Managing External Server Connections

About this task

Scheduled Tasks can be created with one or more Run External Script actions. This type of action defines the server and the credentials needed for the Scheduled Task to SSH to that server in order to issue the specified command or script. This section describes the Managing External Server Connections dialog which allows you to define and manage a server connection which can be used for multiple Scheduled Tasks. Server Connections can be setup using a userid/password or they can be setup using a userid/SSH key pair.

To manage external server connections go to the Scheduled Tasks panel click on the External Server Connections button. Or alternatively, you can click on the Select Server button when adding or modifying a Run External Script task action. The procedures below describe the possible actions available for managing the external server connection.
Note: In order to setup a Scheduled Task Run External Script action, for security reasons, the user must know the password for the user defined in the server connection. Even if the server connection is already defined and even if the connection is setup with an SSH key pair, you will be prompted for a password to ensure that you have proper access to that server before any commands can be setup to get executed through the Run External Script action.

Procedure

  1. SELECTING AN EXISTING SERVER CONNECTION

    If adding or modifying a Run External Script task action, and the server is already defined, select the desired server and click on the OK button. See the Note above indicating that you will be prompted to enter the password for the selected server to ensure you have the authority to setup this action to the server.

  2. REMOVING A SERVER CONNECTION
    If removing a server connection, select the server connection you want to remove and click the Remove Server button.
    Note: A server connection cannot be removed if it is currently defined in an Run External Script action for any Scheduled Task.

  3. TESTING A SERVER CONNECTION

    In order to test that the connection still has a valid userid and password or SSH key pair defined, you can select a server connection and click the Test Connection button.

  4. ADDING A NEW SERVER CONNECTION

    To add a new Server Connection, click the Add Server button and fill in the following information:

    Hostname -
    • Specify the hostname or IP address of the server the command will be issued on.
    Port (optional) -
    • Optionally specify the port that will be used to SSH to the server. Default port is 22.

    What Authentication Method should be used? -

    • Choose to connect via userID/password or userID/SSH key pair. Fill in the information according to the connection type.

      UserID / Password
      • UserID - Enter the userID that will be used to authenticate with the server.
      • Password - Enter the password for the userID specified, that will used to authenticate with the server.

      SSH Key Pair
      • UserID - Enter the userID that will be used to authenticate with the server.
      • Operating System - Select the type of Operating System for the server defined in the hostname field. Options are Windows, Linux/AIX or z/OS.
        Note: When initially defining a server connection with an SSH key pair, the Copy Services Manager server will automatically generate a key pair for the server. To generate a new key pair, select Modify Server and check the "Generate a new key pair" option. After the server connection is defined the SSH key can be exported and then applied to the remote server. See instructions below for exporting the key pair.

  5. EXPORTING SSH KEY AND APPLYING IT TO THE REMOTE SERVER

    After defining a server connection with an SSH key pair, the key must be applied on the server in order to validate the connection. Perform the following steps to apply the key to the external server.

    1. Select the server that you want to apply the SSH key to and click the Export Key button. Only server connections with the Authentication Type of SSH Key can export a key.

    2. Click the link in the dialog box to download the .pem key file to your system. The .pem file holds the key pair created between the Copy Services Manager server and the remote server.

    3. Copy the .pem file to the remote server (if it wasn't downloaded on that server).

    4. Convert the .pem file to a public key. This can be done using the ssh-keygen command below, where CSM-hostname.pem is the file you downloaded in step b and id_rsa.pub is the file name of your choice where the public key will be located.

      ssh-keygen -i -m PKCS8 -f CSM-hostname.pem > id_rsa.pub

    5. Add the public key to the authorized keys for the server. The key needs to be added to a special file within the user account you will be logging into called ~/.ssh/authorized_keys. One option for adding the public key to that file is use the cat function and piping the output into the authorized_keys file.

      cat id_rsa.pub>>authorized_keys

    6. Return to the Copy Services Manager server and open the External Server Connections dialog.

    7. Select the server and click the Test Connection button to validate the Copy Services Manager can now SSH to the server via the SSH key pair.

    8. You can now add the server connection to any Run External Script Scheduled Task actions.