[IBM i]

Using the Secure Shell (SSH) authentication method on target Windows operating systems

For hosts running on Windows operating systems, support for SSH protocol requires the addition of a third-party product such as SSH on CYGWIN on the target Windows host and the software package you are installing will be installed under CYGWIN. Since WebSphere Application Server does not officially support installing under CYGWIN, this tool has only been tested to verify that centralized installation manager (CIM) can be used to install a software package on Windows targets using the SSH public/private key authentication. Other SSH support for Windows operating systems has not been tested and is not supported by CIM.

Before you begin

Use the information provided in this topic only if you want to use the SSH public/private key authentication method to access remote target workstations that are running any of the Windows operating systems. You can skip this topic if you plan to use the user name and password authentication method to access the installation targets.

Ensure CYGWIN SSH server is installed on the Windows target workstation.

In a typical setup of the CYGWIN sshd server running as a Windows service, the server runs under the Local SYSTEM account (or for a Windows 2003 Server, runs under a local account, sshd_server ) specifically created with special privileges to run the service. With an SSH server configured and started on the Windows target, the server authenticates user logins using a public/private key-pair. With this setup, however, installation programs that are located on the Windows target and invoked by the centralized installation manager—which is using SSH public/private key authentication to gain access to the target workstation—are run using the identity of the account under which the SSH server is running. This causes problems with certain centralized installation manager operations when the files or directories on the target system, which the operation is to operate on, were created using different identities. To work around this, change the service that the CYGWIN sshd server runs under to log on with the same account, root, which is used to install software on that specific target Windows workstation.

Restriction: When installing WebSphere Application Server Version 8.5 on Windows targets using SSH public/private key authentication, do not specify installation directory path with one or more spaces within the path. Having spaces within the installation path will cause failure in some Windows bat files when the input argument also contains spaces.

Assuming that a local ID root that has Administrator authority to install software on the Windows workstation has been created, complete the following steps to change the CYGWIN sshd server to run under the ID root:

About this task

Procedure

  1. Change the login ID of the CYGWIN sshd service.
    1. From the Windows Start menu, click Settings > Control Panel > Administrative Tools > Services.
    2. From the Services window, right-click CYGWIN sshd, and select Properties.
    3. From the Properties window, select the General tab, and click Stop to stop the sshd service.
    4. Next, select the Log on tab. Under the Log on as section or prompt, clear the Local System account radio button, and select This account.
    5. Type .\root as the ID and type the password for the account. Click Apply.
  2. Grant additional rights to the root account. Ensure that the account has the required privileges in addition to membership to the Administrators group.
    1. From the Windows Start menu, click Settings > Control Panel > Administrative Tools > Local Security Policy.
    2. From the Local Security Settings window, expand Local Policies, and select User Rights Assignment.
    3. From the resulting page that is displayed on the right, verify that the root account has the following four rights:
      • Adjust memory quotas for a process
      • Create a token object
      • Log on as a service
      • Replace a process level token

      If not, add root as a user with the four rights.

  3. Close the Local Security Settings window.
  4. From a CYGWIN console panel, change ownership of the following directories and files to root:
    • chown root /var/log/sshd.log
    • chown -R root /var/empty
    • chown root /etc/ssh*
  5. Restart the CYGWIN sshd service.

    From the Properties page of the CYGWIN sshd service, select the General tab, and click Start. Verify that the service is now running under the root user account.

Results

You can now install product packages and maintenance to your Windows target workstations.

What to do next

From the administrative console, click System administration > Centralized Installation Manager > Installation targets.

Task topic    

Terms and conditions for information centers | Feedback

Last updated: April 20, 2014 09:55 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-nd-iseries&topic=tins_cim_targets_ssh_windows
File name: tins_cim_targets_ssh_windows.html