PSSP 3.4 provides the option of running your RS/6000 SP system with an enhanced level of security, called Restricted Root Access (RRA). This function removes the dependency PSSP has to internally issue rsh and rcp commands as a root user from a node. When this function is enabled, PSSP does not automatically grant authorization for a root user to issue rsh and rcp commands from a node. If you enable this option, some procedures may not work as documented. For example, to run HACMP an administrator must grant the authorizations for a root user to issue rsh and rcp commands that PSSP would otherwise grant automatically.
In AIX 4.3.1, the AIX Remote Command suite was enhanced to support Kerberos Version 5 authentication through DCE. These commands include rsh, rcp, rlogintelnet, and ftp. For SP migration purposes, the AIX remote commands, rsh and rcp, were enhanced to call an SP-supplied Kerberos Version 4 set of rsh and rcp routines. Therefore, the AIX commands /usr/bin/rsh and /usr/bin/rcp (also in /bin/rsh and /bin/rcp) on the SP system support the following authentication methods:
The previously supplied remote commands are no longer shipped with PSSP. The /usr/lpp/ssp/rcmd/bin/rsh and /usr/lpp/ssp/rcmd/bin/rcp commands are now symbolic links to the AIX commands /usr/bin/rsh and /usr/bin/rcp respectively.
When using Restricted Root Access, check this list of potential problems and restrictions:
PSSP 3.4 provides the ability to remove the dependency that PSSP has on the AIX rsh and rcp commands issued as root, on the control workstation as well as on nodes, by enabling the use of a secure remote command method. It is the system administrator's responsibility to choose the secure remote command software and install it on the control workstation. This software must be installed and running, and the root user must have the ability to issue remote commands to the nodes and control workstation without being prompted for a password or passphrase, before the secure remote command facility is enabled for PSSP. All nodes must be at PSSP 3.2 or later releases before you can enable a secure remote command method.
When using the secure remote commands, the Restricted Root Access (RRA) must also be enabled, limiting the use of remote commands to secure remote commands from the control workstation to the nodes. When this function is enabled, PSSP will use the secure remote command methods enabled for all remote command calls, no longer relying on the AIX rsh and rcp commands.
A public key must be generated for the root ID on the contorl workstation and the boot/install server nodes, and installed on each node, along with the secure remote command software, to ensure that root can issue remote commands from the control workstation and any boot/install server nodes, to the other system nodes, without being prompted for a password or passphrase. Also, either StrictHostNameChecking must be disabled, or the system administrator must generate the known_hosts file such that the PSSP installation process can run without prompting from hostname checking.
To enable the secure remote command method, choose one of these options:
See Step 28 in PSSP: Installation and Migration Guide. The PSSP 3.4 system defaults to using rsh and rcp, and the bin/rsh and bin/rcp executables for remote commands.
PSSP uses three environment variables that can be set by the user, to determine whether the AIX rsh and rcp commands, or a secure remote command method, are in effect. The user can use these environment variables to override the SDR settings for PSSP commands.
It is important to keep these environment variables consistent and pointing to the remote command method that you wish to use. If all three environment variables are null, the default is:
If RCMD_PGM=secrshell and both DSH_REMOTE_CMD and REMOTE_COPY_CMD are null, the default is:
In addition, in PSSP 3.4 you have the ability to set Authorization for AIX Remote Commands to "none" when secure remote commands are enabled. When this is set, PSSP code will not automatically grant authorization for the root user to issue the rsh and rcp commands for a node or the control workstation. Instead, all PSSP remote commands will be run using the secure remote command method enabled. In order to set AIX Authorization for Remote Commands to "none" on any SP system partition , PSSP 3.4 must be installed on all nodes of that partition.
If "none" is enabled, certain functions and procedures may not work as documented. See PSSP: Administration Guide for enabling secure remote commands and the "none" option. Also, see Action 21 - Check installation with secure remote command option enabled for possible problems determination and resolution of secure remote command problems.