Secure Shell (SSH) in HP Systems Insight Manager 5.1 and 5.2

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager for Linux

SIM>/config/sshtools/.dtfSshKey.pub

in Windows and

/etc/opt/mx/config/sshtools/.dtfSshKey.pub

in Linux and HP

UX.



User public key authentication is attempted first. The SSH server on the managed

system

attempts to find a matching public key for the specified user. These keys are normally stored

in a file

authorized_keys2

, which is located in the

.ssh

subdirectory of the specified

user’s home directory.



If the user key authentication fails, hos

t authentication is attempted. The SSH server attempts

to find the public key in the list of acceptable hosts, typically stored in the

etc/ssh_known_hosts

file. In addition, the name of the client system (for example, the

CMS) must be listed in the

etc/s

hosts.equiv

file. Refer to

Directory location of various

SSH files

to find these files.

Note

: HP recommends that users root and Administrator not be authenticated using host

based authenticatio

n; user public key authentication is recommended instead, although

password authentication can also be used.



If neither of these methods succeed, HP SIM verifies if an SSH password has been configured

for this user and managed system. This can be config

ured in the HP SIM user interface or

command line. If present, this is passed to the SSH server which uses its own system

authentication to validate the password.

HP SIM provides command line tools and Web

based interfaces to manage and configure the SS

user credentials:



sshuser

is a new tool for HP SIM 5.x used on a Windows managed system to manage user

entries in the passwd file.



mxagentconfig

tool is used to copy the public key from the CMS to the managed system

for user or host

based authenticatio

n. This tool can also be used to validate the SSH

configuration and to remove entries from the CMS known_hosts file.



mxnodesecurity

is used to save passwords on the CMS for use with SSH and other

protocols.



Install OpenSSH

installs and configures OpenSS

H on Windows managed systems.



Configure or Repair Agents

configures users for SSH access on managed systems.



SSH Keys

is used to manage the authentication mode and known_hosts entries on the CMS.

Full details of these are described in the section

HP SIM commands and tools

Renamed or disabled ‘Administrator’ account

Often the Windows Administrator account has been renamed for security reasons, and HP SIM tools

should be run with this renamed account. HP SIM automatically detects

the renamed account during

installation and sets the global property

WindowsAdminUserName

to this name. Any tools that are

to run as Administrator automatically run with this changed name.

mxglobalsettings

ld WindowsAdminUserName

WindowsAdminUserNa

me = MyAdmin

In some circumstances the Administrator account might be disabled. In this case, you must specify a

different administrative account for tools to use by changing this global property:

mxglobalsettings

s WindowsAdminUserName=MyDomain

Alte

rnateAdmin

Note

: HP SIM must be restarted after making changes to the Windows Administrator user name.

Add this user account to HP SIM with full

configuration

rights and authorizations on all systems,

including the CMS, using the

Options



Security



Users

Authorizations

menu or the

following command: