subscribe iconSubscribe to this information

Installing OpenSSH software tools

Use this procedure to download and install OpenSSH software tools on an AIX® logical partition. OpenSSH must be set up so that you can facilitate authentication and communication between the Partition Load Manager server and the controlling Hardware Management Console (HMC).

Whenever the Partition Load Manager satisfies a resource request, it uses remote HMC commands to gather partition information and initiate dynamic logical partitioning operations. The HMC must be enabled for OpenSSH by activating the Enable/Disable Remote Command Execution task on the HMC.

When you are setting up a user on the HMC for OpenSSH, specify one of the following roles:

  • System administrator
  • Service representative
  • Advanced operator

Before you can use OpenSSH, there must be a user on the HMC that has remote command enabled. This user must exchange ssh keys with the configured HMC user, but does not have to be the same user as the plmuser ID.

OpenSSH software tools support the SSH1 and SSH2 protocols. The tools provide shell functions where network traffic is encrypted and authenticated. OpenSSH is based on client and server architecture. OpenSSH runs the sshd daemon process on the AIX host and waits for the connection from clients. It supports public-key and private-key pairs for authentication and encryption of channels to ensure secure network connections and host-based authentication. For more information about OpenSSH, including the man pages, see http://www.openssh.org.

The OpenSSH software is included on the AIX 5.3 Expansion Pack. This version of OpenSSH is compiled and packaged as installp packages using the openssh-3.7.1p2 level of source code. The installp packages include the man pages and the translated message filesets. The OpenSSH program contained in the Expansion Pack CD-ROM media is licensed under the terms and conditions of the IBM® International Program License Agreement (IPLA) for Non-Warranted Programs.

Before installing the OpenSSH installp format packages, you must install the Open Secure Sockets Layer (OpenSSL) software that contains the encrypted library. OpenSSL is available in RPM packages from the AIX Toolbox for Linux® Applications Web site.

Because the OpenSSL package contains cryptographic content, you must register on the Web site to download the packages. You can download the packages by completing the following steps:

  1. Access the AIX Toolbox for Linux Applications Web site.
  2. Click the AIX Toolbox Cryptographic Content link on the right side of the page.
  3. Click Sign in and sign in using your IBM ID, or click register now and register for a new IBM ID. The license agreement page is displayed when you are done.
  4. Click View license to read the license.
  5. If you agree to the license terms, select I agree and click I confirm.
  6. Scroll to the OpenSSL — SSL Cryptographic Libraries section of the download page.
  7. Click Download Now! under each rpm package that you want to download.

After you download the OpenSSL package, you can install OpenSSL and OpenSSH.

  1. Install the OpenSSL RPM package using the geninstall command, as follows: 
    # geninstall -d/directory R:openssl-0.9.6g
    where directory is the name of the directory to which you downloaded the OpenSSL package. Output similar to the following displays: 
    SUCCESSES
---------
openssl-0.9.6g-3
  2. Install the OpenSSH installp packages using the geninstall command, as follows: 
    # geninstall -Y -d/directory I:openssh.base
    Use the -Y flag to accept the OpenSSH license agreement after you have reviewed the license agreement.
    To view the license agreement, type the following command: 
    # geninstall -IapE -ddirectory openssh.base 2>&1 |pg
    After you accept the license agreement, output similar to the following displays: 
    Installation Summary                                                           
--------------------                                                           
Name                        Level           Part        Event       Result     
-------------------------------------------------------------------------------
openssh.base.client         3.6.0.5200      USR         APPLY       SUCCESS    
openssh.base.server         3.6.0.5200      USR         APPLY       SUCCESS    
openssh.base.client         3.6.0.5200      ROOT        APPLY       SUCCESS    
openssh.base.server         3.6.0.5200      ROOT        APPLY       SUCCESS

You can also use the smitty license_on_media fast path to view the license, and the smitty install_software fast path to install OpenSSL and OpenSSH.

The following OpenSSH binary files are installed as a result of the preceding procedure:

scp
A file copy program similar to rcp
sftp
A program similar to FTP that works over the SSH1 and SSH2 protocol
sftp-server
A SFTP server subsystem (started automatically by sshd daemon)
ssh
Similar to the rlogin and rsh client programs
ssh-add
A tool that adds keys to ssh-agent
ssh-agent
An agent that can store private keys
ssh-keygen
A key-generation tool
ssh-keyscan
A utility for gathering public host keys from a number of hosts
ssh-keysign
A utility for host-based authentication
sshd
A daemon that permits you to log in

SSH access to the HMC from the Partition Load Manager server

After you have installed SSH, you can generate the SSH keys and communicate with the HMC.

If you are going to run the Partition Load Manager server under the plmuser ID, grant SSH access to the HMC from the Partition Load Manager server by using the following steps:

  1. Log in under the plmuser ID.
  2. Generate SSH keys on the Partition Load Manager server by using the following command: 
    ssh-keygen -t rsa
  3. Exchange SSH keys with the HMC by using the following commands: 
    scp hscroot@p5hmc1:.ssh/authorized_keys2 ~/.ssh/tmp_authorized_keys2
cat ~/.ssh/id_rsa.pub >> ~/.ssh/tmp_authorized_keys2
scp ~/.ssh/tmp_authorized_keys2 hscroot@p5hmc1:.ssh/authorized_keys2
  4. Test the SSH access to the HMC as the plmuser ID without using a password by using the following command: 
    ssh hscroot@p5hmc1 date
  5. Obtain the name of the managed system from the HMC by using the following command: 
    ssh hscroot@p5hmc1 lssyscfg -r sys
    Unless the name of the managed system is changed on the HMC using the Properties tab on the managed system, the default managed system name is similar to the following:

    eServer-9117-570-SNxxxxxxx

    Note: The HMC hostname used in the setup and the managed system name are used in the Partition Load Manager policy. If there is more than one managed system, determine which system contains the partitions to be managed. For each managed system, use the following command:
    ssh hmcuser@hmchost lssyscfg –r lpar –m machine
Parent topic: Configuring resource management for AIX partitions with the Partition Load Manager
Related information
AIX toolbox for Linux applications
Send feedback | Rate this page

Last updated: Fri, Oct 30, 2009