-
Log in as root on the source system from which you want to install the Veritas product.
-
To generate a DSA key pair on the source system, type the following:
# ssh-keygen -t dsa
System output similar to the following is displayed:
Generating public/private dsa key pair.
Enter file in which to save the key (//.ssh/id_dsa):
-
Press Enter to accept the default location of /.ssh/id_dsa. System output similar to the following is displayed:
Enter passphrase (empty for no passphrase):
-
Do not enter a passphrase. Press Enter: Enter same passphrase again:
Press Enter again.
-
Make sure the /.ssh directory is on all the target installation systems. If that directory is missing, create it on the target system and set the write permission to root only:
# mkdir /.ssh
# chmod go-w /
# chmod 700 /.ssh
# chmod go-rwx /.ssh
-
Make sure the secure file transfer program (SFTP) is enabled on all the target installation systems. To enable SFTP, the /etc/ssh/sshd_config file must contain the following two lines:
PermitRootLogin yes
Subsystem sftp /usr/lib/ssh/sftp-server
-
If the lines are not there, add them and restart SSH. To restart SSH on Solaris 10, type the following command:
# svcadm restart ssh
To restart on Solaris 9, type the following commands:
# /etc/init.d/sshd stop
# /etc/init.d/sshd start
-
To copy the public DSA key, /.ssh/id_dsa.pub to each target system, type the following commands:
# sftp target_sys
If this is the first time this step is run on a system, output similar to the following displays:
Connecting to target_sys...
The authenticity of host 'target_sys (10.182.00.00)'
can't be established. DSA key fingerprint is
fb:6f:9e:61:91:9e:44:6b:87:86:ef:68:a6:fd:87:7d.
Are you sure you want to continue connecting (yes/no)?
-
Enter yes. Output similar to the following is displayed:
Warning: Permanently added 'target_sys,10.182.00.00'
(DSA) to the list of known hosts.
root@target_sys password:
-
Enter the root password.
-
At the sftp prompt, type the following command:
sftp> put /.ssh/id_dsa.pub
The following output is displayed:
Uploading /.ssh/id_dsa.pub to /id_dsa.pub
-
To quit the SFTP session, type the following command:
sftp> quit
-
To begin the ssh session on the target system, type the following command: #
ssh target_sys
-
Enter the root password at the prompt:
password:
-
After logging in, enter the following command to append the authorization key to the id_dsa.pub file:
# cat /id_dsa.pub >> /.ssh/authorized_keys
-
To delete the id_dsa.pub public key file after it is copied to the target (host) system and added to the authorized keys file, type the following command:
# rm /id_dsa.pub
-
To log out of the ssh session, type the following command:
# exit
-
When installing from a source system that is also an installation target, add the local system id_dsa.pub key to the local /.ssh/authorized_key file. The installation can fail if the installation source system is not authenticated.
-
Run the following commands on the source installation system. These commands bring the private key into the shell environment and makes the key globally available for the user root:
# exec /usr/bin/ssh-agent $SHELL
# ssh-add
Identity added: /.ssh/identity
This is a shell-specific step and is valid only while the shell is active. You must execute the procedure again if you close the shell during the session.
-
To verify that you can connect to the target system, type the following command:
# ssh -l root target_sys uname -a
The commands should execute on the remote system without the system requesting a passphrase or password.
Note
You can configure ssh in other ways. Regardless of how ssh is configured, complete the last step in the example above to verify the configuration.
To configure ssh