Secure Shell (SSH) in HP SIM

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager for Linux

If the key being presented by HP SIM is listed in the file, the SSH server uses it to encrypt a challenge

to return to HP SIM.

he SSH server enables the user to sign in provided the response to the challenge

is correct. If the public key is not present, t

he public key authentication fails.

While the

authorized_keys2

file can be maintained manually, HP SIM provides the

mxagentconfig

utility to maintain this file.

Host

Based Authentication

Two files in the SSH server configuration directory (for example,

Program

Files

OpenSSH

etc

) are used to configure host

based authentication. The file,

shosts.equiv,

is a list of host names that are accepted for host

based authentication, for example, the DNS name of

each CMS that can manage this system. The file,

ssh_

known_hosts,

is a list of public keys for

these host CMS systems.

Passwd and group files

For Windows systems

the

passwd

file is located in the

Program Files

OpenSSH

etc

directory. After the SSH session is established between the SSH client and the S

SH server, the SSH

client transmits the login user name to the SSH server. For each user name allowed to use SSH, there

must be an entry in the

passwd

file. If a user name is not listed in the password file but tries to log

in,

the connection fails with a

permission denied authentication error.

The following example

passwd

file contains three lines for three different users: local administrator

MyAdmin, local user SIM, and user joe from domain mydomain:

MyAdmin

:unused_by_nt/2000/xp:500:513:U

BRIAN06

MyAdmi

n,S

1148942700

1292286586

3675345140

500:/home/Administrator:/bin/switch

SIM

:unused_by_nt/2000/xp:1011:513:Account for HP SIM Service,U

BRIAN06

SIM,S

1148942700

1292286586

3675345140

1011:/home/SIM:/bin/switch

mydomain

joe

:unused_by_nt/2000/x

p:9159:513:JOE,U

mydomain

joe,S

27163274

143742939

1512734326

9159:/cygdrive/C/Documents and

Settings/hpsimssh:/bin/switch

When the HP SIM OpenSSH package is installed on the Windows platform, a password entry for

whatever user name is running the i

nstall, as well as Administrator is created at

Program

Files

OpenSSH

etc

passwd

. The Administrator user name is set due to all the HP SIM

preinstalled Windows command line tools which run as Administrator. (Note this user name might

have been renamed, i

n which case HP SIM configures SSH with this renamed user name). The

etc

group file is also created at install

ation

time, but this file should not need updating to add

subsequent user names.

Additional user names are authorized by creating an entry for eac

h one. The entry actually contains

SID and the password remains internal to Windows and is not included in this file. HP SIM

provides a utility,

sshuser

, to manage this file (

Program

Files

OpenSSH

bin

sshuser.exe

). This command looks in the user’s se

ttings and extracts

relevant information for the user name and the user’s home directory. The output from sshuser is

concatenated to the end of the

passwd

file. See to

sshuser

for more details.

HP SIM commands and tools

sshuser

This command is used on a Windows managed system to maintain the list of users that are allowed

access through SSH. This command is installed with the version of OpenSSH supplied by HP SIM

and it adds entries to the

passwd

file on a managed system.