Manualshelf

Secure Shell (SSH) in HP Systems Insight Manager 5.1 and 5.2

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager for Linux
21222324252627282930
25
3.
Is the OpenSSH server installed and working correctly?
Verify that OpenSSH is i
nstalled on the target system and that the service OpenSSH Server is
running. You can use the Install OpenSSH tool to install the software on a managed system.
If it is installed but not running, check the system application log for any errors from the
O
penSSH or SSH applications.
The OpenSSH installer makes some security setting changes if you are running Windows
2003 or Windows XP SP2. Local security policy settings must allow these settings:
a.
Open the
Control Panel
Administrative Tools
Local Securi
ty Policy
to
open the security policy window.
b.
Find the policies for
Create a token object
,
Replace a process level token
and
Log on as a service
. The account used to run OpenSSH service should have
been added to each of these policies. You can manually a
dd the policy
by double
-
clicking each of these privileges in turn and adding service account. The account
used for OpenSSH must have a
ll three of these policies.
c.
After double
-
clicking,
click
Add User or Group
, and enter the service account
name in the
Ent
er the object names to select
field.
d.
Click
Check Names
to verify the entry and then click
OK
.
You can verify operation of the SSH server using the SSH command line utility. This is
shipped with OpenSSH and allows interactive login using SSH. Try to log
in using the user
name from step 1, including the domain name if applicable.
CMS> ssh administrator@blade08
administrator@blade08's password:****
Last login: Tue Jul 12 11:31:48 2005 from mysystem.hp.com
Microsoft Windows 2000 [Version 5.00.2195]
(C) Co
pyright 1985
-
2000 Microsoft Corp.
C:
\
Documents and Settings
\
Administrator>
You can run SSH with the
v option to produce verbose output, which can help diagnose any
problems.
4.
Does the
known_hosts
file have a different host key for the target system?
A m
ismatched host key can be caused by reinstalling OpenSSH on the target system, or can
indicate an imposter. By default, HP SIM does not validate host keys, but this can be
enabled for more secure installations. You can remove a managed system from the HP
SIM
known_hosts
file using the
-
r option of mxagentconfig:
CMS> mxagentconfig
-
r
-
n blade08
Successfully unregistered from localhost