Re: SSH commands to HMC

1. Openssl RPM retrieve and install on AIX client
Go to LINUX Toolbox for AIX Applications - Cryptograpic Content
Register yourself, and retrieve the following OpenSSL RPMS:
openssl-0.9.6k-1.aix4.3.ppc.rpm (1.3MB)
openssl-devel-0.9.6k-1.aix4.3.ppc.rpm (optional 1.14MB)
openssl-doc-0.9.6k-1.aix4.3.ppc.rpm (optional 421KB)
Ignore that these have aix4.3 in their names. As root on AIX, place them in a directory (e.g., /usr/sys/inst.images) and install:
rpm -i openssl-0.9.6k-1.aix4.3.ppc.rpm
2. Openssh fileset retrieve and install on AIX client
Go to OpenSSH on AIX Images Project: Summary
Retrieve file openssh361p2_51.tar.Z (for AIX 5.1) or openssh361p2_52.tar.Z (for AIX 5.2) and place it in a directory (e.g., /usr/sys/inst.images). As root on AIX, do
cd /usr/sys/inst.images
uncompress ./openssh361p2_51.tar.Z
tar -xvf./openssh361p2_51.tar
inutoc .
smitty install
openssh.base.client 3.6.1.5200
openssh.base.server 3.6.1.5200
openssh.license 3.6.1.5200
openssh.man.en_US 3.6.1.5200
openssh.msg.EN_US 3.6.1.5200
openssh.msg.en_US 3.6.1.5200
Be sure to select yes to accept new license agreements.
3. aixuser on AIX client generates public and private keys (ssh-keygen)
Login to AIX client machine as the designated aixuser
mkdir /home/aixuser/.ssh
ssh-keygen -t rsa
ssh-keygen -t dsa
Allow the keys to be stored in the default file location (/home/aixuser/.ssh/id_rsa), and press just press enter for no passphrase at the passphrase prompts. After these commands run, you will have public and private rsa and dsa keys:
ls -l /home/aixuser/.ssh
total 40
-rw------- 1 aixuser staff 736 Oct 02 11:27 id_dsa
-rw-r--r-- 1 aixuser staff 602 Oct 02 11:27 id_dsa.pub
-rw------- 1 aixuser staff 963 Oct 02 11:28 id_rsa
-rw-r--r-- 1 aixuser staff 222 Oct 02 11:28 id_rsa.pub
Proper permissions here are 600 for the private key files, and 644 for public key files. Private keys are to be protected. Public key files will be transferred to servers that aixuser wants to login to.
4. aixuser on AIX transfers public keys to user on HMC
aixuser on AIX will login as hmcuser on HMC, then transfer his public keys from the AIX system to the HMC
ssh hmc.domain.com -l hmcuser (answer prompt for hmcuser's password.)
cd .ssh
scp -p aixuser@xxxxxxxxxxxxxx:/home/aixuser/.ssh/*.pub . (answer prompt for aixuser's password).
cat *.pub >> ./authorized_keys2 (catenate aixuser's public keys onto hmcuser's authorized keys file)
Note:
At HMC code level 3.2.5 and above, the .ssh subdirectory for an HMC user is owned by root, and difficult to write keys into by the method above. Instead, do the following as aixuser on the aix system:
mykey=`cat $HOME/.ssh/id_rsa.pub`
ssh hmc.domain.com -l hmcuser mkauthkeys -a \"$mykey\"
5. aixuser runs script on AIX, which sends ssh commands to HMC
The script that follows is our example. aixuser answers prompt for passphrase required by keyfile, then script sends ssh commands to hmc machine specified.

#!/bin/ksh
#
# hmclook -m hmchostname -l hmcuser
#
#
hmc=
user=
key=
while getopts m:l: option
do
case $option in
m) hmc="$OPTARG";;
l) user="$OPTARG";;
esac
done

echo "HMC Information:"
echo ""
ssh $hmc -l $user 'date'
ssh $hmc -l $user 'hostname'
echo ""
ssh $hmc -l $user 'lshmc -n'
echo ""
ssh $hmc -l $user 'lshmc -r'
echo ""
ssh $hmc -l $user 'lshmc -v'
echo ""
echo "Managed systems/frames:"
ssh $hmc -l $user 'lssyscfg -r sys --all'
echo ""
echo "frame content - LPARS, profiles, etc.:"
for frame in `ssh $hmc -l $user "lssyscfg -r sys --all" | grep -v ^Name |awk '{print $1}'`
do
echo frame $frame:
ssh $hmc -l $user "lssyscfg -r lpar -m $frame --all"
echo ""
echo Memory in LPARs:
echo "allocated free lmb_size max min partition system partition_name"
ssh $hmc -l $user "lshwres -r mem -m $frame --all" | grep -v ^allocated
echo ""
for lpar in `ssh $hmc -l $user "lssyscfg -r lpar -m $frame --all" | grep -v ^Name | awk '{print $1}'`
do
ssh $hmc -l $user "lssyscfg -r prof -m $frame -p $lpar --all -z"
echo ""
done
done



Robert Lee Binkley
http://www.consumer.gov/idtheft/


----- Original Message ----
From: Bill Verzal <bjverzal@xxxxxxxxx>
To: aix-l@xxxxxxxxxxxxx
Sent: Monday, September 11, 2006 11:23:48 AM
Subject: Re: SSH commands to HMC


I don't know for sure, but I always use "ssh hscroot@hmc" to talk with it. I
don't know how 'ssh -l' and 'ssh @' differ in their implementation though.

BV

--- Andrew Garnett <andrewwdg@xxxxxxxxxxx> wrote:

All,

I am sending hmc commands to an HMC from a UNIX
command-line using ssh.
On the first call the connection times out (see
below).
On the subsequent call (immediately afterwards) it
connects and runs OK, as do any other iterations.
If I leave it a few minutes, I'm back to a timeout and
then it continues OK.

root@node9>ssh -l hscroot 10.26.10.21 date
ssh: connect to host 10.56.0.224 port 22: Connection
timed out

root@node9>ssh -l hscroot 10.26.10.21 date
Sun Sep 10 00:20:58 BST 2006

This is hopeless for scripting.Anyone know what causes
it ?





___________________________________________________________
All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease
of use." - PC Magazine
http://uk.docs.yahoo.com/nowyoucan.html



__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

Relevant Pages