-
Log in as root on the source system from which you want to install the Veritas product.
-
To generate a DSA key pair on the source system, type the following:
# ssh-keygen -t dsa
System output similar to the following is displayed:
Generating public/private dsa key pair.
Enter file in which to save the key (//.ssh/id_dsa):
-
Press Enter to accept the default location of /.ssh/id_dsa. System output similar to the following is displayed:
Enter passphrase (empty for no passphrase):
-
Do not enter a passphrase. Press Enter: Enter same passphrase again:
Press Enter again.
-
Make sure the /.ssh directory is on all the target installation systems. If that directory is missing, create it on the target system and set the write permission to root only:
# mkdir /.ssh
# chmod go-w /
# chmod 700 /.ssh
# chmod go-rwx /.ssh
-
Make sure the secure file transfer program (SFTP) is enabled on all the target installation systems. To enable SFTP, the /etc/ssh/sshd_config file must contain the following two lines:
PermitRootLogin yes
Subsystem sftp /usr/lib/ssh/sftp-server
-
If the lines are not there, add them and restart SSH. To restart SSH on Solaris 10, type the following command:
# svcadm restart ssh
To restart on Solaris 9, type the following commands:
# /etc/init.d/sshd stop
# /etc/init.d/sshd start
-
To copy the public DSA key, /.ssh/id_dsa.pub to each target system, type the following commands:
# sftp
target_sys
If this is the first time this step is run on a system, output similar to the following displays:
Connecting to target_sys...
The authenticity of host 'target_sys (10.182.00.00)'
can't be established. DSA key fingerprint is
fb:6f:9e:61:91:9e:44:6b:87:86:ef:68:a6:fd:87:7d.
Are you sure you want to continue connecting (yes/no)?
-
Enter yes. Output similar to the following is displayed:
Warning: Permanently added 'target_sys,10.182.00.00'
(DSA) to the list of known hosts.
root@target_sys password:
-
Enter the root password.
-
At the sftp prompt, type the following command:
sftp> put /.ssh/id_dsa.pub
The following output is displayed:
Uploading /.ssh/id_dsa.pub to /id_dsa.pub
-
To quit the SFTP session, type the following command:
sftp> quit
-
To begin the ssh session on the target system, type the following command: #
ssh
target_sys
-
Enter the root password at the prompt:
password:
-
After logging in, enter the following command to append the authorization key to the id_dsa.pub file:
# cat /id_dsa.pub >> /.ssh/authorized_keys
-
To delete the id_dsa.pub public key file after it is copied to the target (host) system and added to the authorized keys file, type the following command:
# rm /id_dsa.pub
-
To log out of the ssh session, type the following command:
# exit
-
When installing from a source system that is also an installation target, add the local system id_dsa.pub key to the local /.ssh/authorized_key file. The installation can fail if the installation source system is not authenticated.
-
Run the following commands on the source installation system. These commands bring the private key into the shell environment and makes the key globally available for the user root:
# exec /usr/bin/ssh-agent $SHELL
# ssh-add
Identity added: /.ssh/identity
This is a shell-specific step and is valid only while the shell is active. You must execute the procedure again if you close the shell during the session.
-
To verify that you can connect to the target system, type the following command:
# ssh -l root
target_sys uname -a
The commands should execute on the remote system without the system requesting a passphrase or password.
Note
You can configure ssh
in other ways. Regardless of how ssh
is configured, complete the last step in the example above to verify the configuration.