PLABS
softwareguideswar roomaboutgo-home

IBM AIX 7.1: Setting Up TCP/IP, SSH and a GNU C / C++ Development Environment on AIX
January 9, 2012

Operating System
Platform
Applications
IBM AIX
v7.1
POWER5
OpenSSLOpenSSHGCC

I. Abstract

This document describes the process of setting up a GNU application development environment on AIX 7.1. Thankfully, IBM does a great job of making AIX compatible with Linux and the GNU environment. However the RPMs that they offer are horribly out of date, and should be avoided.

A huge thanks goes to Michael Perzl for his hard work on creating hundreds of AIX RPMs that are WAY more up to date than the neglected bits available directly from IBM. The only software we'll be compiling from source is OpenSSL and OpenSSH. You don't want to be a day behind on those!

Test Platform:

  • IBM p5 520 Type 9131-52A
  • 1.9Ghz POWER5+ CPU / 4GB RAM
  • AIX Version 7.1


II. Install and Setup the Operating Environment

One odd caveat here. If you, like me, use a terminal server like Cisco (w/ NM-16A Async Network Module) for the installation of AIX, you may notice everything is fine until it reboots and prompts for login. You type root and hit enter, and it scrolls away and starts over! There is a strange quirk with IBM's serial pinouts. I had to do a direct serial to a Linux box and use minicom to login and do the rest (remember, POWER systems default to 19200 baud). When you finish with this guide, you can use SSH over TCP/IP.

I won't go over the installation procedure for AIX, because it is painfully easy. Too easy, actually. You really can't do anything but pick what software you want. So. I will assume that you performed a base installation, with nothing extra (no CDE, KDE, Gnome, etc.). This is my "Install Options" screen (New and Complete Overwrite method):

  1. Desktop...........................................NONE
  2. Graphics Software.................................No
  3. System Management Client Software.................No
  4. Create JFS2 File Systems..........................Yes
  5. Enable System Backups to install any system.......NO
    (Installs all devices)

You also have the option of which Edition to install, the choices being Express, Standard and Enterprise.

Once you are done that part, the system will reboot and you should be presented with the "Installation Assistant" menu (after accepting the license(s)). Here you can set the root password and IP information. If you don't get this screen, just login as root, change the password, and setup networking - hacking it old school style. Substitute your specific numbers:

# mktcpip -h earth -a 192.168.0.10 -m 255.255.255.192 -i en0 -n 4.2.2.2 -d procyonlabs.com -g 192.168.0.1 -s -C 0 -A no

For the curious, this page will give you much more detail on this task:

Of course, if you like menus, you can use smitty mktcpip.

Now, figure out how you want to handle your partitioning. AIX uses LVM by default. It has a bit of a learning curve. This site has a great overview of commands available to perform common tasks within an LVM environment. Just make sure you have plenty of room in /usr (most of our activities will be in there) and /var (where most log files will go). Other directories will need to be fattened up as well, for general O/S functionality and patching/binary bits (/opt, /tmp, etc.).

For example, this will increase the size of the /usr partition by 10 gigabytes and the /var partition by 6 gigabytes. Oh, and here is a tip. The AIX version of df can take the -m flag to display space in megabytes and -g for gigabytes. Just a friendly tip.

# chfs -a size=+10G /usr
# chfs -a size=+6G /var

Let's add a user. Of course, this is an example. For more details, visit here or here.

# mkuser id='1000' randy
# passwd randy

Also, you'll want to add /usr/local/bin to your $PATH (that's where most compiled software binaries go). Edit the /etc/environment file, and place /usr/local/bin: right after PATH= (so it will be first in the search path).

One last thing here. The AIX installation does not include the AIX Math Library libm libraries (by default) needed for many open source applications. It is on CD #1 of the installation set (specifically, the bos.adt fileset). Insert disc one and then do the following as root to install it:

# installp -acgNYXd /dev/cd0 bos.adt.libm

If you have the bos.adt fileset itself in another directory (for example, /home/randy), the process is pretty much the same:

# installp -acgNYXd /home/randy bos.adt.libm


III. Update / Patch System

IBM made software updates a little easier when they introduced the Service Update Management Assistant (SUMA). This tool makes it a far simpler task to download (and automate downloads) of fix packs and technology levels. You still need smit update_all to apply them, however. The easiest was to use SUMA is via smit:

# smit suma

If you get an error like this:

The environment variable TERM is currently set to a terminal type that does not support the full screen display capabilities required for SMIT.

you will need to define one of the following (most popular, there are others) depending on what type of terminal you have.:

  • export TERM=vt100
  • export TERM=vt320
  • export TERM=lft - (low format terminal)

Now you should be presented with the SUMA options menu. Select Download Updates Now (Easy). Next, select Download Maintenance Level or Technology Level. The next screen will ask you to enter the level to which you would like to upgrade to. The latest as of this writing is 7100-01-00-1140, so enter that (unless there is a newer one available, check IBM's support site for current status).

It may take a long long long time. Be patient. Once it is finished (it will say Command: OK on the upper left of the screen), hit F10 to exit (Esc-0 if using serial connection). By default, all updates are placed in the /usr/sys/inst.images directory. Now it is time to install them!

# smit update_all

Enter the directory name that contains the *.bff files (ex. /usr/sys/inst.images). You can keep all the other options at the default, though I'd change "ACCEPT new license agreements?" to yes.

When the process is finished, reboot for good measure.


IV. Download and Install Software Packages

First, we need wget. I use that for everything. I also use /usr/src to store my downloaded packages and source code. IBM's "Toolbox" has all the latest 2004 has to offer:

# cd /usr/src
# ftp -p ftp.software.ibm.com
  (login as anonymous)

ftp> cd aix/freeSoftware/aixtoolbox/RPMS/ppc/wget
ftp> bin
ftp> get wget-1.9.1-1.aix5.1.ppc.rpm
ftp> quit

# rpm -ivh wget-1.9.1-1.aix5.1.ppc.rpm
# rm wget-1.9.1-1.aix5.1.ppc.rpm

I wrote a small script to help download all the necessary files. To download the script, do the following:

# wget http://www.procyonlabs.com/guides/aix/7.1/gnu_dev_ssh/get_dev_rpms.ksh
# ksh get_dev_rpms.ksh

Now we'll install everything:

# rpm -hUv --nodeps *.rpm
# rm *.rpm
# rm get_dev_rpms.ksh


V. Download and Compile OpenSSL / OpenSSH

Since we have bash now, let's use it! If you like ksh, skip it.

# bash

Ahh, much better. Next, OpenSSL:

# cd /usr/src
# wget http://www.openssl.org/source/openssl-1.0.0f.tar.gz
# gunzip openssl-1.0.0f.tar.gz
# tar xvf openssl-1.0.0f.tar
# rm openssl-1.0.0f.tar
# cd openssl-1.0.0f
# ./config zlib --prefix=/usr/local
# make && make install

Finally, OpenSSH.

We need to add the sshd user:

# mkuser sshd

Next, we download, compile and install:

# cd /usr/src
# wget --passive ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.9p1.tar.gz
# gunzip openssh-5.9p1.tar.gz
# tar xvf openssh-5.9p1.tar
# rm openssh-5.9p1.tar
# cd openssh-5.9p1
# ./configure --prefix=/usr/local --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local
# make && make install


VI. Configuration

As we configured the OpenSSH installation, the sshd_config file is in /etc/ssh/. Bring that up in your favorite editor, we have some tweaking to do.

These are just my recommendations - yours may well be different. Use your better judgement.

Uncomment the following:

  • LoginGraceTime 2m
  • MaxAuthTries 6
  • PermitEmptyPasswords no

That's it. Not too hard, eh? Now we need to start the SSHD server and add it to the start-up routine. Yes! I made a script for this. Follow along:

# /usr/local/sbin/sshd
# cd /etc/rc.d/init.d
# wget http://www.procyonlabs.com/guides/aix/7.1/gnu_dev_ssh/rc.sshd
# chmod 700 rc.sshd

Read the script - the header includes directions on how to create a local daemon startup routine.


VII. Helpful Links

 


© 2014 Procyon Labs / Randal T. Rioux