Showing posts with label HTTP. Show all posts
Showing posts with label HTTP. Show all posts

Wednesday, December 21, 2011

Solaris 10: SSH and Forwarding HTTP


Solaris 10: SSH and Forwarding HTTP

Abstract:
When Sun first produced systems, the common way for users to move around a network and to distribute workload was to leverage the Berkeley "r" tools, such as "rsh", "rlogin", "rexec", etc. under Solaris. As academics became professional, security concerns over passwords being passed in the clear were raised and SSH was born. SSH was built with a compatible superset to "rsh", but this was later removed with the second version of the protocol. This document discusses the implementation of SSH under Solaris.

Global Configurations

SSH uses several global configuration files, one for the client, and another for the server. Each of these config files document the default compiler flags under Solaris. The "ssh" client global configuration file can be tailored on a per-user basis while the "sshd" server global configuration file is managed at the global level.

SSH Server Daemon

Under Solaris 10, related OS's, and above - SSHD is started through the services infrastructure.

sunserver/user$ svcs ssh
STATE          STIME    FMRI
online         Aug_17   svc:/network/ssh:default
There are built-in compiled defaults and global defaults which are reviewed, upon startup, and connection.

Start a Session with X and HTTP Forwarding

For demonstration purposes, there may be the need to temporarily open an X Console (to install an Oracle Database) and forward HTTP ports (to test an application) on a platform in a DMZ. The sample command may look like this:

sunclient/user$ ssh user@sunserver -b 10.1.2.3 \
-L 58080:127.0.0.1:58080 -L 8080:127.0.0.1:8080 -g
Since the ports to be forwarded are over 1024, there is no requirement for special "root" permissions. The proxied HTTPD connections can be observed.

sunclient/user$ netstat -an  grep 8080
      *.58080  *.*  0      0 49152      0 LISTEN
      *.8080   *.*  0      0 49152      0 LISTEN
To perform a basic test of the forwarded HTTP port, the classic "telnet" can be used on the command line, but the connection is closed.

sunclient/user$ telnet localhost 58080
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection to localhost closed by foreign host.
Note, the error on the remote side.

channel 5: open failed: administratively prohibited: open failed
This is a configuration issue.

Global SSHD Configuration

Under Solaris 10, forwarding agent is disabled as a compile flag, and is documented in the global configuration file. If one makes a connection via SSH, and proxies a port - an error message will be produced upon the first connection attempt to the proxied port.

To allow for the port forwarding, edit the configuration file "/etc/ssh/sshd_config".

AllowTcpForwarding yes
GatewayPorts yes
X11Forwarding yes
You will need to restart the "sshd" service, the administrative message disappears.

sunserver/root# svcadm restart ssh

Your port HTTP and X Windows Port Forwarding will now work for ad-hoc tasks.











Posted by



at





No comments:
  






















Labels:
,
,
,
,
,
,
,

















          

        

          

        

Wednesday, November 11, 2009


          

        










Solaris 10: Configuring a Stock Apache Server











Solaris 10: Configuring a Stock Apache Server

Abstract:

Sun had been a tremendous advocate of Open Standards for decades. One of the most influential standards advocated by Sun had been Hyper Text Transfer Protocol, or "http". This protocol is most often served by a server program, called a "daemon". Many people and organizations create "httpd" servers, one such group is the "Apache Software Foundation", where employees from Sun had been elected to the board, and members of the board had served in authoritative positions on other Sun open source projects. The "httpd" daemon from "Apache", one of the most popular http servers in the world today, is bundled into Sun's Solaris Operating System.

Identifying the Apache Service:

Solaris 10 comes shipped with an HTTP server, but it is disabled by default. The services infrastructure shows the server, even if you are uncertain how to identify the service.
Ultra2/root$ svcs apache2
STATE          STIME    FMRI
disabled       17:01:42 svc:/network/http:apache2

Ultra2/root$ svcs http 
STATE          STIME    FMRI
disabled       17:01:42 svc:/network/http:apache2
Configuring the Apache Service

The Apache "httpd" server uses a configuration file, which must be minimally configured, before it will operate.
Ultra2/root$ cp /etc/apache2/httpd.conf-example /etc/apache2/httpd.conf

Ultra2/root$ vi /etc/apache2/httpd.conf
...
ServerAdmin user@fully.qualified.domain
...
ServerName fully.qualified.domain
...
Enabling the Apache Service

The service can be enabled in Solaris 10 via the Service Administration command.
Ultra2/root$ svcadm enable svc:/network/http:apache2

Ultra2/root$ svcs apache2
STATE          STIME    FMRI
online          1:07:55 svc:/network/http:apache2
Document Location

Documents are located in the following UNIX directory tree:
Ultra2/root$ ls -al /var/apache2/htdocs/index.html* | head
-rw-r--r--   1 root     bin         1663 Nov 21  2004 /var/apache2/htdocs/index.html.ca
-rw-r--r--   1 root     bin         1583 Nov 21  2004 /var/apache2/htdocs/index.html.cz.iso8859-2
-rw-r--r--   1 root     bin         2202 Nov 21  2004 /var/apache2/htdocs/index.html.de
-rw-r--r--   1 root     bin         1508 Nov 21  2004 /var/apache2/htdocs/index.html.dk
-rw-r--r--   1 root     bin         1828 Nov 21  2004 /var/apache2/htdocs/index.html.ee
...










Posted by



at





No comments:
  






















Labels:
,
,
,
,
,
,

















        

      









Subscribe to:
Posts (Atom)