csshsetup.1 (2012 03)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

csshsetup(1) csshsetup(1)

NAME

csshsetup - Simpliﬁes conﬁguring the Secure Shell public-key user authentication between systems. This

establishes a security domain for the cluster. csshsetup is part of the Distributed Systems Administration

Utilities (DSAU).

SYNOPSIS

csshsetup [-hvr][-k type]{-f hostﬁle | hostname}

DESCRIPTION

The csshsetup command simpliﬁes the task of setting up ssh public-key authentication trust relationships

for a set of managed systems. The csshsetup command employs the round-robin key-exchange feature

that you must use in a Serviceguard cluster to establish an "any-member-to-any-member" ssh trust rela-

tionship. This allows tools like

cexec(1),

ccp(1), and cps(1) to be used cluster-wide or across a set

of systems with an ssh trust relationship.

csshsetup creates the user ﬁles necessary to conﬁgure public

key user authentication on a Secure Shell client.

Using the round-robin (

-r) option, sets up bi-directional authentication for all speciﬁed systems. For

example, if the hostlist contains the members of a cluster, the -r option lets any member connect using

ssh to any other member, including itself. The same is true for an arbitrary list of distributed systems.

Using -r greatly simpliﬁes the manual steps required to generate and distribute the ssh keys.

When executed, it checks for public keys, and may prompt the user for the following information:

• The user’s password on the remote host. Users are prompted for the password for the speciﬁed

user account on the remote host because password authentication is the only authentication

available when the command is ﬁrst executed.

• The ssh client may prompt for adding the key ﬁngerprint of the remote host.

If csshsetup cannot ﬁnd any public keys, the ssh-keygen command runs (the key is saved with an empty

passphrase). For additional information, see the ssh manpage.

Following these steps, the csshsetup command creates the following identiﬁcation and authorization

directory and ﬁles:

• A directory called $HOME/.ssh for the user on the client ($HOME is the name of the user’s

home directory). All ﬁles created by the csshsetup command are located in this directory.

• The key-pair (private and public keys) ﬁles are:

• The $HOME/.ssh/id_rsa ﬁle contains the user’s private key. Only the user for which the key

was created can access this ﬁle. This ﬁle is stored on the local node.

• The $HOME/.ssh/id_rsa.pub ﬁle contains the user’s public key. The user ﬁle id_rsa.pub is

copied to the public key authentication on the server to which the user will connect. This ﬁle

is copied to all remote hosts where you want to set up an ssh trust.

• The authorized-key ﬁle is called $HOME/.ssh/authorized_keys2. It contains the names of

public keys for remote hosts from which the users can access their user accounts on the local

host. With keys exchanged in this manner, the remote user does not need a password to access

the local account. There is an authorized-key ﬁle on each host where you use ssh and with

which you have exchanged keys.

After creating all ﬁles, the csshsetup command distributes the user’s public key to the remote host using

the

ssh command. With the -r option, the command distributes and conﬁgures the user’s public key on

all speciﬁed hosts in a round-robin or n-squared fashion.

See the ssh manpage for more information about Secure Shell user authentication.

Options

-f hostfile Reads a list of remote hosts speciﬁed in the hostﬁle, one host per line.

If the remote host is in a different domain than the local host, you must specify the full domain

name.

If a hostname is supplied instead of a hostﬁle name,

csshsetup reads host names from stan-

dard input, typically the command line.

-h Displays help on

csshsetup command options.

HP-UX 11i Version 3: March 2012 − 1 − Hewlett-Packard Company 1

Summary of content (4 pages)

PAGE 1
csshsetup(1) csshsetup(1) NAME csshsetup - Simplifies configuring the Secure Shell public-key user authentication between systems. This establishes a security domain for the cluster. csshsetup is part of the Distributed Systems Administration Utilities (DSAU). SYNOPSIS csshsetup [-hvr] [-k type] {-f hostfile | hostname} DESCRIPTION The csshsetup command simplifies the task of setting up ssh public-key authentication trust relationships for a set of managed systems.
PAGE 2
csshsetup(1) -k type csshsetup(1) Specifies the type of key to create. Possible values are rsa or dsa for ssh protocol version 2. The default key type is rsa. -r hostfile Configures user authentication between all hosts in a round-robin fashion using a list of hosts in hostfile. -v Displays verbose output. hostname Specifies the name of a single remote host with which to exchange keys. A cA SECURITY FEATURES The rsa or dsa private key is saved with an empty passphrase.
PAGE 3
csshsetup(1) csshsetup(1) RSA key fingerprint is 65:22:fb:fa:fa:03:3d:14:16:4d:ff:39:65:3d:68:47. Are you sure you want to continue connecting (yes/no)? no Host key verification failed. Failure: Unable to exchange keys with host10.company.com Testing... Success: host04.company.com -> Success: host04.company.com -> Success: host04.company.com -> Success: host06.company.com -> Success: host06.company.com -> Success: host06.company.com -> Success: host07.company.com -> Success: host07.company.
PAGE 4
csshsetup(1) csshsetup(1) $HOME/.ssh2/id_dsa Contains the default DSA private key for the user. $HOME/.ssh2/id_dsa.pub Contains the default DSA public key for the user. SEE ALSO ccp(1), cexec(1), clog(1M), clog_wizard(1M), csync_wizard(1M), cwall(1M), cuptime(1), pdsh(1), pdcp(1).