Creating Trusted Host Relationships | Sun Microsystems V20Z, V40z

Note – Use scp to copy the files to either /tmp or to your home directory. The sp commands will then install the file specified on the command line.

Creating Trusted Host Relationships

Adding a trusted host relationship is one way to allow for passwordless access and thus is a means for one-to-many scripting. Once a host equivalence relationship has been created with a client, users on that client can remotely execute commands on the Service Processor without being prompted for a password, provided one of the following conditions is met:

■The user’s login name on the client is the same as that of a local user on the SP.

■The user’s login on the client belongs to a directory service group that is mapped to an SP administrative group. (In this case, the SSH command executes as a well known auxiliary user on the SP; either rmonitor, radmin, or rmanager.)

Note – Support is available for SSH protocol version 2 key types (RSA or DSA) only. If DNS is enabled on the SP, the client machine must be specified with its DNS name, not an IP address.

Manager-level users can create a trusted host relationship for the specified host from the command line using the access add trust command:

#access add trust {-c --client} HOST {-k --keyfile} \

PUBLIC KEY FILE

Adding Public Keys

Adding a user’s public key is another way to allow for passwordless access and thus provide one-to-many scripting. Once a public key for a specific user has been installed on the SP, that user can remotely execute commands on the SP without being prompted for a password, if that user has installed the associated private key on the client.

Note – Support is available for SSH protocol version 2 key types (RSA or DSA) only.

Only local users can add public keys. Users who obtain authorization from directory services group mappings are not able to add public keys.

Local admin-level or manager-level users can add public keys using the access add public key command:

58 Sun Fire V20z and Sun Fire V40z Servers, Server Management Guide • May, 2004

Image 80

Sun Microsystems V20Z, V40z manual Creating Trusted Host Relationships, Adding Public Keys

Contents

Sun Microsystems, Inc Please Recycle Contents Ipmi Server Management Further Management Information Configuring Scripting Capabilities Using Shell ScriptsSnmp Server Management Server Management Commands Summary Lilo Commands Return Codes Access CommandsPage Diagnostics Commands Inventory Commands Inventory Compare Versions SubcommandIpmi Commands Format Return Codes Platform Commands Sensor Commands Service Processor Commands 161 Contents Page Contents Page Contents Page Preface How This Book Is Organized Related Documentation Accessing Sun Documentation Third-Party Web SitesContacting Sun Technical Support Sun Welcomes Your CommentsPage Introduction Overview Acronyms Acronyms1defines the acronyms found in this document Server-Management Interfaces Service ProcessorServer Management Command Line Interface Snmp Integration Server Operator Panel 2Sun Fire V20z Server Operator Panel and Buttons 2Operator Panel Buttons User Groups User Types Assigning SP Network Settings Using Dhcp Initial Setup of the Service ProcessorPart I Assigning Network Settings to the SP Following prompt appears with the default response Press the Forward button until you reach the SP menuPress the Select button to display the SP menu options Press the Select button Assigning Static SP Network Settings This field can hold a value between 0 SP address is now configured and the server is ready for use LCD displays the following confirmation prompt Part II Securing the Service Processor Creating the Initial Manager Account Enabling Ipmi Access on the Server Enabling Ipmi Access on a Linux-Based Server In-Band Successful output should look similar to the following Install the openIPMI RPM file by running the commandInstall IPMItool Reboot the server Enabling Ipmi Access on a Solaris-Based x86 Server In-BandConfirm installation of all packages when prompted Using IPMItool, configure the network setting for the SP Enabling Ipmi LAN AccessEnabling Ipmi LAN Access on a Linux-Based Server In-Band Using IPMItool, test the Ipmi LAN access Alternate Method for Enabling Ipmi LAN Access Out-of- BandEnable Ipmi LAN access and assign a password when prompted Recompile the module by running the following commands Upgrading the Linux Kernel Daisy-Chaining the Servers 5Daisy Chain Architecture LCD displays the first menu option Site IntegrationUpdating the SP Software Press Select or Enter to display the SP menu’s options Updating the Service Processor Base Component To update the SP base componentLog in to the SP by running the following command Run the sp command to start the update process on the SP Autoconfiguring the SP Optional Method Following message displays when autoconfiguration is running Determining SP and Platform Network MAC AddressesPage Ipmi Server Management Baseboard Management Controller Manageability Ipmi Compliance and LAN Channel Access Usernames and Passwords Lights Out Management LOM DescriptionFurther Information Syntax 1Options for IPMItool Options1lists the options available for IPMItool Expressions 2Expressions and Parameters for IPMItool 1 2Expressions and Parameters for IPMItool 2 Interval 2Expressions and Parameters for IPMItool 3 Parameter 2Expressions and Parameters for IPMItool 4 Type Ipmi Linux Kernel Device Driver LAN Interface for the BMC Files Result returned is Viewing the Ipmi System Event Log Clearing the Ipmi System Event Log Ipmi Troubleshooting 3IPMI TroubleshootingPage Snmp Server Management Simple Network Management Protocol Snmp Integration Snmp Management Information Base MIB Sun Fire V20z and Sun Fire V40z Servers MIB Tree Integrating MIBs with Third-Party Consoles Configuring Snmp on Your Server 2SNMP Architecture and Communications Snmp Agent on the Service Processor Proxy Agent Setting the Community Name Agent Snmp standard tree displays in the MIB Browser Using a Third-Party MIB BrowserSetting Logging Options Snmp Traps 1Server Event Traps 2Subcommands for Configuring Snmp Destinations Configuring Snmp DestinationsConfiguring Snmp Trap Destinations Server MIB Details Events listed in -4are sent to the Snmp destination by SP-EVENT-MIB.mib SP Events 2 Enterprise Trap ID Snmp Troubleshooting 5SNMP TroubleshootingPage Configuring Scripting Capabilities Further Management Information Using Shell Scripts Remote Scripting Using SSH Generating Host Keys Configuring Multiple Systems for ScriptingEnter the following command Creating Trusted Host Relationships Adding Public Keys Enabling SSH Access Using Trusted Hosts Execute the following commandSet up your host keys by executing the following command Enable access for clients by launching a Bash shell Enabling SSH Access Using Public Keys Enter your password when prompted Guidelines for Writing Server Management Command Scripts Command Output Other Tips For Best Results Console Redirection Over Serial on a Linux-based Server Grub Lilo List of gettys currently looks like the following GettySecuretty Enabling and Configuring Bios Console Redirection 1Network Share Volume Compressed Packages Network Share Volume NSV CD-ROMNetwork Share Volume Structure 2Extracted Files on the Network Share Volume Enabling or Disabling the SOL Feature on the Server You can enable or disable the SOL feature through the SPTo enable the feature, run the following command Serial Over LAN Launching an SOL Session Terminating an SOL SessionPress Control-E Press the C key Press the period key Press Enter Press the tilde key ~ Press the period keyPage Server Management Commands Summary Using the ssh Protocol Preface each command with the following textInteractive Shell on the SP Preface Text Commands Table A-1Server Management Commands Return Codes Table A-2Return Codes Table A-2Return Codes Page Access Commands Table B-1Access Subcommand Groups Access Groups Subcommands Access Get Group SubcommandFormat Return Codes Table B-4Return Codes for Subcommand access get groups Access Get Groups SubcommandTable B-4lists the return codes for this subcommand Access Map Subcommands Access Get Map SubcommandTable B-6lists the arguments for this subcommand Table B-6Arguments for Subcommand access get map Access Map Subcommand Table B-7lists the return codes for this subcommandTable B-8lists the arguments for this subcommand Table B-7Return Codes for Subcommand access get map Access Unmap Subcommand Table B-9lists the return codes for this subcommandTable B-10lists the arguments for this subcommand Table B-9Return Codes for Subcommand access map Table B-11lists the return codes for this subcommand Table B-11Return Codes for Subcommand access unmap Access Directory Services Subcommands Access Disable Service SubcommandTable B-13lists the argument for this subcommand Table B-13Argument for Subcommand access disable service Access Enable Service Subcommand Table B-14lists the return codes for this subcommand Table B-15lists the arguments for this subcommand Table B-16lists the return codes for this subcommandTable B-15Arguments for Subcommand access enable service Table B-16Return Codes for Subcommand access enable service Access Get Services Subcommand Table B-17Arguments for Subcommand access get services Table B-18lists the return codes for this subcommand Table B-18Return Codes for Subcommand access get services Access Trust Subcommands Access Add Trust SubcommandTable B-20lists the arguments for this subcommand Table B-20Arguments for Subcommand access add trust Copy rsakey to /etc/ssh/sshhostrsakey Access Delete Trust Subcommand Table B-21lists the return codes for this subcommandTable B-22lists the arguments for this subcommand Table B-21Return Codes for Subcommand access add trust Table B-23Return Codes for Subcommand access delete trust Access Get Trusts SubcommandTable B-23lists the return codes for this subcommand Table B-24lists the return codes for this subcommand Table B-24Return Codes for Subcommand access get trusts Access Public Key Subcommands Access Add Public Key SubcommandTable B-26lists the arguments for this subcommand Table B-25Access Public Key Subcommands Table B-27Return Codes for Subcommand access add public key Access Get Public Key Users SubcommandTable B-27lists the return codes for this subcommand Access Delete Public Key Subcommand Table B-28lists the return codes for this subcommandTable B-29lists the arguments for this subcommand Table B-29Arguments for Subcommand access delete public key Table B-30lists the return codes for this subcommand Access User Subcommands Access Add User SubcommandTable B-32lists the arguments for this subcommand Table B-32Arguments for Subcommand access add user Access Delete User Subcommand Table B-33lists the return codes for this subcommandTable B-33Return Codes for Subcommand access add user Description Deletes a user Table B-34lists the arguments for this subcommand Table B-35lists the return codes for this subcommandTable B-34Arguments for Subcommand access delete user Table B-35Return Codes for Subcommand access delete user Access Get Users Subcommand Table B-36lists the arguments for this subcommandTable B-37lists the return codes for this subcommand Table B-36Arguments for Subcommand access get users Access Update Password Subcommand Description Changes the password of an existing userTable B-38lists the arguments for this subcommand Table B-39lists the return codes for this subcommand Table B-40Arguments for Subcommand access update user Access Update User SubcommandTable B-40lists the arguments for this subcommand Table B-40lists the return codes for this subcommand Table B-41Return Codes for Subcommand access update user Diagnostics Commands Table C-1Diagnostics Subcommand Groups Table C-2Arguments for Subcommand diags cancel tests Diags Cancel Tests SubcommandTable C-2lists the arguments for this subcommand Table C-3lists the return codes for this subcommand Table C-3Return Codes for Subcommand diags cancel tests Table C-4Return Codes for Subcommand diags get state Diags Get State SubcommandTable C-4lists the return codes for this subcommand Diags Get Tests Subcommand Table C-5lists the arguments for this subcommandTable C-6lists the return codes for this subcommand Table C-5Arguments for Subcommand diags get tests Table C-7Arguments for Subcommand diags run tests Diags Run Tests SubcommandTable C-7lists the arguments for this subcommand Table C-8lists the return codes for this subcommand Table C-8Return Codes for Subcommand diags run tests Table C-9Return Codes for Subcommand diags start Diags Start SubcommandTable C-9lists the return codes for this subcommand Invalid operation for current state Table C-10Return Codes for Subcommand diags terminate Diags Terminate SubcommandTable C-10lists the return codes for this subcommand Inventory Commands Table D-1Inventory Subcommands Groups Inventory Compare Versions Subcommand Table D-2lists the arguments for this subcommand Inventory Get Hardware Subcommand Table D-3lists the return codes for this subcommandTable D-4lists the arguments for this subcommand Table D-4Arguments for Subcommand inventory get hardware Return Codes Table D-5lists the return codes for this subcommandTable D-5Return Codes for Subcommand inventory get hardware Inventory Get Software Subcommand Table D-6lists the arguments for this subcommandTable D-7lists the return codes for this subcommand Table D-6Arguments for Subcommand inventory get software Inventory Get All Subcommand Table D-8lists the arguments for this subcommandTable D-9lists the return codes for this subcommand Table D-8Arguments for Subcommand inventory get all Ipmi Commands Table E-1IPMI Subommands Groups Ipmi Disable Channel Subcommand Description Allows you to disable one of two Ipmi channelsTable E-2lists the arguments for this subcommand Table E-3lists the arguments for this subcommand Ipmi Enable Channel Subcommand Description Allows you to enable one of two Ipmi channelsTable E-4lists the arguments for this subcommand Table E-5lists the return codes for this subcommand Table E-6Return Codes for Subcommand ipmi get channels Ipmi Get Channels SubcommandTable E-6lists the return codes for this subcommand Table E-7Return Codes for Subcommand ipmi disable pef Ipmi Disable PEF SubcommandTable E-7lists the return codes for this subcommand Table E-8Return Codes for Subcommand ipmi enable pef Ipmi Enable PEF SubcommandTable E-8lists the return codes for this subcommand Ipmi Get Global Enables Subcommand Table E-9lists the return codes for this subcommand Table E-11Information about the aliases Ipmi Set Global Enable SubcommandTable E-10Arguments for Subcommand ipmi set global enable Table E-12lists the return codes for this subcommand Table E-12Return Codes for Subcommand ipmi set global enable Ipmi Reset Subcommand Table E-13lists the arguments for this subcommandTable E-14lists the return codes for this subcommand Table E-13Arguments for Subcommand ipmi reset Platform Commands Table F-1Platform Subcommand Groups Platform Console Subcommands Platform Console Subcommand Table F-5Serial-Console Values Table F-3Common COM1 ValuesTable F-4Common Values for Console Redirection Ecl0 Check or set the Bios settings Run the command Run the command platform set consoleTable F-6lists the return codes for this subcommand Table F-6Return Codes for Subcommand platform console Table F-8Supplementary Output Platform Get Console SubcommandFollowing output displays when successful Table F-9lists the return codes for this subcommand Table F-9Return Codes for Subcommand platform get console Table F-10Arguments for Subcommand platform set console Platform Set Console Table F-11lists the return codes for this subcommand Table F-11Return Codes for Subcommand platform set console Description Retrieves the current state of the platform OS Platform OS State SubcommandsPlatform Get OS State Subcommand Table F-13lists the return codes for this subcommand Table F-13Return codes for Subcommand platform get os state Table F-14Arguments for Subcommand platform set os state Platform Set OS State SubcommandTable F-14lists the arguments for this subcommand Table F-15Return Codes for Subcommand platform set os state Platform Set OS State Boot SubcommandTable F-15lists the return codes for this subcommand Table F-16lists the arguments for this subcommand Table F-17lists the return codes for this subcommand Platform Power State Subcommands Platform Get Power State Subcommand Platform Set Power State Subcommand Table F-19lists the return codes for this subcommand Table F-20Arguments for Subcommand platform set power state Table F-20lists the arguments for this subcommandTable F-21lists the return codes for this subcommand Platform Get Hostname Subcommand Table F-22lists the argument for this subcommandTable F-23lists the return codes for this subcommand Table F-22Argument for Subcommand platform get hostname Description Displays the product ID for the current system Platform Get Product ID SubcommandTable F-24lists the return codes for this subcommand Page Sensor Commands Table G-1Sensor Subcommand Groups Sensor Get Subcommand Table G-2lists the arguments for this subcommand Table G-2Arguments for Subcommand sensor get Table G-3lists the arguments for this subcommand Table G-3Return Codes for Subcommand sensor get Appendix G Sensor Commands Table G-4Arguments for Subcommand sensor set Sensor Set SubcommandTable G-4lists the arguments for this subcommand Table G-5lists the arguments for this subcommand Table G-5Return Codes for Subcommand sensor setPage Service Processor Commands Table H-1Service Processor Subcommand Groups SP Date Subcommands SP Get Date SubcommandSubcommands in Table H-2manage the date and time on the SP Table H-2SP Date Subcommands SP Set Date Subcommand Table H-3lists the return codes for this subcommandTable H-4lists the argument for this subcommand Description Sets the date and time on the SP RTC Table H-5lists the return codes for this command Table H-5Return Codes for Subcommand sp set date SP DNS Subcommands SP Disable DNS SubcommandDescription Disables the DNS configuration on the SP Table H-7lists the return codes for this command SP Enable DNS Subcommand Table H-8lists the arguments for this subcommandTable H-9lists the return codes for this subcommand Table H-8Arguments for Subcommand sp enable dns SP Get DNS Subcommand Table H-10lists the arguments for this subcommandTable H-11lists the return codes for this subcommand Table H-10Arguments for Subcommand sp get dns SP Events Subcommands SP Delete Event SubcommandSubcommands in Table H-12manage events on the SP Description Clears an existing event using the event ID Table H-14Return Codes for Subcommand sp delete event SP Get Events SubcommandTable H-14lists the return codes for this subcommand Table H-15lists the arguments for this subcommand Table H-16lists the return codes for this subcommandTable H-15Arguments for Subcommand sp get events Table H-16Return Codes for Subcommand sp get events SP Hostname Subcommands SP Get Hostname SubcommandSubcommands in Table H-17manage the SP host and domain Table H-18lists the argument for this subcommand SP Set Hostname Subcommand Table H-19lists the return codes for this subcommandTable H-20lists the argument for this subcommand Table H-19Return Codes for Subcommand sp get hostname Table H-21lists the return codes for this subcommand Table H-21Return Codes for Subcommand sp set hostname SP IP Subcommands SP Get IP SubcommandTable H-23lists the arguments for this subcommand IP Subcommands SP Set IP Subcommand Table H-24lists the arguments for this subcommandDescription Sets or modifies the SP network configuration Table H-24Return Codes for Subcommand sp get ip Table H-25lists the arguments for this subcommand Table H-26lists the return codes for this subcommandTable H-25Arguments for Subcommand sp set ip Table H-26Return Codes for Subcommand sp set ip SP Jnet Address Subcommands SP Get Jnet SubcommandTable H-28lists the arguments for this subcommand Jnet Subcommands Table H-29Return Codes for Subcommand sp get jnet SP Set Jnet SubcommandTable H-29lists the return codes for this subcommand Table H-30lists the arguments for this subcommand Table H-31lists the return codes for this subcommandTable H-30Arguments for Subcommand sp set jnet Table H-31Return Codes for Subcommand sp set jnet SP Locate Light Subcommands SP Get Locatelight SubcommandSubcommands in Table H-32manage the locatelight switch Table H-33lists the return codes for this subcommand Table H-34Return Codes for Subcommand sp set locatelight SP Set Locatelight SubcommandTable H-34lists the return codes for this subcommand SP Logfile Subcommands SP Get Logfile SubcommandSubcommands in Table H-35manage the SP log files Description Retrieves the event log file configuration SP Set Logfile Subcommand Table H-37lists the return codes for this subcommandTable H-37Return Codes for Subcommand sp get logfile Table H-38Arguments for Subcommand sp set logfile Table H-39lists the arguments for this subcommand Table H-39Return Codes for Subcommand sp set logfile SP Miscellaneous Subcommands SP Create Test Events SubcommandSubcommands in Table H-40manage miscellaneous SP functions Table H-40Miscellaneous SP Subcommands SP Get Port 80 Subcommand Table H-41lists the return codes for this commandTable H-42lists the arguments for this subcommand Table H-41Return Codes for Subcommand sp create test events Bios Post Codes Table H-43lists the return codes for this subcommandTable H-44lists the Post codes for the Phoenix Bios Table H-43Return Codes for Subcommand sp get port80 Table H-44BIOS Post Codes Table H-44BIOS Post Codes Table H-44BIOS Post Codes Enable hardware interrupts Table H-45Boot Block Codes in Flash ROM Boot Block Codes for Flash ROMTable H-45lists the boot block codes in Flash ROM Table H-46Arguments for Subcommand sp load settings SP Load Settings SubcommandTable H-46lists the arguments for this subcommand SP Get Status Subcommand Table H-47lists the return codes for this subcommandTable H-48lists the arguments for this subcommand Description Returns the status of the overall system Table H-49Return Codes for Subcommand sp get status SP Get TDULog SubcommandTable H-49lists the return codes for this subcommand Table H-50lists the arguments for this subcommand Table H-50Arguments for Subcommand sp get tdulog SP Reboot Subcommand Table H-52lists the return codes for this subcommandTable H-53lists the argument for this command Table H-52Return Codes for Subcommand sp get tdulog Table H-54Return Codes for Subcommand sp reboot SP Reset SubcommandTable H-54lists the return codes for this command Table H-55lists the arguments for this command Table H-55Arguments for Subcommand sp reset Table H-56list the return codes for this command Table H-56Return Codes for Subcommand sp reset SP Mount Subcommands SP Add Mount SubcommandSubcommands in Table H-57manage the SP mount points Description Creates or resets a mount point Table H-59lists the return codes for this subcommand Table H-59Return Codes for Subcommand sp add mount Table H-60lists the arguments for this subcommand Table H-61lists the return codes for this subcommandSP Delete Mount Description Deletes a mount point SP Get Mount Subcommand Table H-62lists the arguments for this subcommandTable H-63lists the return codes for this subcommand Description Displays the current mount points on the SP Subcommands in Table H-64manage Smtp communications SP Smtp SubcommandsSP Get Smtp Server Subcommand Table H-65lists the arguments for this subcommand Table H-66lists the return codes for this subcommandTable H-65Arguments for Subcommand sp get smtp server Table H-66Return Codes for Subcommand sp get smtp server SP Set Smtp Server Subcommand Table H-67lists the arguments for this subcommandTable H-68lists the return codes for this subcommand Table H-67Arguments for Subcommand sp set smtp server Table H-70Default Smtp Subscribers SP Get Smtp Subscribers SubcommandTable H-69Arguments for Subcommand sp get smtp sebscribers SP Update Smtp Subscriber Subcommand Table H-71lists the return codes for this subcommand Table H-72Arguments for Subcommand sp update smtp subscriber Table H-73Default Smtp Subscribers Table H-74lists the return codes for this command Subcommands in Table H-75manage Snmp communications SP Snmp SubcommandsSP Add Snmp Destination Subcommand Table H-76Argument for Subcommand sp add snmp-destination Table H-76lists the argument for this subcommandTable H-77lists the return codes for this subcommand Table H-79lists the return codes for this subcommand SP Delete Snmp Destination SubcommandTable H-78lists the arguments for this subcommand SP Get Snmp Destinations Subcommand Table H-80lists the return codes for this subcommand Table H-81lists the return codes for this subcommand SP Get Snmp Proxy Community SubcommandSP Set Snmp Proxy Community Subcommand Table H-82lists the argument for this subcommand Table H-83lists the return codes for this subcommand SP SSL Subcommands SP Disable SSL-Required SubcommandSubcommands in Table H-84manage SSL capabilities Table H-85lists the return codes for this command SP Enable SSL-Required Subcommand Table H-86lists the return codes for this command SP Get SSL Subcommand Table H-87lists the arguments for this subcommandTable H-88lists the return codes for this subcommand Table H-87Arguments for Subcommand sp get ssl SP Set SSL Subcommand Table H-89lists the arguments for this subcommandTable H-90lists the return codes for this subcommand Table H-89Arguments for Subcommand sp set ssl Subcommands in Table H-91manage the SP flash SP Update SubcommandsSP Update Flash All Subcommand Table H-92lists the arguments for this subcommand Table H-93lists the return codes for this subcommandTable H-92Arguments for Subcommand sp update flash all Table H-93Return Codes for Subcommand sp update flash all Table H-95lists the return codes for this subcommand SP Update Flash Applications SubcommandTable H-94lists the arguments for this subcommand SP Update Flash PIC Subcommand Table H-96lists the arguments for this subcommandTable H-97lists the return codes for this subcommand Table H-96Arguments for Subcommand sp update flash pic SP Update Diags Subcommand Table H-98lists the argument for this subcommandTable H-99lists the return codes for this subcommand Table H-98Argument for Subcommand sp update diags Index Page Index Page Index