Manualshelf

Secure Shell (SSH) in HP SIM

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager for Linux
21222324252627282930
authorizations to
ensure that this user is a valid HP SIM user and
is
authoriz
ed
to run tools on
the CMS.
3.
Is the OpenSSH server installed and working correctly?
Verify that OpenSSH is installed on the target system and that the service OpenSSH Server is
running. You ca
n use the Install OpenSSH tool to install the software on a managed system.
If it is installed but not running,
look for errors from the OenSSH or SSH applications in the
system application log.
The OpenSSH installer makes some security setting changes
if you are running Windows
Server
2003 or Windows XP SP2. Local security policy settings must allow these settings:
a.
Open the
Control Panel
Administrative Tools
Local Security Policy
to open the
security policy window.
b.
Find the policies for
Create a token
object
,
Replace a process level token
and
Log on
as a service
. The account used to run OpenSSH service
must be
added to each of
these policies. You can manually add the policy
by double
-
clicking each of these
privileges and adding service account
s
. The ac
count used for OpenSSH must have
a
ll three of these policies.
c.
After double
-
clicking,
click
Add User or Group
, and enter the service account name in
the
Enter the object names to select
field.
d.
Click
Check Names
to verify the entry and then click
OK
.
You
can verify operation of the SSH server using the SSH command line utility. This is
shipped with OpenSSH and allows interactive login using SSH. Try to log in using the user
name from step 1, including the domain name if applicable.
CMS> ssh administrator
@blade08
administrator@blade08's password:****
Last login: Tue Jul 12 11:31:48 2005 from mysystem.hp.com
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985
-
2000 Microsoft Corp.
C:
\
Documents and Settings
\
Administrator>
You can run SSH with the
v option to produce verbose output, which can help diagnose any
problems.
4.
Does the
known_hosts
file have a different host key for the target system?
A mismatched host key can be caused by reinstalling OpenSSH on the target system, or can
indicate an impo
ster. By default, HP SIM does not validate host keys, but
you
can enable
this
feature
for more secure installations. You can remove a managed system from the HP SIM
known_hosts
file using the
-
r
option of
mxagentconfig
:
CMS> mxagentconfig
-
r
-
n blade08
Suc
cessfully unregistered from localhost