Enabling SSH

The SSH program enables you to log into and execute commands on a remote system. SSH enables encrypted communications and an authentication process between two un-trusted hosts over an insecure network. SSH is the preferred method of remote communication because it provides a greater level of security than the remote shell suite of protocols. The following is an example of an SSH setup procedure:

1.Log in as root on the source system from which you want to install the Veritas product.

2.To generate a DSA key pair on the source system, enter:

# ssh-keygen -t dsa S

The system displays the following output:

Generating public/private dsa key pair.

Enter file in which to save the key (//.ssh/id_dsa):

3.Press Enter to accept the default location of /.ssh/id_dsa. System output similar to the following is displayed:

Enter pass phrase (empty for no pass phrase):

4.Do not enter a pass phrase.

Press Enter: Enter same pass phrase again: Press Enter again.

5.Ensure that the /.ssh directory is on all the target installation systems. If that directory is missing, create it on the target system and set the write permission to root only:

# mkdir /.ssh# chmod go-w /.ssh

6.Ensure that the Secure file transfer program (SFTP) is enabled on all the target installation systems. To enable SFTP, the /opt/ssh/etc/sshd_config file must contain the following two lines:

PermitRootLogin yes Subsystem

sftp /opt/ssh/libexec/sftp-server If the lines are not there, add them

7.Restart SSH:

#/sbin/init.d/secsh start

8.To copy the public DSA key, /.ssh/id_dsa.pub to each target system, type the following commands:

#sftp target_sys

If this is the first time this command is run on a system, the following output is displayed:

Connecting to target_sys...

The authenticity of host 'target_sys (10.182.00.00)' can't be established. DSA key fingerprint is fb:6f:9e:61:91:9e:44:6b:87:86:ef:68:a6:fd:87:7d.

Are you sure you want to continue connecting (yes/no)?

9.Enter yes. Output similar to the following is displayed:

Warning: Permanently added 'target_sys,10.182.00.00'(DSA) to the list of known hosts.root@target_sys password:

10.Enter the root password.

11.At the sftp prompt, type the following command:

sftp> put /.ssh/id_dsa.pub

The following output is displayed: