HP Systems Insight Manager 7.2 Technical Reference Guide
NOTE: OpenSSH can also be installed from the HP SIM menu by selecting Deploy→Deploy
Drivers, Firmware and Agents→Install OpenSSH or through Configure or Repair Agents.
• SSH
SSH is used to log in to another system over a network and execute commands on that system.
It also enables you to move files from one system to another, and it provides authentication
and secure communications over secure channels.
You can download SSH from the HP Software Depot (http://www.software.hp.com/).
To install the SSH provider from the Manage Communications page, select Quick Repair→Install
Providers and Agents→Install OpenSSH. To configure OpenSSH from the Manage
Communications page, select Quick Repair→Install Providers and Agents→Install
OpenSSH→Configure secure shell (SSH) access.
Trusted certificates
Trusted certificates provide the highest level of security. Users with administrative rights can import
certificates from other systems into the Systems Insight Manager Trusted System Certificates List.
The purpose of the Trusted System Certificates List in Systems Insight Manager is to maintain a list
of certificates in the Systems Insight Manager keystore. Certificates include the Systems Insight
Manager system certificate and the certificates of managed systems that are trusted by the Systems
Insight Manager system. These imported certificates are placed in the keystore and appear in the
Trusted System Certificates List.
There are two options for accepting managed system certificates: Always Accept and Require.
Always Accept is the default option, but it is vulnerable to man-in-the-middle attacks. With this
option selected, as you browse to each managed system, their certificate is added to the HP SIM
Trusted System Certificate List. If you select Require, you must set up the trust by manually installing
the system certificate into the HP SIM Trusted System Certificate List. This option is the most secure.
The HP SIM certificate must also be installed on the managed system. For more information about
exporting the HP SIM server certificate, see Exporting a server certificate.
Importing trusted certificates
Procedure 305 Importing certificates into the Trusted System Certificates List
1. Next to the Certificate filename field, click Browse.
The Choose file dialog box appears.
2. Navigate to the location of the certificate to be imported, and then select the file name. Click
Open.
Setting trust relationships
Configuration of the managed system
For Single Sign On and STE to function properly, the managed system must be running a supported
agent and be configured to trust the HP SIM server. The trust mode is configured from the HP SMH.
The following trust modes are available:
Trust By Certificate. The Trust by Certificate mode sets the System Management Homepage to accept
configuration changes only from HP SIM servers with trusted certificates. This mode requires the
submitted server to provide authentication by means of a digital signature and certificates. This
mode provides the highest level of security because it verifies the digital signature before allowing
access. HP recommends this option.
NOTE: If you do not want to enable any remote configuration changes by HP SIM, leave Trust
by Certificate selected, and leave the list of trusted systems empty.
Manage communications Learn More links 449