solaris patch installation for dummy

Important for solaris 10 user!

If your patch list included 141742-0?, make sure your /etc/ssh/sshd_config contain the following line for preferred encryption. Test it before start your patching.

Ciphers aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc

See the bug detail from here:

Here we go!
Continue reading “solaris patch installation for dummy”

matching cipher is not supported: aes256-cbc

ssh failed after 141742-01/02 patch on solaris 10 !

enabled aes192/aes256 support in ssh/sshd does not work on S10u3 or older released

A workaround is to disable the use of aes192/aes256 ciphers for ssh and sshd. Change the two config files /etc/ssh/ssh_config and /etc/ssh/sshd_config and add the following line:

Ciphers aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc

You’ll have to restart sshd to pickup the change (“svcadm restart ssh”).

TCP High Performance Networking Options

High Performance Networking Options

The options below are presented in the order that they should be checked and adjusted.

Maximum TCP Buffer (Memory) space: All operating systems have some global mechanism to limit the amount of system memory that can be used by any one TCP connection. [more][less]

Socket Buffer Sizes: Most operating systems also support separate per connection send and receive buffer limits that can be adjusted by the user, application or other mechanism as long as they stay within the maximum memory limits above. These buffer sizes correspond to the SO_SNDBUF and SO_RCVBUF options of the BSD setsockopt() call. [more][less]

Continue reading “TCP High Performance Networking Options”