Setting Up TCP/IP, SSH and a GNU C / C++ Development Environment on AIX
July 27, 2010

Operating System	Platform	Application(s)
(6.1 / 64-bit)

I. Abstract

This document describes the process of setting up a GNU application development environment on AIX 6.1. Thankfully, IBM does a great job of making AIX compatible with Linux and the GNU environment. Many RPMS are available on their FTP site, and we will be using some for this task. Many others, such as OpenSSL, OpenSSH, autotools, etc., are horribly out of date. Those will be done from source. Trust me, it is better this way.

Test Platform:

• IBM pSeries 7029-6C3
• 1.2Ghz POWER4 CPU / 2GB RAM
• AIX Version 6.1 (12/2008)
  

II. Install and Setup the Operating Environment

One odd caveat here. If you, like me, use a terminal server like Cisco (w/ NM-16A Async Network Module) for the installation of AIX, you may notice everything is fine until it reboots and prompts for login. You type root and hit enter, and it scrolls away and starts over! There is a strange quirk with IBM's serial pinouts. I had to do a direct serial to a Linux box and use minicom to login and do the rest. When you finish with this guide, you can use SSH over TCP/IP.

I won't go over the installation procedure for AIX, because it is painfully easy. Too easy, actually. You really can't do anything but pick what software you want. So. I will assume that you performed a base installation, with nothing extra (no CDE, KDE, Gnome, etc.). This is my "Install Options" screen:

1. Desktop...........................................NONE
2. Graphics Software.................................YES
3. System Management Client Software.................NO
4. Create JFS2 File Systems..........................YES
5. Enable System Backups to install any system.......NO
   (Installs all devices)

Once you are done that part and login as root, change the password! Let's setup networking first. We'll hack this old school. Substitute your specific numbers:

For the curious, this page will give you much more detail on this task:

• How to Easily Configure TCP/IP on Your AIX System

Now, figure out how you want to handle your partitioning. I'm not a fan of LVM, but the folks at IBM really seem to love it. It has a bit of a learning curve. This site has a great overview of commands available to perform common tasks within an LVM environment. Just make sure you have plenty of room in /usr - most of our activities will be in there.

Let's add a user. Of course, this is an example. For more details, visit here or here.

Oh, and you'll want to add /usr/local/bin to your $PATH (that's where most compiled software binaries go). Edit the /etc/environment file, and place /usr/local/bin: right after PATH= (so it will be first in the search path).

One last thing here. The AIX installation does not include the AIX Math Library libm libraries (by default) needed for many open source applications. It is on CD #1 of the installation set. Insert disc one and then do the following as root to install it:

III. Update / Patch System

IBM made software updates a little easier when they introduced the Service Update Management Assistant (SUMA). This tool makes it a far simpler task to download (and automate downloads) of fix packs and technology levels. You still need smit update_all to apply them, however. The easiest was to use SUMA is via smit:

If you get an error like this:

The environment variable TERM is currently set to a terminal type that does not support the full screen display capabilities required for SMIT.

you will need to define one of the following (most popular, there are others) depending on what type of terminal you have.:

• export TERM=vt100
• export TERM=vt320
• export TERM=lft - (low format terminal)

Now you should be presented with the SUMA options menu. The first thing I do is select Configure SUMA and change the Base Configuration options for Fixserver and Download protocols to http (my needs for a passive ftp client in my environment dictate this). Now go back to the main menu and select Download Updates Now (Easy). Now select Download All Latest Fixes. It may take a long long long time. Be patient. Once it is finished (it will say Command: OK on the upper left of the screen), hit F10 to exit. By default, all updates are place in the /usr/sys/inst.images directory. Now it is time to install them!

Enter the directory name that contains the *.bff files (ex. /usr/sys/inst.images). You can keep all the other options at the default, though I'd change "ACCEPT new license agreements?" to yes.

When the process is finished, reboot for good measure.

IV. Download and Install Software Packages

First, we need wget. I use that for everything. I also use /usr/src to store my downloaded packages and source code:

I wrote a small script to help download all the necessary files. To download the script, do the following:

Now we'll install everything:

V. Download and Compile OpenSSL / OpenSSH

We'll start with zlib, a dependency for OpenSSH:

Next, OpenSSL:

Finally, OpenSSH.

We need to add the sshd user:

Next, we download, compile and install:

VI. Configuration

As we configured the OpenSSH installation, the sshd_config file is in /etc/ssh/. Bring that up in your favorite editor, we have some tweaking to do.

These are just my recommendations - yours may well be different. Use your better judgement.

Uncomment the following:

• LoginGraceTime 2m
• MaxAuthTries 6
• PermitEmptyPasswords no

That's it. Not too hard, eh? Now we need to start the SSHD server and add it to the start-up routine. Yes! I made a script for this. Follow along:

Read the script - the header includes directions on how to create a local daemon startup routine. AIX is not like the others (BSD, System V, etc), though it pretends to be.

VII. Helpful Links

• OpenSSH Manual Pages
• OpenSSL Docs
• IBM SUMA Commands Reference
• AIX commands you should not leave home without
• AIX Hardening