Technical Notes

Upgrading F-Secure UNIX Server
Technical Note 1935
Last Reviewed 26-May-2005
Applies To
F-Secure SSH Server for UNIX version 3.30 through 5.x
Summary

The technical note outlines the steps to follow to upgrade the F-Secure SSH Server for UNIX from version 3.3 to version 5.0.

Upgrading the F-Secure SSH Server for UNIX is a multi-step process:

1. Stop the SSH Daemon

Stop the Secure Shell (SSH) daemon using the command appropriate for your host:

• Linux: The F-Secure SSH daemon is stopped automatically when you run the rpm command.
• Solaris: /etc/init.d/sshd2 stop
• HP-UX: sbin/init.d/sshd2 stop
• AIX: kill 'cat /etc/ssh2/sshd2_22.pid'

Note: Command paths may vary depending on your host configuration.

2. Back Up the Files

Back up the sshd2_config file, the sshd_config file, and the host keys prior to upgrading. These files and keys should be preserved during the upgrade process, but it is a good idea to back them up before proceeding.

Locate the config and host files by issuing the following command:

After you install 5.0, restore the config files and host keys to the new directory, \etc\ssh2.

3. Prepare for a Binary Installation

The initial steps to prepare for a binary installation are the same for all UNIX platforms. The actual installation and system configuration of F-Secure SSH is platform specific. For details, see 4. Install on Your Platform.

Note: The following examples describe installing F-Secure SSH for UNIX server software, but the same commands can be used to install F-Secure SSH Client for UNIX software.

To prepare for the binary installation:

1. Before starting the installation, make sure you have the product keycode available. You received the keycode with the CD when you purchased F-Secure SSH.
2. Locate the correct zip package from the CD. The zip packages can be found in the /[platform]/sshunix/ directory on the CD.
3. Using either WinZip or InfoZip, extract the files from the original zip package to a directory on your UNIX system. The zip file is password-protected with the keycode that comes with the CD.

• In WinZip, a separate dialog box opens prompting you for a keycode. The keycode is case-sensitive; enter it exactly, including the hyphens.
• In InfoZip, you are prompted for license keycode. The keycode is case-sensitive; enter it exactly, including the hyphens.

User and Server Files and Directories

The location of client and server binaries depends on your UNIX platform and how you installed the software. Normally all client and server binaries are located in the /usr directory. However, if you install binaries from a package in the tar-format, the binaries will be in the /usr/local directory.

The following tables show the default locations (on some common UNIX platforms) for F-Secure SSH for UNIX user and server files and directories.

User Files and Directories

$HOME/.ssh2	Directory containing all SSH user-related files
$HOME/.ssh2/ssh2_config	User SSH client configuration file
$HOME/.ssh2/identification	File showing which key(s) to use for public-key authentication
$HOME/.ssh2/authorization	File showing which key(s) to accept when logging on to a user account with public-key authentication
$HOME/.ssh2/hostkeys	Directory containing the public keys of all known SSH servers (that is, the machines to which the user has previously connected)
$HOME/.ssh2/knownhosts	Directory containing the public keys of the hosts from which the user wants to log on using host-based authentication

Server Files and Directories

/etc/ssh2/	Directory containing all SSH server-related files
/etc/ssh2/ssh2_config	System-wide client configuration file
/etc/ssh2/sshd2_config	System-wide server configuration file
/etc/ssh2/hostkey	Private host key used for server authentication
/etc/ssh2/hostkey.pub	Public host key used for server authentication

4. Install on Your Platform

The instructions for installing F-Secure SSH for UNIX vary depending on your platform. This section includes steps for installing on the following platforms:

For installation instructions on platforms not covered in this note, see the platform-specific documentation shipped with your software package.

Installing on Linux Platforms

The F-Secure SSH products for Linux platforms are supplied in RPM (Red Hat Package Manager) binary packages.

Note: On a Linux system with RPM packages, you can use rpm -Uvh to upgrade the older installation.

Change your working directory to the directory where you extracted the software and run the following command with root privileges:

The command varies according to the software and RPM release version. For example, server may be replaced with client, and the letters x.y-z should be replaced with the appropriate release number.

The software is now ready for use. Start the SSH server daemon by running the following command:

To uninstall F-Secure SSH on the Linux platform:

Uninstall the package by entering the following command with root privileges:

The F-Secure SSH daemon is stopped automatically when you run the rpm command with the –e switch.

Installing on Sun Solaris Platforms

The F-Secure SSH package for Sun Solaris SPARC platform includes compiled binaries for Solaris 2.6, 7, 8, and 9.

Note: On Solaris, you must remove the old package using the pkgrm command before you install a new package.

To install F-Secure SSH with pkgadd, run the following command:

To uninstall F-Secure SSH on the Sun Solaris platform:

You must manually shut down the F-Secure SSH daemon before uninstalling the package. Run the following command to stop the daemon:

Uninstall the package by using the following command with root privileges:

Installing on HP-UX Platforms

Install the package by using the following command with root privileges:

Note: <path to package> is the absolute path and name of the distribution file.

Start the F-Secure SSH daemon running the following command:

To uninstall F-Secure SSH on the HP-UX platform:

You must manually shut down the F-Secure SSH daemon before uninstalling the package. Run the following command to stop the daemon:

Uninstall the package by using the following command with root privileges:

Installing on IBM AIX Platforms

Note: On AIX, you must locate and remove the .toc file or the package will not upgrade because the directory where the files are installed will not be found.

Install the package by using one of the following commands:

If you want to apply the package without committing, you can use the -a flag with installp. Packages that are applied but not committed can be rejected later.

For more information about the installp command, refer to the AIX manual pages.

To uninstall F-Secure SSH on the IBM AIX platform:

You must manually shut down the F-Secure SSH daemon before uninstalling the package. Run the following command to stop the daemon:

Uninstall the package by entering the following command with root privileges: