Sun Microsystems V20Z Server User Manual


 
Chapter 4 Further Management Information 57
If using trusted host relationships for passwordless access, the SP must have a local
user of the same name as the remote user (or the remote user should be a member of
a directory service group that is mapped to a local SP administrative group).
You can also add your public key file instead of creating a trusted host relationship
to be authenticated via SSH. Refer to “Adding Public Keys” on page 58.
When configured for passwordless access, the ssh daemon on the SP allows the
remote user access to sp.company.com without a password, either for logging in,
or for issuing remote ssh commands from the command line or from a script.
Configuring Multiple Systems for Scripting
There are two ways to configure multiple SPs for scripting:
Execute the procedure to configure the client machine on which you will be
running scripts for each SP.
Set up the trust relationship or add your public key file on an initial machine and
use the autoconfiguration feature to duplicate the configuration on each of the
additional machines. Refer to “Creating Trusted Host Relationships” on page 58
and “Adding Public Keys” on page 58.
Generating Host Keys
To establish a trusted host relationship, you must set up a host key which is used to
authenticate one host to another. The host’s SSH install should generate the host
keys. If it does not, follow these steps to generate a host key pair:
1. Enter the following command:
# ssh-keygen -q -t rsa -f rsa_key -C '' -N ''
2. Move rsa_key to /etc/ssh/ssh_host_rsa_key.
3. Move rsa_key.pub to /etc/ssh/ssh_host_rsa_key.pub.
4. Ensure that only the root user has read or write permissions to
/etc/ssh/ssh_host_rsa_key.
The ssh_host_rsa_key.pub file is the file you will transfer to the SP.
Note Only protocol version 2 key types and 1024 bit key sizes (the default
generated by ssh-keygen) are supported.
5. Continue with “Creating Trusted Host Relationships” on page 58 for instructions
on creating public keys that can be used for passwordless access.