If the login is authorized through a mapping of a directory-service group, the ssh command is executed as the proxy user on the SP, either rmonitor, radmin or rmanager.

Support is available for SSH protocol version 2 key types (RSA or DSA) only.

If DNS is enabled on the SP, the client machine must be specified with its DNS name, (and not the IP address).

Generating Host Keys

The host’s ssh install should generate the host keys. If it does not, follow these steps to manually generate the key pair:

1.Enter the following command:

ssh-keygen -q -t rsa -f rsa_key -C '' -N ''

2.Copy rsa_key to /etc/ssh/ssh_host_rsa_key.

3.Ensure that only root has read or write permission to this file. The rsa_key.pub file is the file you will transfer to the SP.

Note – Only protocol version 2 key types and 1024 bit key sizes (the default generated by ssh-keygen) are supported.

4.Copy the host’s public key (the rsa_key.pub file) to the SP using scp (secure copy) or by copying the host key to an external file system that has been mounted on the SP.

Note – Use scp to copy the files to either /tmp or to your home directory. The sp commands will then install the file specified on the command line to /pstore.

Note – If DNS is enabled on the SP, you must specify the client that is used in the trust commands with its DNS name (and not the IP address).

92 Sun Fire V20z and Sun Fire V40z Servers, Server Management Guide • May, 2004

Page 113 Page 115
Page 114
Image 114
Sun Microsystems V20Z, V40z manual Copy rsakey to /etc/ssh/sshhostrsakey
Page 113 Page 115
Top Page Image Contents