Secure Shell (SSH) in HP Systems Insight Manager 5.1 and 5.2

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager 6.x HP-UX Software

The version of OpenSSH provided by HP SIM on Windows is not compatible with the F

Secure

versions.

Which HP SIM features use SSH?

HP SIM uses SSH to run commands on managed systems. These command

s include the Command

Line Tools plus many HP

UX and Linux management tools. The Virtual Machine Management Pack

(VMM) plug

in to HP SIM requires SSH on the virtual machine host system in order to deploy the VMM

agent. In addition you can add your own to

ols that use SSH.

Custom commands are executed on the CMS platform from HP SIM. When you select a custom

command to be executed against a set of managed systems, the HP SIM custom command process

logs into the platform using SSH and the current HP SIM si

gn in, then the process is executed on the

CMS platform. The list of systems is passed to the DTF through an environmental variable. The custom

command then does what it was written to do against each target system. It is not necessary for the

target syste

ms to be running SSH to function properly. The custom command could operate though

another protocol that, for example, network switches understand. Unlike most command line tools,

only the CMS platform has to be running an SSH server to enable custom comma

nds. This is true with

some of the HP SIM plug

ins such as HP ProLiant Essentials Vulnerability and Patch Management Pack

(VPM), HP ProLiant Essentials Rapid Deployment Pack (RDP) 2.0, HP ProLiant Essentials Performance

Management Pack (PMP), and Open Serv

ice Event Manager (OSEM).

Command line tool execution is a powerful capability. There are two types of tools:



Single

system aware (SSA)



Multi

system aware (MSA)

MSA tools function similar to custom commands in that the tool is run on an execution system,

which is

usually the CMS platform, and the target systems are passed by using an environmental variable. The

tool is responsible for communicating with the managed systems using whatever protocol it uses.

Software Distributor for HP

UX is an example of an

MSA tool. The execution system is the system

running the Software Distributor service. SSH must be running on that system so that the CMS can

contact it with information about the software to install and the managed systems on which to install it.

Unlike

custom commands and command line tools, SSA tools are run directly on the managed system.

The DTF opens an SSH client connection with each of the target systems, executes the command over

the SSH protocol, and stores any output, including valid command out

put as well as error messages,

in the HP SIM database. This process occurs on each target system that you selected which requires

each target system to be running an SSH server. Examples of both MSA and SSA command line tools

that ship with HP SIM can be

found in

Appendix B: Tool examples

A special SSH bypass feature on the CMS enables MSA tools to run without SSH if they are to run on

the CMS as the Administrator or root account; other MSA tools and all SSA tools and custom

comm

ands require SSH.

To summarize, the CMS must have an SSH server installed and configured to run any custom

commands and most MSA command line tools,

unless

the tool is to run as Administrator or root. In

addition, each managed system that you want to se

lect as a target for an SSA command line tool

must be running a properly configured SSH server.

SSH Bypass

The special SSH Bypass feature enables MSA commands to be run on the CMS without using SSH.

Due to security concerns, only commands that are intende

d to run as root or administrator should be

run with this bypass feature. The actual list of user names that use the bypass feature is listed in the

HP SIM global setting property

mx_dtf_ssh_bypass_user

; the HP SIM installation includes the

user Administr

ator or root. The current value of this property can be viewed with the following

command: