
/usr/local/bin/ssh
bash-2.00# more /etc/inetd.conf
#
#ident "@(#)inetd.conf 1.27 96/09/24 SMI" /* SVr4.0
1.5 */
#
#
# Configuration file for inetd(1M). See inetd.conf(4).
#
# To re-configure the running inetd process, edit this file,
then
# send the inetd process a SIGHUP.
#
# Syntax for socket-based Internet services:
# <service_name> <socket_type> <proto> <flags> <user>
<server_pathname> <args>
#
# Syntax for TLI-based Internet services:
#
# <service_name> tli <proto> <flags> <user>
<server_pathname> <args>
#
# Ftp and telnet are standard Internet services.
#
ftp stream tcp nowait root /usr/sbin/in.ftpd
in.ftpd
telnet stream tcp nowait root /usr/sbin/in.telnetd
in.telnetd
#
# Tnamed serves the obsolete IEN-116 name server protocol.
#
##name dgram udp wait root /usr/sbin/in.tnamed
in.tnamed
#
# Shell, login, exec, comsat and talk are BSD protocols.
#
# shell stream tcp nowait root /usr/sbin/in.rshd
in.rshd
# login stream tcp nowait root /usr/sbin/in.rlogind
in.rlogind
# exec stream tcp nowait root /usr/sbin/in.rexecd
in.rexecd
# comsat dgram udp wait root
/usr/sbin/in.comsat in.comsat
# talk dgram udp wait root /usr/sbin/in.talkd
in.talkd
#
# Must run as root (to read /etc/shadow); "-n" turns off
logging in utmp/wtmp.
#
# uucp stream tcp nowait root /usr/sbin/in.uucpd
in.uucpd
#
# Tftp service is provided primarily for booting. Most
sites run this
# only on machines acting as "boot servers."
#
# tftp dgram udp wait root /usr/sbin/in.tftpd
in.tftpd -s /tftpboot
#
# Finger, systat and netstat give out user information which
may be
# valuable to potential "system crackers." Many sites
choose to disable
# some or all of these services to improve security.
#
# finger stream tcp nowait nobody
/usr/sbin/in.fingerd in.fingerd
# systat stream tcp nowait root /usr/bin/ps
ps -ef
# netstat stream tcp nowait root
/usr/bin/netstat netstat -f inet
#
# Time service is used for clock synchronization.
#
# time stream tcp nowait root internal
# time dgram udp wait root internal
#
# Echo, discard, daytime, and chargen are used primarily for
testing.
#
# echo stream tcp nowait root internal
# echo dgram udp wait root internal
# discard stream tcp nowait root internal
# discard dgram udp wait root internal
# daytime stream tcp nowait root internal
# daytime dgram udp wait root internal
# chargen stream tcp nowait root internal
# chargen dgram udp wait root internal
#
#
# RPC services syntax:
# <rpc_prog>/<vers> <endpoint-type> rpc/<proto> <flags>
<user> \
# <pathname> <args>
#
# <endpoint-type> can be either "tli" or "stream" or
"dgram".
# For "stream" and "dgram" assume that the endpoint is a
socket descriptor.
# <proto> can be either a nettype or a netid or a "*". The
value is
# first treated as a nettype. If it is not a valid nettype
then it is
# treated as a netid. The "*" is a short-hand way of saying
all the
# transports supported by this system, ie. it equates to the
"visible"
# nettype. The syntax for <proto> is:
#
*|<nettype|netid>|<nettype|netid>{[,<nettype|netid>]}
# For example:
# dummy/1 tli rpc/circuit_v,udp wait root
/tmp/test_svc test_svc
#
# Solstice system and network administration class agent
server
# 100232/10 tli rpc/udp wait root /usr/sbin/sadmind
sadmind
#
# Rquotad supports UFS disk quotas for NFS clients
#
# rquotad/1 tli rpc/datagram_v wait root
/usr/lib/nfs/rquotad rquotad
#
# The rusers service gives out user information. Sites
concerned
# with security may choose to disable it.
#
# rusersd/2-3 tli rpc/datagram_v,circuit_v wait
root /usr/lib/netsvc/rusers/r
pc.rusersd rpc.rusersd
#
# The spray server is used primarily for testing.
#
## sprayd/1 tli rpc/datagram_v wait root
/usr/lib/netsvc/spray/rpc.sprayd rp
c.sprayd
#
# The rwall server allows others to post messages to users
on this machine.
#
# walld/1 tli rpc/datagram_v wait root
/usr/lib/netsvc/rwall/rpc.rwalld
rpc.rwalld
#
# Rstatd is used by programs such as perfmeter.
#
# rstatd/2-4 tli rpc/datagram_v wait root
/usr/lib/netsvc/rstat/rpc.rstatd rpc.rstatd
#
# The rexd server provides only minimal authentication and
is often not run
#
# rexd/1 tli rpc/tcp wait root /usr/sbin/rpc.rexd
rpc.rexd
#
# rpc.cmsd is a data base daemon which manages calendar data
backed
# by files in /var/spool/calendar
#
#
# Sun ToolTalk Database Server
#
#
# UFS-aware service daemon
#
# ufsd/1 tli rpc/* wait root
/usr/lib/fs/ufs/ufsd ufsd -p
#
# Sun KCMS Profile Server
#
# 100221/1 tli rpc/tcp wait root
/usr/openwin/bin/kcms_server kcms_server
#
# Sun Font Server
#
# fs stream tcp wait nobody
/usr/openwin/lib/fs.auto fs
#
# CacheFS Daemon
#
# 100235/1 tli rpc/tcp wait root
/usr/lib/fs/cachefs/cachefsd cachefsd
#
# Kerbd Daemon
#
# kerbd/4 tli rpc/ticlts wait root
/usr/sbin/kerbd kerbd
#
# Print Protocol Adaptor - BSD listener
#
##printer stream tcp nowait root
/usr/lib/print/in.lpd in.lpd
##dtspc stream tcp nowait root /usr/dt/bin/dtspcd
/usr/dt/bin/dtspcd
# xaudio stream tcp wait root /usr/openwin/bin/Xaserver
Xaserver -noauth -inetd
# 100068/2-5 dgram rpc/udp wait root /usr/dt/bin/rpc.cmsd
rpc.cmsd
# 100083/1 tli rpc/tcp wait root /usr/dt/bin/rpc.ttdbserverd
/usr/dt/bin/rpc.ttdbserverd
bash-2.00#
bash-2.00# pkgadd SMCossh
Processing package instance <SMCossh> from </var/spool/pkg>
openssh
(sparc) 2.9p2
The OpenSSH Group
Using </usr/local> as the package base directory.
## Processing package information.
## Processing system information.
4 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.
Installing openssh as <SMCossh>
## Installing part 1 of 1.
/usr/local/bin/scp
/usr/local/bin/sftp
/usr/local/bin/slogin <symbolic link>
/usr/local/bin/ssh
/usr/local/bin/ssh-add
/usr/local/bin/ssh-agent
/usr/local/bin/ssh-keygen
/usr/local/bin/ssh-keyscan
/usr/local/doc/openssh/CREDITS
/usr/local/doc/openssh/ChangeLog
/usr/local/doc/openssh/INSTALL
/usr/local/doc/openssh/LICENCE
/usr/local/doc/openssh/OVERVIEW
/usr/local/doc/openssh/README
/usr/local/doc/openssh/RFC.nroff
/usr/local/doc/openssh/TODO
/usr/local/doc/openssh/WARNING.RNG
/usr/local/etc/primes
/usr/local/etc/ssh_config
/usr/local/etc/ssh_prng_cmds
/usr/local/etc/sshd_config
/usr/local/libexec/sftp-server
/usr/local/man/man1/scp.1
/usr/local/man/man1/sftp.1
/usr/local/man/man1/slogin.1 <symbolic link>
/usr/local/man/man1/ssh-add.1
/usr/local/man/man1/ssh-agent.1
/usr/local/man/man1/ssh-keygen.1
/usr/local/man/man1/ssh-keyscan.1
/usr/local/man/man1/ssh.1
/usr/local/man/man8/sftp-server.8
/usr/local/man/man8/sshd.8
/usr/local/sbin/sshd
[ verifying class <none> ]
Installation of <SMCossh> was successful.
==================================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
de afzender direct te informeren door het bericht te retourneren.
==================================================================
The information contained in this message may be confidential
and is intended to be exclusively for the addressee. Should you
receive this message unintentionally, please do not use the contents
herein and notify the sender immediately by return e-mail.
==================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
