Manuals / HP / Computer Equipment / Software

HP Serviceguard Extension for SAP (SGeSAP) Swlist grep ssh, Ssh-keygen -t dsa, Iddsa Iddsa.pub

Models: Serviceguard Extension for SAP (SGeSAP)

1 142
Download 142 pages 58.48 Kb
Page 55
Image 55

Installation Step: IS240

Make sure that the required software packages are installed on all cluster nodes:

Serviceguard Extension for SAP, T2803BA

The swlist command may be utilized to list available software on a cluster node

If a software component is missing install the required product depot files using the swinstall tool.

Installation Step: IS260

You need to allow remote access between cluster hosts.

This can be done by using remote shell remsh(1) or secure shell ssh(1) mechanisms.

If you allow remote access using the remote shell mechanism:

Create an .rhosts file in the home directories of the HP-UX users root and <sid>adm. Allow login for root as root from all nodes including the node you are logged into. Allow login for root and <sid>adm as <sid>adm from all nodes including the node you are logged into. Be careful with this step, many problems result from an incorrect setup of remote access.

Check the setup with remsh commands. If you have to provide a password, the .rhosts does not work.

Installation Step: IS270

If you allow remote access using the secure shell mechanism:

1. Check with swlist to see if ssh (T1471AA) is already installed on the system:

swlist grep ssh

If not, it can be obtained from http://www.software.hp.com/ISS_products_list.html.

2. Create a public and private key for the root user:

ssh-keygen -t dsa

Executing this command creates a .ssh directory in the root user's home directory including the following files:

id_dsa

id_dsa.pub

The file id_dsa.pub contains the security information (public key) for the user@host pair e.g. root@<local>. This information needs to be added to the file $HOME/.ssh/authorized_keys2 of the root and <sid>adm user.

Create these files if they are not already there. This will allow the root user on <local>to remotely execute commands via ssh under his own identity and under the identity of <sid>adm on all other relevant nodes.

On each cluster node where a SGeSAP package can run, test the remote access to all relevant systems as user root with the following commands:

ssh <hostN> date

ssh -l <sid>adm <hostN> date

Do these tests twice since the first ssh command between two user/host pairs usually requires a keyboard response to acknowledge the exchange of system level id keys.

Make sure that $HOME/.ssh/authorized_keys2 is not writable by group and others. The same is valid for the complete path.

Permissions on ~<user> should be 755. Permissions on ~<user>/.ssh/authorized_keys2 must be 600 or 644.

Allowing group/other write access to .ssh or authorized_keys2 will disable automatic authentication.

After successful installation, configuration and test of the secure shell communication ssh can be used by SGeSAP. This is done via setting the parameter REM_COMM to ssh in the SAP specific configuration file sap.config of section Configuration of the optional Application Server Handling.

#REM_COMM=ssh

#REM_COMM=remsh

Installation Step: IS280

HP-UX Configuration 55

Page 54 Page 56
Page 55
Image 55
HP Serviceguard Extension for SAP (SGeSAP) manual Swlist grep ssh, Ssh-keygen -t dsa, Iddsa Iddsa.pub
Page 54 Page 56