IBM Support

Unable to execute commands remotely to VIO server as padmin user via SSH.

Question & Answer


Question

Remote command execution by padmin user via ssh fails with not found error.

Answer

1) Example of remote command execution failing from a SSH client to the padmin user on a VIO server.

SSH Client:


# ssh padmin@<VIO server> ioscli ioslevel
rksh: ioscli: not found

# ssh padmin@<VIO server> ioscli lslparinfo
rksh: ioscli: not found

To allow remote command execution by padmin on VIOS do the following:
2) Get to the root prompt on the VIO server.
$ whoami
padmin

$ oem_setup_env
#

3) Link /usr/ios/cli/environment to /home/padmin/.ssh/environment.
# cat /usr/ios/cli/environment
PATH=/usr/ios/cli:/usr/ios/utils:/usr/ios/lpm/bin:/usr/ios/oem:/usr/ios/ldw/bin:$HOME

# ls -l /home/padmin/.ssh/environment (Link is not there).
/home/padmin/.ssh/environment not found

# cd /home/padmin/.ssh
# ln -s /usr/ios/cli/environment environment
lrwxrwxrwx 1 root system 24 Dec 19 08:28 /home/padmin/.ssh/environment -> /usr/ios/cli/environment

# ls -l /home/padmin/.ssh/environment
lrwxrwxrwx 1 root system 24 Dec 19 08:28 /home/padmin/.ssh/environment -> /usr/ios/cli/environment

4) Edit /etc/ssh/sshd_config. Uncomment the PermitUserEnvironment directive and change from it's default of no to yes.
# vi /etc/ssh/sshd_config

Change from:
#PermitUserEnvironment no

Change to:
PermitUserEnvironment yes

5) Stop and restart sshd
# stopsrc -s sshd
# startsrc -s sshd

6) Test ssh remote command execution from SSH client to VIO server as the padmin user.
# ssh padmin@<VIO server> ioscli ioslevel
2.2.2.1

# ssh padmin@<VIO server> ioscli lslparinfo
1 VIO-Server-1
Successfully executed remote command as padmin user via ssh.

NOTE-1: You can also configure SSH public/private keys between a SSH client and the VIO server for the padmin user to avoid having to supply the padmin password for each command execution.

NOTE-2: From sshd man page:
PermitUserEnvironment
Specifies whether ~/.ssh/environment and environment= options in ~/.ssh/authorized_keys are processed by sshd(8). The default is ''no''. Enabling environment processing may enable users to bypass access restrictions in some configurations using mechanisms such as LD_PRELOAD.
[{"Product":{"code":"SWG10","label":"AIX"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Network communications","Platform":[{"code":"PF002","label":"AIX"}],"Version":"6.1;7.1","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Product":{"code":"SWG10","label":"AIX"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Product":{"code":"SSPHKW","label":"PowerVM Virtual I\/O Server"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]

Document Information

More support for:
AIX

Software version:
6.1, 7.1

Operating system(s):
AIX

Document number:
633559

Modified date:
19 February 2022

UID

isg3T1026638

Manage My Notification Subscriptions

Page Feedback