Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
61626364656667686970
and modifying it with compartment-specific data, including setting the HostKey parameter
to /var/hpsrp/compartment_name/opt/ssh/ssh_host_rsa_key.
Creates compartment-specific initialization scripts and startup file to start the sshd with
the compartment-specific sshd_config file when the compartment startup script is executed.
The setup script:
Creates the compartment-specific startup configuration file,
/var/hpsrp/compartment_name/etc/rc.config.d/sshd, which specifies the
compartment-specific sshd configuration file as a startup argument for sshd.
Adds the startup and shutdown script secsh to the compartment-specific init.d
directory, /var/hpsrp/compartment_name/sbin/init.d. This file is linked to
the /var/hpsrp/compartment_name/sbin/rc2.d/S393secsh and
/var/hpsrp/compartment_name/sbin/rc1.d/K393sech files.
Completing the Configuration
After you apply the sshd cmpt service and the default sshd provisioning script, you can start
the SRP compartment, and have a fully-functional sshd service running in the compartment.
Before starting the SRP compartment, you can optionally edit the compartment sshd_config
file (the default location is /var/hpsrp/compartment_name/opt/ssh/sshd_config).
Distributing the Host Public Key File
If a client has the StrictHostKeyChecking directive set to yes, you must add the host public
key file (ssh_host_dsa_key.pub or ssh_host_rsa_key.pub) to the client configuration,
as described in the HP-UX Secure Shell documentation.
Starting the Compartment
To start the SRP compartment, use the following command:
srp -start compartment_name
For more information about starting SRP compartments, see Chapter 10 (page 65).
Replacing or Deleting SSHD SRP Data
Use the following command to replace sshd template data in an SRP compartment:
srp -r[eplace] compartment_name -t sshd [-s service[,service]...]
The srp -replace command deletes the specified data, then prompts you for replacement
data. For example, the following command deletes all the IPFilter data for the sshd template,
then prompts you for replacement data:
srp -replace myCmpt -t sshd -s ipfilter
Use the following command to delete sshd template data from an SRP compartment:
srp -d[elete] compartment_name -t sshd [-s service[,service]...]
CAUTION: If you do not specify the -template and -service arguments, srp deletes the
compartment or replaces all data for the compartment. For example, the srp -delete myCmpt
command deletes the myCmpt SRP compartment.
For more information, see “Deleting Configuration Data” (page 69) and “Replacing Configuration
Data” (page 69).
64 Using the sshd Template