For hosts running on Windows operating systems, support
for SSH protocol requires the addition of a third-party product such
as SSH on CYGWIN on the target Windows host and the software package
you are installing will be installed under CYGWIN. Since WebSphere
Application Server does not officially support installing under CYGWIN,
this tool has only been tested to verify that centralized installation
manager (CIM) can be used to install a software package on Windows
targets using the SSH public/private key authentication. Other SSH
support for Windows operating systems has not been tested and is not
supported by CIM.
Before you begin
Use the information provided in this topic only if you
want to use the SSH public/private key authentication method to access
remote target workstations that are running any of the Windows operating
systems. You can skip this topic if you plan to use the user name
and password authentication method to access the installation targets.
Ensure
CYGWIN SSH server is installed on the Windows target workstation.
In
a typical setup of the CYGWIN sshd server running as a Windows service,
the server runs under the Local SYSTEM account (or for a Windows 2003
Server, runs under a local account, sshd_server )
specifically created with special privileges to run the service. With
an SSH server configured and started on the Windows target, the server
authenticates user logins using a public/private key-pair. With this
setup, however, installation programs that are located on the Windows
target and invoked by the centralized installation manager—which is
using SSH public/private key authentication to gain access to the
target workstation—are run using the identity of the account under
which the SSH server is running. This causes problems with certain
centralized installation manager operations when the files or directories
on the target system, which the operation is to operate on, were created
using different identities. To work around this, change the service
that the CYGWIN sshd server runs under to log on with the same account, root,
which is used to install software on that specific target Windows
workstation.
Restriction: When installing WebSphere
Application Server Version 8.5 on Windows targets using SSH public/private
key authentication, do not specify installation directory path with
one or more spaces within the path. Having spaces within the installation
path will cause failure in some Windows bat files
when the input argument also contains spaces.
Assuming that
a local ID root that has Administrator authority
to install software on the Windows workstation has been created, complete
the following steps to change the CYGWIN sshd server to run under
the ID root:
Procedure
- Change the login ID of the CYGWIN sshd service.
- From the Windows Start menu, click .
- From the Services window, right-click CYGWIN
sshd, and select Properties.
- From the Properties window, select the General tab,
and click Stop to stop the sshd service.
- Next, select the Log on tab. Under the Log on as section
or prompt, clear the Local System account radio
button, and select This account.
- Type .\root as the ID and type
the password for the account. Click Apply.
- Grant additional rights to the root account.
Ensure that the account has the required privileges in addition to
membership to the Administrators group.
- From the Windows Start menu, click .
- From the Local Security Settings window, expand Local
Policies, and select User Rights Assignment.
- From the resulting page that is displayed on the right,
verify that the root account has the following
four rights:
- Adjust memory quotas for a process
- Create a token object
- Log on as a service
- Replace a process level token
If not, add root as a user with the four
rights.
- Close the Local Security Settings window.
- From a CYGWIN console panel, change ownership of the following
directories and files to root:
- chown root /var/log/sshd.log
- chown -R root /var/empty
- chown root /etc/ssh*
- Restart the CYGWIN sshd service.
From the
Properties page of the CYGWIN sshd service, select the General tab,
and click Start. Verify that the service is
now running under the root user account.
Results
You can now install product packages and maintenance to
your Windows target workstations.
Troubleshooting: You might receive the following error
trying to connect to your Windows workstation using a non-administrator
user ID and password:
XCIM0010E: An error occurred while connecting to the remote target ip_address.
Cause: CTGRI0011E An error occurred when accessing the remote registry or service control manager.
Many
operations that CIM performs require access to resources that are
not generally accessible by ordinary user accounts. Therefore, the
account names that you use to log onto remote Windows machines must
have administrative privileges. The simplest way is to add the user
account to the Administrators group using the following steps:
- Right click My Computer from your Windows
desktop and select Manage.
- Expand Local Users and Groups on the resulting
Computer Management windows and select the Users folder.
- On the right panel, double-click the user account to open the
Properties window for that account.
- Select the Member Of tab, and add the Administrators
group to the list of groups that this account belongs to.
What to do next
From the administrative console, click .