Setting up db2locssh

You can configure db2locssh so that you can install the Db2® pureScale® feature without enabling remote root login and passwordless SSH.

 /etc/ssh/sshd_config:
 PermitRootLogin no #disabled  

 systemctl restart sshd

 /etc/init.d/sshd restart

 stopsrc -s sshd 
 startsrc -s sshd

To configure db2locssh:

1. Create a non-root user ID (db2sshid) on all the hosts with same UID and GID. The db2sshid is used to establish a Secure Shell (SSH) network protocol between a local host and a remote host.
   Note: At any time, you can have only one non-root user (db2sshid) configured for db2locssh.
2. Run the setup_db2locssh script from the media path as a root user on all the hosts.

   ./setup_db2locssh <db2sshid>

   The utility is located under <media path>/db2/<platform>/utilities.

   The script generates two pairs of keys as follows:

   • Pair of RSA public and private keys for the root: root@host.priv and root@host.pub under /var/db2/db2ssh
   • Pair of RSA public and private keys for SSH user: id_rsa and id_rsa.pub under $HOME/.ssh where $HOME is the home directory of db2sshid.
3. Exchange the root public keys, root@host.pub that are generated under /var/db2/db2ssh on all the hosts. After this exchange every host has the public keys of all other hosts under/var/db2/db2ssh.
   For example, if hostA and hostB are the names of the hosts, exchange the root public keys as follows:

   • Copy the root public key of hostA, root@hostA.pub to hostB under the location /var/db2/db2ssh
   • Copy the root public key of hostB, root@hostB.pub to hostA under the location /var/db2/db2ssh
4. As an SSH user (db2sshid), create a file that is called authorized_keys under $HOME/.ssh where $HOME is the home directory of db2sshid. Append the contents of each public key id_rsa.pub from each host to the authorized_keys file.
5. Copy the authorized_keys file to the $HOME/.ssh directory on each host where, $HOME is the home directory of db2sshid.
6. Run the chmod 644 authorized_keys command to change the permission of authorized keys on all the hosts.
7. Log in to each host as an SSH user (db2sshid) and SSH to all the hosts to confirm whether you are able to communicate across all the hosts without a password prompt.

   For example, if there are two hosts, hostA and hostB, do as follows:

   • On hostA as an SSH user (db2sshid):

     ssh <hostA>

     ssh <hostB>

   • On hostB as an SSH user (db2sshid):

     ssh <hostA>

     ssh <hostB>

   Note: Authenticate the following items to populate the known_hosts file with the necessary fields:

   • The long and short qualified hostnames.
   • The long and short qualified netnames.
8. Run the remote commands to verify the db2locssh configuration.

   For example, if there are two hosts hostA and hostB, do as follows:

   • On hostA as a root user, run the remote command:

     /var/db2/db2ssh/db2locssh hostB 'hostname'

     The command output is hostB.

     /var/db2/db2ssh/db2locssh hostA 'hostname'

     The command output is hostA.

   • On hostB as a root user, run the remote command:

     /var/db2/db2ssh/db2locssh hostB 'hostname'

     The command output is hostB.

     /var/db2/db2ssh/db2locssh hostA 'hostname' .

     The command output is hostA.

   If the db2locssh command fails, perform the following checks:

   • Check whether you run the db2locssh /var/db2/db2ssh/db2locssh command as a root user.
   • As a non-root SSH user (db2sshid), confirm if you are able to SSH to all the hosts without a password prompt.
   • Check whether the clocks across the hosts are synchronized.
   • Check operating system logs for more information on db2locssh command failure.
   • Contact IBM® support, if you are unable to resolve the problem.