Secure Shell (SSH) in HP Systems Insight Manager 5.1 and 5.2

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager for Linux

MyAdmin

:unused_by_nt/2000/xp:500:513:U

BRIAN06

MyAdmin,S

1148942700

1292286586

3675345140

500:/home/Administrator:/bin/switch

SIM

nused_by_nt/2000/xp:1011:513:Account for HP SIM Service,U

BRIAN06

SIM,S

1148942700

1292286586

3675345140

1011:/home/SIM:/bin/switch

mydomain

joe

:unused_by_nt/2000/xp:9159:513:JOE,U

mydomain

joe,S

27163274

143742939

1512734326

9159:/cygdrive/C

/Documents and

Settings/hpsimssh:/bin/switch

When the HP SIM OpenSSH package is installed on the Windows platform, a password entry for

whatever user name is running the install, as well as Administrator is created at

Program

Files

OpenSSH

etc

passwd

. T

he Administrator user name is set due to all of the HP SIM

preinstalled Windows command line tools which run as Administrator. (Note this user name might

have been renamed, in which case HP SIM configures SSH with this renamed user name). The

etc

group fi

le is also created at install time, but this file should not need updating to add subsequent

user names.

Additional user names are authorized by creating an entry for each one. The entry actually contains a

SID and the password remains internal to Windows

and is not included in this file. HP SIM provides a

utility,

sshuser

, to manage this file (

Program Files

OpenSSH

bin

sshuser.exe

). This

command looks in the user’s settings and extracts relevant information for the user name and the

user’s home director

y. The output from sshuser is concatenated to the end of the passwd file. See to

sshuser

for more details.

HP SIM commands and tools

sshuser

This command is to be used on a Windows managed system to maintain the list of users th

at are

allowed access through SSH. This command is installed with the version of OpenSSH supplied by HP

SIM and it adds entries to the passwd file on a managed system.

Note:

sshuser

is a new utility included with the OpenSSH supplied by HP SIM 5.x and r

eplaces the

mxpasswd

command previously available. This utility was not supplied with previous version of

OpenSSH from HP. If not present on the managed system it can be copied from the HP SIM

installation directory (

Program Files

Systems Insight

anager

lbin

sshuser.exe

For example, the following command permits SSH access for user joe in the Windows domain

MyDomain:

sshuser

–

u joe

–

d MyDomain

–

f "C:

Program Files

OpenSSH

etc

passwd"

This command adds the following entry to the end of the pas

swd file:

mydomain

joe:unused_by_nt/2000/xp:9159:513:JOE,U

mydomain

joe,S

27163274

143742939

1512734326

9159:/cygdrive/C/Documents and

Settings/hpsimssh:/bin/switch

The domain name is included with the user, to remove any conflicts between users fro

m different

domains with the same name. The home directory specified is hpsimssh rather than the user’s real

home directory; this is because this user has never logged into this system before and therefore does

not have a real home directory assigned by W

indows. The home directory specified here is used to

locate the ssh keys for user authentication; as the same keys are used by HP SIM for all users, a

common home directory sshuser can be used.

Sshuser also ensures that the passwd file only contains a s

ingle entry for a given user. It removes

duplicate entries for the given user.

Sshuser must be run by an administrator of the system, and (for HP’s implementation of OpenSSH on

Windows) only administrators can be given SSH access. In addition, the user

running sshuser must