Secure Shell (SSH) in HP SIM

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager 5.x HP-UX Software

HP SIM issues c

ustom commands on the CMS platform from. When you select a custom command to

issued

against a

set of managed systems, the HP SIM custom command process logs into the

platform using SSH and the current HP SIM sign in,

and

then the process is

issued

on the CMS

platform. The

systems list

is passed to the DTF through an environmental variable. The cust

command then

executes

against each target system.

The

target systems

do not need to run

SSH to

function properly. The custom command

can

opera

te though another protocol that,

network switches

understand. Unlike most command

line tools, only the CMS plat

form

must run

an SSH server to enable

custom commands. This is true with some HP SIM plug

ins such as



Insight

Vulnerability and Patch Manage



Insight Control server deployment

2.0,



Insight Control performance management



Open Service Event M

anager (OSEM).

Command

line tool execution is a powerful capability

that uses the following

tools:



Single

system aware (SSA)



Multi

system aware (MSA)

MSA tools function

similar to custom commands in that the tool run

on an execution system, which

usually the CMS platform

he target systems are passed using an environmental variable. The tool

communicates

with the managed systems using protocol

that the managed system

uses. Software

Distributor for HP

UX is an MSA tool. The execution system is the

system running the Software

Distributor service. SSH must be running on that system so that the CMS can contact it with

information about the software to install and the managed systems on which to install it.

Unl

ike custom commands and command

line tools,

SSA tools run directly on the managed system. The

DTF opens an SSH client connection with each

target system

issues

the command over the SSH

protocol, and stores any output, including valid command output as well as error messages, in the HP

SIM database

This process occurs on each target system that you selected

ach target system

must

be running an SSH server.

For e

xamples of both MSA and SSA command

line tools that ship with HP

SIM

, see

Appendix B: Tool examples

A special S

SH bypass feature on the CMS enables MSA tools to run without SSH if they run on the

CMS as th

e Administrator or root account.

ther MSA tools and all SSA tools and custom commands

require SSH.

SSH Bypass

The special SSH Bypass feature enables MSA comma

nds to run on the CMS without using SSH.

Because of

security concerns, only commands that are intended to run as root or administrator should

run with this bypass feature.

The actual list of user names that use the bypass feature is listed in the

HP SI

M global setting property

mx_dtf_ssh_bypass_user

he HP SIM installation includes t

user Administrator or root. You can view t

he current value of this property

using

the following

command:

mxglobalsettings

ld mx_dtf_ssh_bypass_user

mx_dtf_ssh_bypass

_user = Administrator

You can add users

by separating the user names with commas and no spaces.

Domain accounts

require two backslashes between the domain name and the user name, such as

domain

user

mxglobalsettings

mx_dtf_ssh_bypass_user=Administ

rator,Domain

SIM

You must restart

HP SIM after making changes to the bypass user.

How does HP SIM use SSH?

HP SIM acts like the SSH client described earlier. The main difference to an interactive SSH client is

that

you must preconfigure

HP SIM with appr

opriate keys, passwords, and rules

about handling

security warnings.