bootsys.1m (2012 03)
b
bootsys(1M) bootsys(1M)
bootsys must use public/private key authentication in conjunction with an
ssh-agent process. This
allows
bootsys to automatically perform its tasks without intervention.
When
bootsys is invoked with the -S
flag, it verifies that the user has created a public RSA or DSA
key, and checks the
SSH_AGENT_PID
environment variable to determine whether an ssh-agent pro-
cess has been started. If this check shows no
ssh-agent process has been started, bootsys starts
the
ssh-agent and uses ssh-add to register the user’s private key with the agent. If the private key
is protected with a passphrase, the user is prompted for the passphrase.
The
bootsys command then attempts to execute commands on the client via
ssh. If the user’s public
key has not been placed in the
˜/.ssh/authorized_keys
file on the client, bootsys prompts the
user asking whether to copy the public key files
˜/.ssh/id_rsa.pub
and ˜/.ssh/id_dsa.pub
files to the client’s
˜/.ssh/authorized_keys
file using ssh.Ifbootsys starts an
ssh-agent
process, that process will be killed before bootsys
exits.
Important: The bootsys command does not attempt to determine if you have modified the value for
AuthorizedKeysFile in the
sshd configuration file
/etc/opt/ssh/sshd_config
on the client sys-
tem. If you modify this value Ignite-UX
ssh
support will not work. Also, the bootsys command does
not attempt to locate non-default locations for the user’s public/private key files.
Two public/private key pairs are involved when communicating with a remote system: a host key and a
user key. The host key identifies the computer systems involved in the communication, and the user key
identifies the specific user. The first time
ssh is used to communicate with a remote system, unless your
system administrator has already registered the remote system in the file
/etc/ssh/ssh_known_hosts
, the user is prompted with a message similar to:
The authenticity of host ’test4 (10.1.48.124)’ can’t
be established. RSA key fingerprint is
3d:6b:c6:ce:b0:58:60:2a:53:c1:19:b5:ec:84:77:b1.
Are you sure you want to continue connecting (yes/no)?
This prompt is asking the user to accept the key identifying the remote host. Answer "yes" to this ques-
tion if you are certain that you are connected to the intended client system. For more information about
host keys, see the VERIFYING HOST KEYS section of ssh(1).
The host key prompt above is only issued once. Upon answering "yes", that host’s public key is stored in
the user’s
˜/.ssh/known_hosts
file and is validated for each new ssh session. If the private host key
changes for any reason, a message similar to
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now
(man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
4b:85:69:9a:ed:9d:b9:0a:e0:23:d7:d9:1c:c0:38:0e.
Please contact your system administrator.
Add correct host key in /home/smith/.ssh/known_hosts to get
rid of this message.
Offending key in /home/smith/.ssh/known_hosts:32
RSA host key for test4 has changed and you have requested
strict checking.
Host key verification failed.
is issued. This may occur for several reasons. It is possible that OpenSSH has been removed and rein-
stalled, HP-UX has been reinstalled, a networking misconfiguration problem exists so that you are con-
nected to the wrong client, or a genuine breach of security has occurred. Before taking any action, the
user should determine what has caused the host key to change. If the host key changed for a legitimate
reason, such as reinstallation of the operating system of the client, it is safe to remove the offending entry
(in this case, line 32) from the known_hosts file. See ssh(1) and ssh-keygen(1) for more informa-
tion.
For more information on the features, benefits, and assistance with troubleshooting ssh, please review the
material available at the following URL:
4 Hewlett-Packard Company − 4 − HP-UX 11i Version 3: March 2012