Go to main content

Managing Secure Shell Access in Oracle® Solaris 11.3

Exit Print View

Updated: June 2019
 
 

How to Use the OpenSSH Implementation of Secure Shell

Before You Begin

You must be assigned the Software Installation rights profile to add packages to the system. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.


Caution

Caution  -  Beginning with the Oracle Solaris 11.3 SRU 5 release, the OpenSSH implementation of Secure Shell has been upgraded to a version that requires active attention from system administrators. See OpenSSH Implementation of Secure Shell.


  1. Find out whether the openssh package is installed.
    # pkg list openssh
    pkg list: no packages matching the following patterns are installed:
      openssh
  2. If the openssh package is not listed, install the package.
    # pkg install network/openssh
  3. View all implementations of Secure Shell on the system.
    # pkg mediator -a ssh
    MEDIATOR     VER. SRC. VERSION IMPL. SRC. IMPLEMENTATION
    ssh          vendor            vendor     sunssh
    ssh          system            system     openssh

    In the output, vendor indicates the default implementation, which is sunssh in this release.

  4. Switch to the openssh implementation.
    # pkg set-mediator -I openssh ssh
                Packages to change:   3
               Mediators to change:   1
                Services to change:   1
           Create boot environment:  No
    Create backup boot environment: Yes
    PHASE                                          ITEMS
    Removing old actions                           34/34
    Updating modified actions                      25/25
    Updating package state database                 Done
    Updating package cache                           0/0
    Updating image state                            Done
    Creating fast lookup database                   Done
    Updating package cache                           1/1

    Note -  The changes will include all the appropriate man pages for the implementation that you select.

    This command restarts the Secure Shell server. The existing Secure Shell connections continue to work. Users currently on the server can continue to use the prior implementation, or they can log out and log in to use the new implementation.

  5. (Optional) Display the implementation of Secure Shell that is in effect.
    $ pkg mediator ssh
    MEDIATOR   VER. SRC.   VERSION   IMPL. SRC.   IMPLEMENTATION
    ssh        system                local        openssh

    In this example, the openssh implementation is enabled.

    For further information about using the pkg mediator command, see Changing the Preferred Application in Adding and Updating Software in Oracle Solaris 11.3 and the pkg(1) man page.

  6. (Optional) Revert to SunSSH.
    # pkg set-mediator -I sunssh ssh

    This command restarts the Secure Shell server. The existing Secure Shell connections continue to work. Users currently on the server can continue to use the prior implementation, or they can log out and log in to use the new implementation.