Setting Up TCP/IP, SSH and a GNU C / C++ Development Environment on AIX (32-bit)
April 8, 2009

Operating System	Platform	Application(s)
(5.3L / 32-bit)	(32-bit)

I. Abstract

This document describes the process of setting up a GNU application development environment (32bit) on AIX 5.3 (PPC). Thankfully, IBM does a great job of making AIX compatible with Linux and the GNU environment. Many RPMS are available on their FTP site, and we will be using some for this task. As for OpenSSL and OpenSSH, those will be done from source. Trust me, it is better this way.

Let me start by saying, which should be obvious if you've read any of my other guides: I HATE RPM! It is an abysmal format, kludgy at best. This guide intends to give you a BASIC platform to start with. Because I'm a glutton for punishment, I usually continue from here by installing all the latest source releases and removing the RPMs. Sure, you lose the package "management" feature, but I see more gained than lost.

Test Platform:

• IBM B50
• 375Mhz Power PC 604e / 512MB RAM
• AIX 5L Version 5.3 (04/2008)

II. Install and Setup the Operating Environment

I won't go over the installation procedure for AIX, because it is painfully easy. Too easy, actually. You really can't do anything but pick what software you want. So. I will assume that you performed a base installation, with nothing extra.

One odd caveat here. If you, like me, use a terminal server like Cisco (w/ NM-16A Async Network Module) for the installation of AIX, you may notice everything is fine until it reboots and prompts for login. You type root and hit enter, and it scrolls away and starts over! There is a strange quirk with IBM's serial pinouts. I had to do a direct serial to a Linux box and use minicom to login and do the rest. Once that is setup, use SSH over TCP/IP.

Once you are done that part and login as root, change the password! Let's setup networking first so we can get out of this terminal and use SSH. smit / smitty won't work, so we'll hack this old school. Substitute your specific numbers:

For the curious, this page will give you much more detail on this task:

• How to Easily Configure TCP/IP on Your AIX System

Now, figure out how you want to handle your partitioning. I'm not a fan of LVM, but the folks at IBM really seem to love it. It has a bit of a learning curve. This site has a great overview of commands available to perform common tasks within an LVM environment. Just make sure you have plenty of room in /usr - most of our activities will be in there.

Let's add a user. Of course, this is an example. For more details, visit here or here.

Oh, and you'll want to add /usr/local/bin to your $PATH, just for good practice (that's where most compiled software binaries go). Edit the /etc/environment file, and tack on :/usr/local/bin to the end of the PATH= line.

III. Update / Patch System

IBM doesn't make it easy to update/patch AIX. First, you need to go to their Web site, dig through support, blah blah blah. Just click this link:

• 5300-09 Technology Level (November 2008)

Click continue, and select the Download using Bulk FTP option when asked. A pop-up will appear with the following message:

The fix package has been successfully copied to a temporary location for you to get using the ftp command. The package will be available for the next 72 hours.

Use that info on the AIX machine to access the files via FTP. I should mention that I use /usr/src as my playground. This may not work for you, so be advised. Go to /usr/src and mkdir updates (or a place of your choosing) and follow the directions for downloading all the .bff files from the FTP site (on some clients, you will need the -p flag for ftp (for passive), otherwise 'ls' will freeze the console). This can take a long long long long long time (about 1.5 GB).

Time to install them!

If you get an error like this:

The environment variable TERM is currently set to a terminal type that does not support the full screen display capabilities required for SMIT.

you will need to define one of the following (most popular, there are others) depending on what type of terminal you have.:

• export TERM=vt100
• export TERM=vt320
• export TERM=lft - (low format terminal)

Enter the directory name that contains the *.bff files (ex. /usr/src/updates). You can keep all the other options at the default, though I'd change "ACCEPT new license agreements?" to yes.

When the process is finished, reboot for good measure.

IV. Download and Install Software Packages

First, we need wget. I use that for everything:

I wrote a small script to help download all the necessary files. To download the script, do the following:

Now we'll install everything:

V. Download and Compile OpenSSL / OpenSSH

We'll start with zlib, a dependency for OpenSSH:

Next, OpenSSL:

Finally, OpenSSH.

We need to add the sshd user:

Next, we download, compile and install:

VI. Configuration

As we configured the OpenSSH installation, the sshd_config file is in /etc/ssh/. Bring that up in your favorite editor, we have some tweaking to do.

These are just my recommendations - yours may well be different. Use your better judgement.

Uncomment the following:

• LoginGraceTime 2m
• MaxAuthTries 6
• PermitEmptyPasswords no

That's it. Not too hard, eh? Now we need to start the SSHD server and add it to the start-up routine. Yes! I made a script for this. Follow along:

Read the script - the header includes directions on how to create a local daemon startup routine. AIX is not like the others (BSD, System V, etc), though it pretends to be.

VII. Helpful Links

• OpenSSH Manual Pages
• OpenSSL Docs
• AIX commands you should not leave home without
• AIX Hardening