Creating Trusted Host Relationships

User Access: Managers

Adding a trusted host relationship is one way to allow for passwordless access and thus is a means for one-to-many scripting. Once a host equivalence relationship has been created with a client, users on that client can remotely execute commands on the Service Processor without being prompted for a password, provided one of the following conditions is met:

If the login is authorized by means of a directory service group mapping, the ssh command is executed as the proxy user on the Service Processor, either rmonitor, radmin, or rmanager.

Support is available for SSH protocol version 2 key types (RSA or DSA) only.

If DNS is enabled on the Service Processor, the client machine must be specified with its DNS name, not an IP address.

The Current Authentication displays above the table.

The Settings table contains the current trusted hosts configuration:

Setting Description
New Host The hostname and IP address of the host with which the trust relationship will be created.
Public Key The public host key of the specified host.
Host The name and IP address of a host with which a trust relationship exists.

Generating Host Keys

The host’s SSH install should generate the host keys. If it does not, follow these steps to manually generate the key pair:

  1. Enter the following command:
    ssh-keygen -q -t rsa -f rsa_key -C '' -N ''
  2. Move rsa_key to /etc/ssh/ssh_host_rsa_key.
    Move rsa_key.pub to /etc/ssh/ssh_host_rsa_key.pub.
  3. Ensure that only root has read or write permissions to /etc/ssh/ssh_host_rsa_key.
    The ssh_host_rsa_key.pub file is the file you will transfer to the Service Processor.

    NOTE: Only protocol version 2 key types and 1024 bit key sizes (the default generated by ssh-keygen) are supported.
  4. Copy the host’s public key (the ssh_host_rsa_key.pub file) to the Service Processor using scp (secure copy) or by copying the host key to an external file system that has been mounted on the Service Processor.

    NOTE: Use scp to copy the files to either /tmp or to your home directory. The sp commands will then install the file specified on the command line.

    NOTE: If DNS is enabled on the Service Processor, you must specify the client that is used in the trust commands with the DNS name (not the IP).

 

Creating a Trusted Host Releationship

SM Console Usage:

To create a trusted host relationship, follow these steps:

  1. Click Access Control Trusted Hosts from the menu bar.
  2. Enter the name of the new host.
  3. Enter a public key, or click the Browse button to search for a key.
  4. Click the button.

SM Command Usage:

You can also use the trusted hosts subcommands to perform this function at the command line.

Related Topics

Creating the Initial Manager Account

Adding a New User

Logging Out

Mapping Directory Service Groups

Managing Local Users

Configuring Directory Services

Changing Passwords

Adding Public Keys