3.12 ssh

Previous page
Table of content
Next page
 <  Day Day Up  >  

After default installation of any SuSE or Red Hat system, the only way to access it remotely is by using ssh. The telnet port is closed by default and we strongly recommend, for security reasons, that you do not change it.

If you are accessing the system from another Linux box, you will usually have the openssh client installed.

For AIX 5L, you can install it from:

http://www-124.ibm.com/developerworks/projects/opensshi

For AIX 4.3, you can install it from:

http://www-1.ibm.com/servers/aix/products/aixos/linux/download.html

On Windows, you can use one of three ssh clients , for example, putty:

http://www.putty.nl/download.html

For the same security reason, we did not want to use .rhosts file and rsh. In order to be able to run unattended remote commands or file copies, we need to set up ssh for passwordless login. This can be achieved through ssh key exchange.

In a test environment, this can be done in both ways, but in a production environment, we recommend that you enable login from a central management server to the nodes only, not from every node to every node.

3.12.1 Exchanging ssh keys

In this example, we enable passwordless login from serverA (lpar7) to serverB (lpar1). This requires two steps: generating a public key on serverB, and placing this key in .ssh/authorized_keys2 file on serverA.

In order to generate a public key on serverB, we run following command: 

 lpar7:~# ssh-keygen -t rsa -b 1024 -N ""

As a result, two files are created in /root/.ssh directory: id_rsa and id_rsa.pub.

In the next step, we copy the file to the serverA: 

 lpar7:~# scp id_rsa.pub lpar1:/tmp

We add its content to the /root/.ssh/authorized_keys2: 

 lpar1:~ # cat /tmp/id_rsa.pub >> /root/.ssh/authorized_keys2

Now we can go back to serverA (lpar7) and try ssh login to serverB (lpar1). If everything is correct, we will not be prompted for a password: 

 lpar7:~/.ssh # ssh lpar1 Last login: Mon Nov  3 18:17:41 2003 from lpar7 lpar1:~ #

If your public key authentication does not work, then look in /var/log/messages for the reason and check the permissions (0655 for public key and 600 for id.rsa). A world readable home directory will prevent this authentication from working, as well.

Important

If you are going to implement CSM, then do not exchange root keys manually; CSM will take care of this. You can exchange keys for other users.


 <  Day Day Up  >  

Previous page
Table of content
Next page
Quintero - Deploying Linux on IBM E-Server Pseries Clusters
Quintero - Deploying Linux on IBM E-Server Pseries Clusters
ISBN: N/A
EAN: N/A
Year: 2003
Pages: 108
BUY ON AMAZON
Java I/O
MySQL Stored Procedure Programming
CISSP Exam Cram 2
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
An Introduction to Design Patterns in C++ with Qt 4
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy