Access Add Trust Subcommand

access: Managers

Creates a host-based trust relationship for the specified host. Adding host-based trusts provides many-to-one scripting solutions. Once a host equivalence relationship has been created with a client, users on that client can remotely execute commands on the Service Processor without being prompted for a password, provided one of the following conditions is met:

their login on the client has the same username as a local user on the Service Processor
their login on the client is in a directory service group that is mapped to a Service Processor administrative group

access add trust {-c | --client} HOST {-k | --keyfile} PUBLIC KEY FILE

Arguments	Description
`{-c \| --client}`	Specifies the host for which to create the relationship.
`{-k \| --keyfile}`	Specifies the public key file.

If the login is authorized by means of a directory service group mapping, the ssh command is executed as the proxy user on the Service Processor, either rmonitor, radmin, or rmanager.

Support is available for SSH protocol version 2 key types (RSA or DSA) only.

If DNS is enabled on the Service Processor, the client machine must be specified with its DNS name, not an IP address.

Generating Host Keys

The host’s ssh install should generate the host keys. If it does not, follow these steps to manually generate the key pair:

Enter the following command:
ssh-keygen -q -t rsa -f rsa_key -C '' -N ''
Copy rsa_key to /etc/ssh/ssh_host_rsa_key.
Ensure that only root has read or write permission to this file. The rsa_key.pub file is the file you will transfer to the Service Processor.
NOTE: Only protocol version 2 key types and 1024 bit key sizes (the default generated by ssh-keygen) are supported.
Copy the host’s public key (the rsa_key.pub file) to the Service Processor using scp (secure copy) or by copying the host key to an external file system that has been mounted on the Service Processor.
NOTE: Use scp to copy the files to either /tmp or to your home directory. The sp commands will then install the file specified on the command line to /pstore.

NOTE: If DNS is enabled on the Service Processor, you must specify the client that is used in the trust commands with the DNS name (not the IP).

Return Codes

Following are the return values for this command:

Code	Numeric Code	Description
NWSE_Success	0	Command successfully completed.
NWSE_InvalidUsage	1	Invalid usage: bad parameter usage, conflicting options specified.
NWSE_RPCTimeout	2	Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
NWSE_RPCNotConnected	3	Unable to connect to the RPC server.
NWSE_NoPermission	6	Not authorized to perform this operation.
NWSE_FileError	18	File open, missing, or read or write error occurred. Unable to open or read the public key file.
NWSE_Exist	19	A trust relationship is already present for the specified host.