The SSH program lets you log into and execute commands on a remote system. SSH enables encrypted communications and an authentication process between two untrusted hosts over an insecure network. SSH is the preferred method of remote communication because it provides a greater level of security than the remote shell suite of protocols. Veritas recommends configuring a secure shell environment before installing any Veritas product. The following is an example SSH setup procedure.
Note Read the SSH documentation and online manual pages before enabling SSH. Visit the OpenSSH website for more information. Contact your OS support provider for issues regarding SSH configuration.
System output similar to the following is displayed:
Generating public/private dsa key pair.
Enter file in which to save the key (//.ssh/id_dsa):
/.ssh/id_dsa
. System output similar to the following is displayed:
Enter passphrase (empty for no passphrase):
/.ssh
directory is on all the target installation systems. If that directory is missing, create it on the target system and set the write permission to root only:
Subsystem sftp /opt/ssh/libexec/sftp-server
If this is the first time this step is run on a system, output similar to the following displays:
The authenticity of host 'target_sys (10.182.00.00)'
can't be established. DSA key fingerprint is
fb:6f:9e:61:91:9e:44:6b:87:86:ef:68:a6:fd:87:7d.
Are you sure you want to continue connecting (yes/no)?
Warning: Permanently added 'target_sys,10.182.00.00'
(DSA) to the list of known hosts.
The following output is displayed:
Uploading /.ssh/id_dsa.pub to /id_dsa.pub
id_dsa.pub
file:
#
cat /.ssh/id_dsa.pub >> /.ssh/authorized_keys
id_dsa.pub
public key file after it is copied to the target (host) system and added to the authorized keys file, type the following command:
id_dsa.pub
key to the local /.ssh/authorized_key
file:
#
cat /.ssh/id_dsa.pub >> /.ssh/authorized_keys
The installation can fail if the installation source system is not authenticated.
root
:
#
exec /usr/bin/ssh-agent $SHELL
Identity added: /.ssh/identity
This is a shell-specific step and is valid only while the shell is active. You must execute the procedure again if you close the shell during the session.
#
ssh -l root
target_sys
uname -a
The commands should execute on the remote system without the system requesting a passphrase or password.