Administration Guide
|A secure remote command process can be enabled to be used by the PSSP
|software instead of the AIX authenticated remote commands rsh and
|rcp.
|You must have PSSP 3.4 and the secure remote command software
|running on the control workstation, PSSP 3.2 or later on all the nodes,
|and enable the restricted root access option before you can enable the secure
|remote command process. Then you can proceed to the rest of the PSSP
|security configuration.
|You must have already obtained, installed, and configured the secure remote
|command software that you want to use on the control workstation. Your
|secure remote command process must honor the following criteria:
|
- |It conforms to the IETF Secure Shell protocol.
- |The secure remote commands can be run by the PSSP 3.4 software as
|root from the control workstation to the nodes without password or passphrase
|prompts. This normally means the following:
|
- |The root public key generated on the control workstation is installed on
|the control workstation and all the nodes.
- |The root public key generated on a boot-install server (BIS) node is
|installed on the control workstation, the BIS node, and on all the nodes it
|serves.
- |A known_host file has been generated on the control workstation
|and the BIS nodes for all nodes or StrictHostKeyChecking is
|disabled to ensure that the PSSP scripts and commands are not prompted for
|passwords or passphrases. Prompting to the scripts will cause a
|hang.
|
- |The BIS node still has rsh and rcp authorization for
|root access to NIM. See Boot-install servers.
|
[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]