Secure Shell (SSH) in HP Systems Insight Manager 5.1 and 5.2
13
>
mxuser
–
a MyDomain
\
AlternateAdmin
-
p full
–
C Administrator
Note:
If you run the mxuser command, you must assign the appropriate authorizations to the user by
running the mxauth command.
This user account
will also need to be authorized for SSH access on the managed system: it must be
added to the passwd file and be set up for user, host or password authentication. Running the
Configure or Repair Agents tool with this user name will set up the system appr
opriately. Decide
which method to use by referring to the
Configuration steps
section.
Configuration steps
When HP SIM is initially installed on the CMS system, SSH is configured in the following way:
If installing on Windows:
o
OpenSSH is installed, with the special version of Cygwin
o
The name of the administrator account (which might have been renamed from
Administrator) is saved
o
The installing user and administrator are added to the passwd file (in
C:
\
Program
Files
\
OpenSSH
\
etc
)
o
The installing user and administrator are configured for user public key authentication
o
The administrator is configured for the SSH bypass feature
If installing on Linux or HP
-
UX
o
SSH should be preinstalled from the operating system
o
The root user is config
ured for user public key authentication
o
The root and Administrator users are configured for the SSH bypass feature
OpenSSH can be installed on managed systems that are to run SSA tools. There are a number of
ways to install OpenSSH to a Windows system:
1.
U
sing the Install OpenSSH tool
This is perhaps the easiest way to deploy OpenSSH to a Windows managed system. The
tool runs the OpenSSH installation, adds both the user specified and the administrator user to
the passwd file, and then configures these user
s for public key authentication from the CMS.
This tool is only available on a CMS that runs on Windows and the OpenSSH can be
deployed only to Windows management systems.
2.
Separate OpenSSH Install
The OpenSSH install package can run from the HP SIM downl
oad or management CD, or
can downloaded separately from the HP SIM website.
Once the installer has been run, the system must be configured for access by HP SIM. Either
run the Configure or Repair Agents tool on the systems, specifying the administrator
or other
account to be used by SSH; or take the following steps:
a.
The user used by HP SIM must be added to the passwd file using the sshuser utility on the
managed system. (The example here shows user MyDomain
\
MyAdmin.)
sshuser
–
u MyAdmin
–
d MyDomain
–
f
"C:
\
Program Files
\
OpenSSH
\
etc
\
passwd"
b.
The user must be an explicit member of the local administrators group, as domain groups
are not checked by OpenSSH. If a domain user is used, add the user to Administrators if
it is not already a member of this gro
up.
net localgroup administrators MyDomain
\
MyUser /add