HP-UX Secure Resource Partitions (SRP) A.02.00 Administrator's Guide
The provision Service
The provision service executes the customizable script /opt/hpsrp/bin/util/secsh_setup
to provision (deploy) an sshd service in the SRP compartment. This script also configures the
SRP compartment to start the sshd daemon when the compartment starts. Because the SRP
compartment starts at system startup time, an sshd daemon will automatically start in the
compartment at system startup time.
Input Data
SRP prompts for the following data:
sshd data path
Specifies the compartment-specific target directory for
sshd configuration and key files.
Variable Name: data_path.
Default: /var/hpsrp/compartment_name/opt/ssh.
sshd executable path
The location of the executables for the HP-UX Secure Shell
product.
Variable Name: exec_path.
Default: /opt/ssh.
Copy SSH config data from
Specifies the directory from which you want to copy SSH
configuration data. In most cases, this should be the
newconfig directory shipped with the HP-UX Secure
Shell product.
Variable Name: data_src.
Default: /opt/ssh/newconfig.
sshd port number
Specifies the TCP port number on which the compartment
sshd will receive connection requests.
Variable Name: sshd_port.
Valid Input: A TCP port number in the range 1- 65535.
Default: 22, the IANA registered port number for SSH
login.
Configuration Data
By default, the /opt/hpsrp/bin/util/secsh_setup script:
• Uses the SSH ssh-keygen utility to generate an RSA key pair to use for the sshd host key
pair. These keys are stored in the compartment-specific sshd data path directory
(/var/hpsrp/compartment_name/opt/ssh) with the following names:
ssh_host_rsa_key (RSA private key)
ssh_host_rsa_key.pub (RSA public key)
• Creates a compartment-specific copy of the sshd configuration file by copying the
sshd_config file from the specified data_src directory to the to the data_path directory
Adding the sshd Template to an SRP Compartment 63