IBM Books

Installation and Migration Guide

|Enabling a secure remote command method

| |

|PSSP 3.4 gives you the ability to have the PSSP system management |software use a secure remote command process in place of the AIX rsh |and rcp commands when restricted root access is enabled. You |can acquire, install, and configure any secure remote command software of your |choice. With restricted root access and a secure remote command process |enabled, the PSSP system management software has no dependency to internally |issue rsh and rcp commands as a root user from the control |workstation to nodes, from nodes to nodes, nor from nodes to the control |workstation. Refer to RS/6000 SP: Planning, Volume 2, |Control Workstation and Software Environment for additional planning |information.

|Note:
A secure remote command method can be enabled only if all nodes are at PSSP |3.2 or later. |

|Steps to enable a secure remote command method include: |

  1. |Acquire the appropriate secure remote command software. Install, |configure, and start this software on your control workstation.
  2. |If your nodes are already installed, install, configure, and start the |secure remote command software on the nodes. The sample provided in |/usr/lpp/ssp/samples/script.cust should be reviewed. It |provides an example of how to install and configure a particular secure remote |command package.
  3. |Verify that secure remote commands are functioning properly from the |control workstation to the nodes. There must be no password |prompts.
  4. |Add an entry to /etc/inittab on both the control workstation and |the nodes to automatically start the secure remote command daemon during |reboot. It should be started immediately after tcpip.
  5. |Use the spsitenv command to enable PSSP use of the secure remote |command method. Refer to Step 30: Enter site environment information.
  6. |For future installations, you must update the script.cust |file to install the secure remote command software package. Refer to Step 61: Perform additional node customization and Appendix E, User-supplied node customization scripts. Even if you choose not to install |your secure remote command software package using script.cust, |you must still modify your script.cust file to add an entry to |/etc/inittab to start your secure remote command daemon. This |insures that the secure remote command daemon starts early enough, even during |node customization. |

[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]