Command-line interface

The command-line interface (CLI) is a collection of commands that you can use to manage the system.

Overview

The CLI commands use the Secure Shell (SSH) connection between the SSH client software on the host system and the SSH server on the system.

Configuring SSH access provides a greater range of functionality including tools that the IBM support team needs to use to perform system repair actions.

To use the CLI from a client system, complete the following steps:
  • Install and set up SSH client software on each system that you plan to use to access the CLI.
  • Authenticate to the system by using a password.
  • Use an SSH public key if you require command line access without entering a password. Then, store the SSH public key for each SSH client on the system.
    Note: After the first SSH public key is stored, you can add SSH public keys by using either the management GUI or the CLI.

Use the CLI to configure and manage the system. See the CLI reference for full details on the set of commands available.

CLI commands generally give feedback whether or not the command ran. Check the audit log or event log (for configuration events, for example) after you specify a command to verify successful completion.

Setting up SSH access

Secure Shell (SSH) is a client/server network application. It is used as a communication vehicle between the host system (for example, a laptop computer) and the system command-line interface (CLI).

Associate the public key with a user on the clustered system using the management GUI.

The system acts as the SSH server in this relationship. You can configure the SSH access to use a username and password, or an RSA-based SSH key pair for authorization.

SSH sessions have a timeout value, when the session is automatically closed. The default is 15 minutes and can be changed using the chsecurity CLI command.

For multifactor authentication, IBM Security Verify communicates with the system and uses a PAM module to handle second factor authentication for SSH logins. For more information about multifactor authentication, refer to the Multifactor authentication.

If you were to issue the lsuser command, which lists the SSH client public keys that are stored on the system, the following output is displayed when ssh_key=yes:
IBM_2145:cluster0:superuser>lsuser 
id name      password ssh_key remote usergrp_id usergrp_name 
0  superuser yes      yes     no     0          SecurityAdmin 
1  smith     no       yes     no     4          Monitor 
2  jones     no       yes     no     2          CopyOperator