Setting up SSH on Linux or UNIX servers

To apply security fixes or to collect the heap dump information from managed servers, both WebSphere Automation and the servers must be properly configured to communicate by using SSH. Configure your Linux® or UNIX servers for SSH.

Before you begin

Each server to be managed by WebSphere Automation must have the SSH server installed and running. WebSphere Automation connects over SSH using a specified user account. The user account must have permissions to run the wsadmin script (for WebSphere Application Server) or the server script (for WebSphere Application Server Liberty) and access the heap dump file that is generated by WebSphere Application Server or WebSphere Application Server Liberty.

Make sure that servers to be managed meet the prerequisites in Managed server requirements.

About this task

Use these steps to generate a new SSH key and send it to each of your Linux or UNIX servers to be managed. If you have an existing SSH key that you want to use, skip this step and proceed to Setting up WebSphere Automation for SSH to Linux or UNIX servers.

If you are generating an SSH key for use in a FIPS-enabled environment, the SSH key must be compatible with FIPS. For more information, see In a FIPS-enabled environment, installations of fixes or memory leak investigation do not progress.

1. Generate a new SSH key for WebSphere Automation by using the ssh-keygen command.

   $ ssh-keygen -f ~/.ssh/wsa
   Generating public/private rsa key pair.
   Enter passphrase (empty for no passphrase): changeme
   Enter same passphrase again: changeme
   Your identification has been saved in /home/admin/.ssh/wsa.
   Your public key has been saved in /home/admin/.ssh/wsa.pub.
   The key fingerprint is:
   SHA256:umZ0BUX89VEi377Gc1J5t5cqfrMldDUqIn4M+1eWeRc admin@admin
   The key's randomart image is:
   +---[RSA 3072]----+
   |         +o . . o|
   |        . .  o.+ |
   |         . . ..o+|
   |          . . .E=|
   |       oSo . ooo*|
   |      o.* . o=ooB|
   |     ..+ o  o.oO+|
   |      o.o  o o=.+|
   |     o.  .o.ooo  |
   +----[SHA256]-----+

2. Copy the public key to each server by using the ssh-copy-id command.

   $ ssh-copy-id -i ~/.ssh/wsa wsadmin@myvm
   /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/admin/.ssh/wsa.pub"
   /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
   /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
   Number of key(s) added: 1

3. Validate that you can use SSH to communicate with that server.

   $ ssh -i ~/.ssh/wsa wsadmin@myvm

What to do next

Configure WebSphere Automation with the SSH key, user, and other necessary connection parameters to access the Linux or UNIX servers remotely. Proceed to Setting up WebSphere Automation for SSH to Linux or UNIX servers.