Secure Shell (SSH) in HP SIM

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager 5.x HP-UX Software

<HP SIM>/config

/sshtools/.dtfSshKey.pub

in Windows and

/etc/opt/mx/config/sshtools/.dtfSshKey.pub

in Linux and HP

UX.



User public key authentication is attempted first. The SSH server on the managed system

attempts to find a matching public key for the specified user.

These keys are normally stored

in a file

authorized_keys2

, which is located in the

.ssh

subdirectory of the specified

user’s home directory.

(For Windows, the file location is

Documents and

Settings

Administrator

.ssh

and in

Program Files

System

s Insight

Manager

config

sshtools

hpl1pa01.wbemqa.com



If the user key authentication fails, host authentication is attempted. The SSH server attempts

to find the public key in the list of acceptable hosts, typically stored in the

etc/ssh_known_hosts

(For Windows, the file location is

Program

Files

OpenSSH

etc

ssh_known_hosts

and

Program

Files

OpenSSH

etc

shosts.equiv

)

. In addition, the name of the client system (for

example, the CMS) must be listed in the

etc/shosts.equiv

file.

See

Directory location of

various SSH files

to find these files.

Note

: HP recommends that users root and Administrator not be authenticated

using host

based authentication.

ser public key authentication is r

ecommended, although

password authentication can also be used.



If neither methods succeed

, HP SIM verifies if an SSH password has been configured for this

user and managed system. This can be configured in the HP SIM user interface or command

line. If p

resent, this is passed to the SSH server which uses its own system authentication to

validate the password.

HP SIM provides command line tools and Web

based interfaces to manage and configure the SSH

user credentials:



The

sshuser

tool

is new

for HP SIM

and is

used on a Windows managed system to

manage user entries in the

passwd

file.



The

mxagentconfig

tool is used to copy the public key from the CMS to the managed system

for user or host

based authentication. This tool can also be used to validate t

he SSH

configuration and to remove entries from the CMS known_hosts file.



The

mxnodesecurity

tool

is used to save passwords on the CMS for use with SSH and other

protocols.



The

Install OpenSSH

tool

installs and configures OpenSSH on Windows managed syste

ms.



The

Configure or Repair Agents

tool

configures users for SSH access on managed systems.



The

SSH Keys

tool

is used to manage the authentication mode and known_hosts entries on the

CMS.

For more information, see

HP SIM commands and tools

Renamed or disabled ‘Administrator’ account

Often the Windows Administrator account has been renamed for security reasons, and HP SIM tools

should be run with this renamed account. HP SIM automatically detects the renamed account during

instal

lation and sets the global property

WindowsAdminUserName

to this name. Any tools that run as

Administrator automatically run with this changed name.

mxglobalsettings

ld WindowsAdminUserName

WindowsAdminUserName = MyAdmin

In some circumstances

the Ad

ministrator account might be disabled. In this case, you must specify a

different administrative account for tools to use by changing this global property:

mxglobalsettings

s WindowsAdminUserName=MyDomain

AlternateAdmin