Configuring the Client for Scripting

User Access: Administrators

Follow these steps to configure a client machine on which you will run scripts:

Create a manager level-user on both the client machine and the Service Processor.
Define a hostname for the Service Processor (as used in the examples, sp.test.com).
Define a hostname for the client machine (as used in the examples, client.test.com).
Verify that both the Service Processor and the client machine can resolve each other's addresses.

The configuration instructions are the same for a Linux environment or a Windows environment, even though Windows does not natively support the Service Processor trusted host relationship feature.

To enable scripting from a Windows environment, you must first install a Unix/Linus-on-Windows toolset that supports SSH. Cygwin, which is available as a free download, is one of these toolsets. To install Cygwin:

Navigate to www.cygwin.com.
Click on one of the many "Install Cygwin now!" links to launch the installer.
Choose to "Install from the Internet" and select a mirror.
When presented with a list of packages to install, choose Net/OpenSSH.
Complete the install.

(Instructions below are for Windows or Linux Environments.)

Enabling SSH Access Using Trusted Hosts

Follow these steps to add users to the local /etc/password file to attempt trusted host access to the Service Processor:

Set up your host keys:
a. Launch an SSH client. (On Windows, launch a Cygwin Bash shell.)
b. Execute ssh-host-config to create both dsa and rsa keypairs:
/etc/ssh_host_dsa_key, /etc/ssh_host_dsa_key.pub
/etc/ssh_host_rsa_key, and /etc/ssh_host_rsa_key.pub
The key pairs are created in /etc on Windows and in /etc/ssh on Unix/Linux machines.
c. Create or modify the file /etc/ssh_config to ensure it contains the following entry:
Host *
HostbasedAuthentication yes

Note: If you have OpenSSH version 3.4 or newer, also add:
EnableSSHKeysign yes
Issue the following commands as a manager level user on the client to establish a trusted host relationship:
a. Copy the client key to /tmp on the Service Processor.
scp /etc/ssh/ssh_host_dsa_key.pub manager1@sp.test.com:/tmp
b. Authenticate yourself as a manager for the scp command.
c. Add the client key to the set of trusted hosts for this Service Processor.
ssh sp.test.com access add trust -c client.test.com -k /tmp/ssh_host_dsa_key.pub
d. Authenticate yourself as a manager for the ssh command.

From this point, any user with the same login on both sp.test.com and client.test.com have access without requiring a password to the like-named account on the sp.test.com.

Generating a Key Pair

Follow these steps to set up your host keys:

Launch an SHH client.
On Windows, launch a Cygwin Bash shell. Scripting from a Windows client requires yout o install a Unix/Linux-on-Winodws toolset that supports SSH.
Execute ssh-host-config to create both DSA and RSA keypairs:
/etc/ssh_host_dsa_key
/etc/ssh_host_dsa_key.pub
/etc/ssh_host_rsa_key
/etc/ssh_host_rsa_key.pub
The key pairs are created in /etc for Windows and in /etc/ssh on Unix/Linux machines.

Enabling SSH Access Using Public Keys

Follow these steps to install public keys to enable SSH access.

Set up your host keys.
a. Launch an SSH Client. On Windows, launch a Cygwin Bash shell.
b. Execute ssh-host-config to create both dsa and rsa keypairs:
/etc/ssh_host_dsa_key, /etc/ssh_host_dsa_key.pub
/etc/ssh_host_rsa_key, and /etc/ssh_host_rsa_key.pub
The key pairs are created in /etc on Windows and in /etc/ssh on Unix/Linux machines.
Install your public key using the access add public key command.
For example, run the following commands on the client machine:
ssh-keygen -t dsa -b 1024

This command generates ~/.ssh/id_dsa and ~/.ssh/id_dsa.pub.

scp ~/.ssh/id_dsa.pub <ip address of service processor>:/tmp

Enter your password when prompted.

ssh <ip address of service processor>
access add public key -k /tmp/id_dsa.pub

Enter your password when prompted.

ssh <ip address of service processor> rm -f /tmp/id_dsa.pub

From this point, you have access without requiring a password.