Secure Shell (SSH) in HP Systems Insight Manager 5.1 and 5.2
14
c.
The command completed successfully. mxagentconfig should be run on the CMS to
configure public key authentication for the administrator user
mxagentconfig
-
a
-
n <managed system>
-
u administrator
3.
Usi
ng the ProLiant Support Pack
OpenSSH can be installed as part of software and firmware updating using a ProLiant
support pack. This installs the SSH server but does not configure SSH for access from the
CMS. Step 2 above (Separate OpenSSH Install) must
be followed to configure the HP SIM
user and keys.
Linux or HP
-
UX managed systems normally have SSH installed and running. See the operating system
documentation for details to enable SSH if needed. SSH must still be configured for access by the
CMS use
r. Either use the Configure or Repair Agents tool or run
mxagentconfig
to enable public
key access for the root user:
mxagentconfig
-
a
-
n <
managed system
>
-
u root
After completing these steps SSH is installed and configured for use by the standard HP SIM
tools,
which run as root or Administrator.
Other users might also need to be configured for SSH access, including any user who is to run a
custom command or a tool that does not include an execute
-
as
-
user statement and any user name that
is specified in
an execute
-
as
-
user statement. If additional users are to be configured you must add
these users to the passwd file on the managed system using sshuser (for Windows only), and run
mxagentconfig to enable access by the CMS.
Configuration Options
The above
steps configure the CMS and managed system to run SSH tasks as the Windows
Administrator (which might be renamed from Administrator) or as root, using public key user
authentication. There are additional options, which might be useful in your environment
:
When managing Linux or HP
-
UX systems and using tools that run as a user (rather than as
root), it might be convenient to use host
-
based authentication. (This is not as useful on
Windows because each user must still be added to the passwd file.) Note th
at the root user
needs specific user public key authentication as host
-
based authentication is not supported for
root or Administrator.
mxagentconfig
-
a
-
n <managed system>
-
u root
–
o host
Password authentication can be used as an alternative to key
-
based
authentication, for
example, if there are problems installing the keys on the managed system. The CMS must be
configured with the password to use for the managed system.
mxnodesecurity
–
a
–
p ssh
–
c root:mypwd
–
n <managed system>
SSH files
There are a numb
er of important files involved in correct configuration and operation of SSH.
On each managed system configured for SSH there are the following files:
The SSH server program files
The SSH server private key
ssh_host_dsa_key
and the corresponding public ke
y
ssh_host_dsa_key.pub
. These keys are generated when SSH is installed and are used
to identify the managed system.
The SSH server configuration file,
sshd_config
. Among other settings, this file enables
host authentication and user key authentication.