[AIX Solaris HP-UX Linux Windows]

Installing a Secure Shell (SSH) public key to access remote workstations for Version 6.1.x and 7.x

To use Secure Shell (SSH) public/private key as an authentication method for accessing your remote workstations, you must first install the public key of a public/private key pair on the installation targets. You can then securely connect to the remote workstation by using the corresponding private key. Use this topic to install the SSH public key on one or more installation targets.

Before you begin

Supported configurations Supported configurations: This topic applies to WebSphere Application Server Version 6.1.x and 7.x only. For information about using centralized installation manager (CIM) for Version 8.5, see Submitting Installation Manager jobs.sptcfg
To successfully complete this task, you must have SSH installed and enabled on the installation target. First create a pair of keys, and install the public key on all the installation targets. Issue the following command to ensure that SSH is started on the workstation:
ps -e | grep sshd
You can generate an RSA private key and its corresponding public key using the ssh-keygen command in the following example:
ssh-keygen -t rsa 

Take the default location for storing the private key and make note of it. If you specify a non-empty string for the passphrase prompt, make sure you remember the string because you will need it when you want to use the generated private key.

Additionally, you must know the location of the SSH public key file on the deployment manager, and the administrative ID and password for the installation target. This is the same administrative ID and password that you use to later install or uninstall software packages on the same installation target.

About this task

UNIX and Linux platforms generally support the use of SSH protocol. For Windows operating systems, however, you might have to install third-party software to use SSH protocol. Read the "Using the Secure Shell authentication method on target Windows operating systems" topic for more information.

With the centralized installation manager (CIM) , you can install product packages and maintenance for distributed platforms directly from the administrative console. Complete the steps that are outlined in the wizard to install the SSH public key, which uses the SSH protocol to communicate with the installation targets.

Procedure

  1. To access the wizard from the administrative console, click System administration > Centralized Installation Manager > Installation targets.
  2. Select one or more existing installation targets from the table, and click Install SSH Public Key.
  3. Select the appropriate password settings, and click Next. You can either select to specify the same user name and password to access all of the installation targets, or you can configure individual user names and passwords for each installation target.
  4. Specify the location of the SSH public key file on the deployment manager, and click Next.
  5. Review the summary of your selections, and click Finish to complete the installation process. Click Previous to change any of your selections.

Results

You successfully installed the SSH public key on specific installation targets.

Alternate key installation
  • If you had previously installed the SSH public key on the remote workstations through some other method outside of the CIM, skip the steps outlined in this section. You can update the SSH public key installation records kept by the CIM using an AdminTask command. The Administrator must first save the user name to be used with the SSH key to access the target host, and then invoke the relevant AdminTask commands:
    1. Log in to the administrative console.
    2. Navigate to the CIM "Installation Targets" panel.
      1. Click on the target host name.
      2. On the resulting page, fill in the user name field and click Save.
      3. Repeat this for all target hosts that have the SSH public key installed outside of CIM.
    3. Update the SSH public key installation records using the updateKeyInstallationRecords AdminTask command:
      • Using Jacl:
        $AdminTask updateKeyInstallationRecords {-add "abc.com,river.com"}
        $AdminTask listKeyInstallationRecords
      • Using Jython:
        AdminTask.updateKeyInstallationRecords ('[-add "abc.com,river.com"]')
        print AdminTask.listKeyInstallationRecords()
Troubleshooting
  • If your deployment manager is on a Windows system and you have generated a public-private key pair to use SSH authentication with remote target hosts running on UNIX-based platforms such as AIX or Linux, CIM might not be able to access the private key store on the deployment manager system. If you had generated a public-private key pair on your Windows workstation using the OpenSSH package that is part of the CYGWIN software, the private key store is protected and is accessible only to the user account that creates the key pair. However, the default setup for WebSphere Application Server on Windows operating system is to have the server running under the local SYSTEM account.
    To allow CIM to access the private key store you must also grant the local SYSTEM account read permission to the private key store:
    1. From the Windows Explorer navigate to the private key store, right click the key store file name, id_rsa, for example, and select Properties.
    2. Select the Security tab and add the SYSTEM account giving Read and Read & Execute permissions to the account.
    3. Click OK.

What to do next

You can install the same SSH public key on other installation targets to securely access all of your workstations.

Task topic    

Terms and conditions for information centers | Feedback

Last updated: April 20, 2014 09:36 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-nd-dist&topic=tins_cim_targets_ssh
File name: tins_cim_targets_ssh.html