==========================================================================
#!/bin/ksh
# =========================================================================
# upgrade_ssh_ifix.ksh - Upgrade SSH/SSL and apply IFIXes on AIX remotely
# Usage : ./upgrade_ssh_ifix.ksh <hostname>
# Author : Tasleem A Khan
# =========================================================================
# --- Usage Check ---
if [ $# -ne 1 ]; then
echo "Usage: $0 <hostname>"
exit 1
fi
HOST=$1
SSH="ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 -q"
SCP="scp -o StrictHostKeyChecking=no -o ConnectTimeout=10 -q"
NIM=$(hostname)
SOFTSRC="/software/openssh-ssl"
echo "=============================================================="
echo " Starting OpenSSH/OpenSSL upgrade on host: $HOST"
echo " NIM Server: $NIM"
echo "=============================================================="
echo
#!/bin/ksh
# =========================================================================
# upgrade_ssh_ifix.ksh - Upgrade SSH/SSL and apply IFIXes on AIX remotely
# Usage : ./upgrade_ssh_ifix.ksh <hostname>
# Author : Tasleem A Khan
# =========================================================================
# --- Usage Check ---
if [ $# -ne 1 ]; then
echo "Usage: $0 <hostname>"
exit 1
fi
HOST=$1
SSH="ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 -q"
SCP="scp -o StrictHostKeyChecking=no -o ConnectTimeout=10 -q"
NIM=$(hostname)
SOFTSRC="/software/openssh-ssl"
echo "=============================================================="
echo " Starting OpenSSH/OpenSSL upgrade on host: $HOST"
echo " NIM Server: $NIM"
echo "=============================================================="
echo
# --- Step 1: Check remote connectivity ---
echo "[CHECK] Testing SSH connectivity to $HOST..."
if ! ${SSH} ${HOST} "hostname" >/dev/null 2>&1; then
echo "[ERROR] Unable to connect to $HOST via SSH. Aborting."
exit 2
fi
echo "[OK] SSH connectivity verified."
echo
# --- Step 2: Prepare temporary directory for SSH/SSL install ---
echo "[INFO] Preparing /tmp/openssh-ssl directory..."
${SSH} ${HOST} "rm -rf /tmp/openssh-ssl && mkdir -p /tmp/openssh-ssl"
# --- Step 3: Copy installation files ---
echo "[INFO] Copying installation files from $SOFTSRC to $HOST..."
${SCP} ${SOFTSRC}/* ${HOST}:/tmp/openssh-ssl/ >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "[ERROR] File copy failed. Check $SOFTSRC path and permissions."
exit 3
fi
echo "[OK] Files copied successfully."
echo
# --- Step 4: Install OpenSSH and OpenSSL base packages ---
echo "[INFO] Installing OpenSSH and OpenSSL base packages..."
${SSH} ${HOST} "installp -aXYd /tmp/openssh-ssl \
openssh.base openssh.license openssh.man.en_US \
openssl.base openssl.license openssl.man.en_US \
openssh.msg.EN_US openssh.msg.en_US" >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "[WARNING] installp encountered warnings or errors. Verify manually."
fi
echo "[OK] Installation phase complete."
echo
# --- Step 5: Apply IFIX packages (epkg.Z) ---
echo "[INFO] Applying IFIX packages..."
for FIX in 3013ma.240923.epkg.Z 973013sa.250306.epkg.Z; do
echo " -> Applying IFIX: $FIX"
${SSH} ${HOST} "emgr -e /tmp/openssh-ssl/$FIX" >/dev/null 2>&1
done
echo "[OK] IFIXes applied successfully."
echo
# --- Step 6: Restart SSHD service ---
echo "[INFO] Restarting SSHD service..."
${SSH} ${HOST} "stopsrc -s sshd >/dev/null 2>&1; sleep 3; startsrc -s sshd >/dev/null 2>&1"
if [ $? -eq 0 ]; then
echo "[OK] SSHD restarted successfully."
else
echo "[WARNING] SSHD restart failed. Please check manually."
fi
echo
# --- Step 7: Cleanup temporary files ---
echo "[INFO] Cleaning up temporary files..."
${SSH} ${HOST} "rm -f /tmp/openssh-ssl/* /tmp/openssh-ssl/.toc; rmdir /tmp/openssh-ssl" >/dev/null 2>&1
echo "[OK] Cleanup completed."
echo
# --- Step 8: Post-upgrade validation ---
echo "[INFO] Post-upgrade validation:"
echo "--------------------------------------------------------------"
${SSH} ${HOST} "oslevel -s"
${SSH} ${HOST} "lslpp -L | grep -E 'openssh|openssl' | grep -v fileset"
${SSH} ${HOST} "emgr -l | grep -E 'State|Label|Description' | head -n 15"
${SSH} ${HOST} "lppchk -v >/dev/null 2>&1; echo 'lppchk -v: completed successfully'"
echo "--------------------------------------------------------------"
echo
echo "===== OpenSSH/OpenSSL Upgrade Completed Successfully on $HOST ====="
exit 0
==========================================================================
Example Output:
Here’s what you’ll typically see when you run:
# ./upgrade_ssh_ifix.ksh aixlpar01
Example output:
echo "[CHECK] Testing SSH connectivity to $HOST..."
if ! ${SSH} ${HOST} "hostname" >/dev/null 2>&1; then
echo "[ERROR] Unable to connect to $HOST via SSH. Aborting."
exit 2
fi
echo "[OK] SSH connectivity verified."
echo
# --- Step 2: Prepare temporary directory for SSH/SSL install ---
echo "[INFO] Preparing /tmp/openssh-ssl directory..."
${SSH} ${HOST} "rm -rf /tmp/openssh-ssl && mkdir -p /tmp/openssh-ssl"
# --- Step 3: Copy installation files ---
echo "[INFO] Copying installation files from $SOFTSRC to $HOST..."
${SCP} ${SOFTSRC}/* ${HOST}:/tmp/openssh-ssl/ >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "[ERROR] File copy failed. Check $SOFTSRC path and permissions."
exit 3
fi
echo "[OK] Files copied successfully."
echo
# --- Step 4: Install OpenSSH and OpenSSL base packages ---
echo "[INFO] Installing OpenSSH and OpenSSL base packages..."
${SSH} ${HOST} "installp -aXYd /tmp/openssh-ssl \
openssh.base openssh.license openssh.man.en_US \
openssl.base openssl.license openssl.man.en_US \
openssh.msg.EN_US openssh.msg.en_US" >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "[WARNING] installp encountered warnings or errors. Verify manually."
fi
echo "[OK] Installation phase complete."
echo
# --- Step 5: Apply IFIX packages (epkg.Z) ---
echo "[INFO] Applying IFIX packages..."
for FIX in 3013ma.240923.epkg.Z 973013sa.250306.epkg.Z; do
echo " -> Applying IFIX: $FIX"
${SSH} ${HOST} "emgr -e /tmp/openssh-ssl/$FIX" >/dev/null 2>&1
done
echo "[OK] IFIXes applied successfully."
echo
# --- Step 6: Restart SSHD service ---
echo "[INFO] Restarting SSHD service..."
${SSH} ${HOST} "stopsrc -s sshd >/dev/null 2>&1; sleep 3; startsrc -s sshd >/dev/null 2>&1"
if [ $? -eq 0 ]; then
echo "[OK] SSHD restarted successfully."
else
echo "[WARNING] SSHD restart failed. Please check manually."
fi
echo
# --- Step 7: Cleanup temporary files ---
echo "[INFO] Cleaning up temporary files..."
${SSH} ${HOST} "rm -f /tmp/openssh-ssl/* /tmp/openssh-ssl/.toc; rmdir /tmp/openssh-ssl" >/dev/null 2>&1
echo "[OK] Cleanup completed."
echo
# --- Step 8: Post-upgrade validation ---
echo "[INFO] Post-upgrade validation:"
echo "--------------------------------------------------------------"
${SSH} ${HOST} "oslevel -s"
${SSH} ${HOST} "lslpp -L | grep -E 'openssh|openssl' | grep -v fileset"
${SSH} ${HOST} "emgr -l | grep -E 'State|Label|Description' | head -n 15"
${SSH} ${HOST} "lppchk -v >/dev/null 2>&1; echo 'lppchk -v: completed successfully'"
echo "--------------------------------------------------------------"
echo
echo "===== OpenSSH/OpenSSL Upgrade Completed Successfully on $HOST ====="
exit 0
==========================================================================
Example Output:
Here’s what you’ll typically see when you run:
# ./upgrade_ssh_ifix.ksh aixlpar01
Example output:
==============================================================
Starting OpenSSH/OpenSSL upgrade on host: aixlpar01
NIM Server: nim-master01
==============================================================
[CHECK] Testing SSH connectivity to aixlpar01...
[OK] SSH connectivity verified.
[INFO] Preparing /tmp/openssh-ssl directory...
[OK] Created temporary directory.
[INFO] Copying installation files from /software/openssh-ssl to aixlpar01...
[OK] Files copied successfully.
[INFO] Installing OpenSSH and OpenSSL base packages...
[OK] Installation phase complete.
[INFO] Applying IFIX packages...
-> Applying IFIX: 3013ma.240923.epkg.Z
-> Applying IFIX: 973013sa.250306.epkg.Z
[OK] IFIXes applied successfully.
[INFO] Restarting SSHD service...
[OK] SSHD restarted successfully.
[INFO] Cleaning up temporary files...
[OK] Cleanup completed.
[INFO] Post-upgrade validation:
--------------------------------------------------------------
7200-05-09-2346
openssh.base 9.0.100.250923 COMMITTED OpenSSH Secure Shell Server
openssl.base 3.0.10.250923 COMMITTED OpenSSL Cryptography Library
State = Applied Label = 3013ma.240923.epkg.Z
State = Applied Label = 973013sa.250306.epkg.Z
lppchk -v: completed successfully
--------------------------------------------------------------
===== OpenSSH/OpenSSL Upgrade Completed Successfully on aixlpar01 =====
No comments:
Post a Comment