[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] problem using SSH-- Help please!!!
Him Sim, This message just means you have not the library "ld.so.1" (probably in /lib or /usr/lib) on the workstation where you use ssh client. It's not a firewall pb, it's a compilation pb. Check on the workstation you use to compile your ssh and copy the ld.so.1 library in your client "/lib" and do a ldconfig on it. or use the "static linked" version of your ssh, if it's a binary you downloaded. By the way, you should not run the sshd daemon on the server from the inetd.conf tab and the inetd daemon. You should run the "sshd -D" command on your server and include its start in a rc.d file. Hope it'll help. David FYI : use [email protected] mailling list for ssh topics. "Sim, CT (Chee Tong)" wrote: > Dear all, > > I have just installed open-ssh on my solaris Check point firewall. The > installation is successful. But when I tried to use SSH to connect to > another host (100.101.70.90) it prompts me a message (ld.so.1: ssh: fatal: > libz.so: open failed: No such file or directory Killed )as below. May I > know what is that mean? FYI, I had open the port TCP-22, and UDP22 for SSH > between the FW and the host (100.101.70.90). Are they the right ports?? > Besides, I want to know whether I need to amend the inetd.conf file or not. > As I only enable FTP and Telnet before I install SSH. I thought after > installation we should have a entry like "ssh stream tcp nowait root > /usr/sbin/in.sshd in.sshd" or something like that?? Is that true?? Is > yes, should we add the entry manually or if not, what should we do in order > to get it work. > > bash-2.00# ssh 100.101.70.90 > ld.so.1: ssh: fatal: libz.so: open failed: No such file or directory > Killed > bash-2.00# which ssh > /usr/local/bin/ssh > > bash-2.00# more /etc/inetd.conf > # > #ident "@(#)inetd.conf 1.27 96/09/24 SMI" /* SVr4.0 1.5 */ > # > # > # Configuration file for inetd(1M). See inetd.conf(4). > # > # To re-configure the running inetd process, edit this file, then > # send the inetd process a SIGHUP. > # > # Syntax for socket-based Internet services: > # <service_name> <socket_type> <proto> <flags> <user> <server_pathname> > <args> > # > # Syntax for TLI-based Internet services: > # > # <service_name> tli <proto> <flags> <user> <server_pathname> <args> > # > # Ftp and telnet are standard Internet services. > # > ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd > telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd > # > # Tnamed serves the obsolete IEN-116 name server protocol. > # > ##name dgram udp wait root /usr/sbin/in.tnamed in.tnamed > # > # Shell, login, exec, comsat and talk are BSD protocols. > # > # shell stream tcp nowait root /usr/sbin/in.rshd in.rshd > # login stream tcp nowait root /usr/sbin/in.rlogind in.rlogind > # exec stream tcp nowait root /usr/sbin/in.rexecd in.rexecd > # comsat dgram udp wait root /usr/sbin/in.comsat > in.comsat > # talk dgram udp wait root /usr/sbin/in.talkd in.talkd > # > # Must run as root (to read /etc/shadow); "-n" turns off logging in > utmp/wtmp. > # > # uucp stream tcp nowait root /usr/sbin/in.uucpd in.uucpd > # > # Tftp service is provided primarily for booting. Most sites run this > # only on machines acting as "boot servers." > # > # tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s > /tftpboot > # > # Finger, systat and netstat give out user information which may be > # valuable to potential "system crackers." Many sites choose to disable > # some or all of these services to improve security. > # > # finger stream tcp nowait nobody /usr/sbin/in.fingerd > in.fingerd > # systat stream tcp nowait root /usr/bin/ps ps > -ef > # netstat stream tcp nowait root /usr/bin/netstat > netstat -f inet > # > # Time service is used for clock synchronization. > # > # time stream tcp nowait root internal > # time dgram udp wait root internal > # > # Echo, discard, daytime, and chargen are used primarily for testing. > # > # echo stream tcp nowait root internal > # echo dgram udp wait root internal > # discard stream tcp nowait root internal > # discard dgram udp wait root internal > # daytime stream tcp nowait root internal > # daytime dgram udp wait root internal > # chargen stream tcp nowait root internal > # chargen dgram udp wait root internal > # > # > # RPC services syntax: > # <rpc_prog>/<vers> <endpoint-type> rpc/<proto> <flags> <user> \ > # <pathname> <args> > # > # <endpoint-type> can be either "tli" or "stream" or "dgram". > # For "stream" and "dgram" assume that the endpoint is a socket descriptor. > # <proto> can be either a nettype or a netid or a "*". The value is > # first treated as a nettype. If it is not a valid nettype then it is > # treated as a netid. The "*" is a short-hand way of saying all the > # transports supported by this system, ie. it equates to the "visible" > # nettype. The syntax for <proto> is: > # *|<nettype|netid>|<nettype|netid>{[,<nettype|netid>]} > # For example: > # dummy/1 tli rpc/circuit_v,udp wait root > /tmp/test_svc test_svc > # > # Solstice system and network administration class agent server > # 100232/10 tli rpc/udp wait root /usr/sbin/sadmind sadmind > # > # Rquotad supports UFS disk quotas for NFS clients > # > # rquotad/1 tli rpc/datagram_v wait root /usr/lib/nfs/rquotad > rquotad > # > # The rusers service gives out user information. Sites concerned > # with security may choose to disable it. > # > # rusersd/2-3 tli rpc/datagram_v,circuit_v wait root > /usr/lib/netsvc/rusers/r > pc.rusersd rpc.rusersd > # > # The spray server is used primarily for testing. > # > ## sprayd/1 tli rpc/datagram_v wait root > /usr/lib/netsvc/spray/rpc.sprayd rp > c.sprayd > # > # The rwall server allows others to post messages to users on this machine. > # > # walld/1 tli rpc/datagram_v wait root > /usr/lib/netsvc/rwall/rpc.rwalld > rpc.rwalld > # > # Rstatd is used by programs such as perfmeter. > # > # rstatd/2-4 tli rpc/datagram_v wait root > /usr/lib/netsvc/rstat/rpc.rstatd rpc.rstatd > # > # The rexd server provides only minimal authentication and is often not run > # > # rexd/1 tli rpc/tcp wait root /usr/sbin/rpc.rexd rpc.rexd > # > # rpc.cmsd is a data base daemon which manages calendar data backed > # by files in /var/spool/calendar > # > # > # Sun ToolTalk Database Server > # > # > # UFS-aware service daemon > # > # ufsd/1 tli rpc/* wait root /usr/lib/fs/ufs/ufsd ufsd > -p > # > # Sun KCMS Profile Server > # > # 100221/1 tli rpc/tcp wait root /usr/openwin/bin/kcms_server > kcms_server > # > # Sun Font Server > # > # fs stream tcp wait nobody /usr/openwin/lib/fs.auto fs > # > # CacheFS Daemon > # > # 100235/1 tli rpc/tcp wait root /usr/lib/fs/cachefs/cachefsd cachefsd > # > # Kerbd Daemon > # > # kerbd/4 tli rpc/ticlts wait root /usr/sbin/kerbd > kerbd > # > # Print Protocol Adaptor - BSD listener > # > ##printer stream tcp nowait root > /usr/lib/print/in.lpd in.lpd > ##dtspc stream tcp nowait root /usr/dt/bin/dtspcd /usr/dt/bin/dtspcd > # xaudio stream tcp wait root /usr/openwin/bin/Xaserver Xaserver -noauth > -inetd > # 100068/2-5 dgram rpc/udp wait root /usr/dt/bin/rpc.cmsd rpc.cmsd > # 100083/1 tli rpc/tcp wait root /usr/dt/bin/rpc.ttdbserverd > /usr/dt/bin/rpc.ttdbserverd > bash-2.00# > > bash-2.00# pkgadd SMCossh > > Processing package instance <SMCossh> from </var/spool/pkg> > > openssh > (sparc) 2.9p2 > The OpenSSH Group > Using </usr/local> as the package base directory. > ## Processing package information. > ## Processing system information. > 4 package pathnames are already properly installed. > ## Verifying disk space requirements. > ## Checking for conflicts with packages already installed. > ## Checking for setuid/setgid programs. > > Installing openssh as <SMCossh> > > ## Installing part 1 of 1. > /usr/local/bin/scp > /usr/local/bin/sftp > /usr/local/bin/slogin <symbolic link> > /usr/local/bin/ssh > /usr/local/bin/ssh-add > /usr/local/bin/ssh-agent > /usr/local/bin/ssh-keygen > /usr/local/bin/ssh-keyscan > /usr/local/doc/openssh/CREDITS > /usr/local/doc/openssh/ChangeLog > /usr/local/doc/openssh/INSTALL > /usr/local/doc/openssh/LICENCE > /usr/local/doc/openssh/OVERVIEW > /usr/local/doc/openssh/README > /usr/local/doc/openssh/RFC.nroff > /usr/local/doc/openssh/TODO > /usr/local/doc/openssh/WARNING.RNG > /usr/local/etc/primes > /usr/local/etc/ssh_config > /usr/local/etc/ssh_prng_cmds > /usr/local/etc/sshd_config > /usr/local/libexec/sftp-server > /usr/local/man/man1/scp.1 > /usr/local/man/man1/sftp.1 > /usr/local/man/man1/slogin.1 <symbolic link> > /usr/local/man/man1/ssh-add.1 > /usr/local/man/man1/ssh-agent.1 > /usr/local/man/man1/ssh-keygen.1 > /usr/local/man/man1/ssh-keyscan.1 > /usr/local/man/man1/ssh.1 > /usr/local/man/man8/sftp-server.8 > /usr/local/man/man8/sshd.8 > /usr/local/sbin/sshd > [ verifying class <none> ] > > Installation of <SMCossh> was successful. > > ================================================================== > De informatie opgenomen in dit bericht kan vertrouwelijk zijn en > is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht > onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en > de afzender direct te informeren door het bericht te retourneren. > ================================================================== > The information contained in this message may be confidential > and is intended to be exclusively for the addressee. Should you > receive this message unintentionally, please do not use the contents > herein and notify the sender immediately by return e-mail. > > ================================================================== > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ -- David LEFEVRE CARDIF - Architecture et Sécurité Opérationnelle [email protected] - Tél : 01 41 42 76 63 [email protected] - Tel : 01 41 42 24 22 ********************************************************************** L'intégrité de ce message n'étant pas assurée sur Internet, CARDIF ne peut être tenu responsable de son contenu. Si vous n'êtes pas destinataire de ce message confidentiel, Merci de le détruire et d'avertir immédiatement l'expediteur. The integrity of this message cannot be guaranteed on the Internet. CARDIF can not therefore be considered responsible for the contents. If you are not the intended recipient of this confidential message, then please delete it and notify immediately the sender. ********************************************************************** ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|