Managing Serviceguard Extension for SAP, December 2007

Step-by-Step Cluster Conversion

HP-UX Configuration

Chapter 3 133

IS270 Installation Step:

If you allow remote access using the secure shell mechanism:

1. Check with swlist to see if ssh (T1471AA) is already installed on the

system:

swlist | grep ssh

If not, it can be obtained from

http://www.software.hp.com/ISS_products_list.html.

2. Create a public and private key for the root user:

ssh-keygen -t dsa

Executing this command creates a .ssh directory in the root user’s home

directory including the following files:

id_dsa

id_dsa.pub

The file id_dsa.pub contains the security information (public key) for

the user@host pair e.g. root@<local>. This information needs to be

added to the file $HOME/.ssh/authorized_keys2 of the root and

<sid>adm user.

Create these files if they are not already there. This will allow the root

user on <local> to remotely execute commands via ssh under his own

identity and under the identity of <sid>adm on all other relevant nodes.

On each cluster node where a SGeSAP package can run, test the remote

access to all relevant systems as user root with the following commands:

ssh <hostN> date

ssh -l <sid>adm <hostN> date

Do these tests twice since the first ssh command between two user/host

pairs usually requires a keyboard response to acknowledge the exchange

of system level id keys.

Make sure that $HOME/.ssh/authorized_keys2 is not writable by group

and others. The same is valid for the complete path.

Permissions on ~<user> should be 755. Permissions on

~<user>/.ssh/authorized_keys2 must be 600 or 644.

Allowing group/other write access to .ssh or authorized_keys2 will

disable automatic authentication.