Communicating securely with remote servers

IBM® Db2® Data Management Console uses the secure shell (SSH) services protocol to establish an encrypted communication channel with remote database servers. This allows users to issue commands and complete transactions with databases on connected servers.

SSH provides a secure connection to the operating system of a remote machine. This allows the console to accommodate the encryption requirements of its many features. While the console primarily uses JDBC to communicate with remote database servers, it needs SSH to perform the following:

Execute the scripts/utilities in the remote machine

This primary function includes running the following commands :
  • Db2 commands, such as db2look for generating DDLs
  • administration commands, such as db2start and db2stop
  • operating system commands, such as ls on linux machines, to browse the folders of a remote machine
  • CLP from the SQL editor

A number of functions available to IBM Db2 Data Management Console users require that connected servers be configured to support SSH. The following table identifies these functions:

Task Category Affected Database Objects Tasks that require an SSH service
Generation of SQL queries NA
  • run SQL statements from the console SQL editor, where the Run method option is set to CLP WITH SSH
Database monitoring NA
  • collect CPU information from an AIX® server
Job NA
  • Run Job with type
    • Db2 CLP Script
    • Executable/Shell Script
General NA
  • search for databases or objects using the Browse feature

How IBM Db2 Data Management Console completes secure transactions, using SSH

To establish an SSH connection between the console and a remote database server, users need to pass through an authentication process, as the SSH service resides on the remote server. IBM Db2 Data Management Console currently supports user name and password authentication for SSH.

To configure an SSH service and ID/PW authentication on a remote database server, on each database server machine that you will connect to with the console, first verify that an SSH service is running:
  • On an AIX or Linux® machine, open a terminal window and enter ps -ef | grep ssh
  • On a Windows machine, go to Control Panel > Administration Tools > Services, scroll through the list to locate either the Open SSH or IBM SSH service and, if it is not running, start it.
If you cannot get the selected SSH service to run properly, verify that password authentication is enabled on the server machine:
  • On an AIX or Linux machine, perform the following steps:
    1. Log in as sudo in the root directory.
    2. Go to /etc/ssh/ and open the file sshd_config in a text editor.
    3. Scroll through the file, locate the PasswordAuthentication property and set its value to yes.
    4. Go to /etc/init.d and run the file sshd restart to restart the SSH service.
  • On a Windows machine, perform the following steps:
    1. Through Windows Explorer, go to C:\ProgramData\IBM\ibmssh\etc\ssh\ and open the file sshd.config.
    2. Edit the file as was done on the AIX/Linux machine, setting the PasswordAuthentication property to yes
    3. After you save and close the file, return to the Services dialog box to first stop, and then restart the SSH service.

You should now be able to successfully send commands to any databases on the remote server from the IBM Db2 Data Management Console.