Set up the Environment › Connect Using Pseudo-terminals › Configure Pseudo-terminals
Configure Pseudo-terminals
If your host system is running the OpenVMS operating system, pseudo-terminal devices are created automatically for you.
Connect Using SSH Transport
This type of connection consists of a host system connected to an Internet network. The serviced system connects to a terminal or console server using DECconnect cables and adapters or the equivalent, or, for those systems so equipped, the console can be connected directly to the network. Console Management then uses SSH to connect to the terminal or console servers, or directly to the network console. If using terminal or console servers, ensure you use a terminal or console server that supports SSH protocol.
Set up an SSH Connection using a Terminal or Console Server
To set up a connection using a terminal or console server using the SSH protocol
- Install the terminal or console server and define the appropriate terminal server characteristics. To do this, see the manual for your terminal or console server.
- Connect one end of the cable to an unused port on the terminal or console server, using a DECconnect adapter where necessary.
- Connect the other end of the cable to the console port of the serviced system, using an adapter where necessary.
To configure your SSH connection
- Ensure that both the Console Manager host system and the terminal or console server to be used support SSH and both participate in the same WAN.
- Define the appropriate terminal server characteristics. To do this, see the manual for your terminal or console server. Set the characteristics the same as for a printer connection.
- Ensure the terminal or console server has its Internet Protocol (IP) address registered on the Console Manager host or in the BIND server (where used).
- Prepare your Console Manager host for SSH access according to the TCP/IP stack documentation, for the chosen type of SSH authentication method. The Console Manager configuration supports SSH v2 password, publickey and host based authentication methods. This typically entails using SSH_KEYGEN to generate host or Identity key pairs, and in some instances a manual exchange of public keys.
Notes:
- We recommend that you register the terminal server IP address on the Console Manager host. Otherwise, if the BIND server is unavailable, Console Manager will be unable to connect to the terminal server.
- Use the SSH verbose option or debug level 5 to identify any basic connectivity issue, as documented for your IP stack (HP TCPIP Services SSH client: option –v or –d 5. Process Software SSH client: /VERBOSE or /DEBUG=5).
- In the event of a key fingerprint mismatch, remove any obsolete key file(s) from the directory SYS$SYSROOT:[SYSMGR.ssh2.hostkeys]. Next try to establish the connection to the managed system using the SSH client command from DCL prompt (in other words, repeat Step 5 above.
This step allows the first host key exchange to occur and the terminal or console server’s public host key to be stored.
We are proving ahead of time that your SSH setup is good and valid and works at the DCL command line. If your connection is successful, you are now ready to configure the configuration database to make use of this connection. See the chapter “Modifying the Configuration Database”.
Set up an SSH Connection using a network console
The examples in this section involve using an HP Integrity Server with an MP/iLO.
Note: For MP/iLO equipped HP Integrity Servers these steps may have been done when the system was installed.
To setup a connection to a network console using the SSH protocol
- Connect the network console to your network with an appropriate cable.
- Configure the network console. To do this, see the manual for your hardware.
- Verify the network console is reachable from the Console Manager host system.
To configure your SSH connection using a network console
- Ensure that both the Console Manager host system and the network console support SSH and both participate in the same WAN.
- Configure the network console for SSH. To do this, see the manual for your hardware. If you want to use SSH to connect to the MP/iLO of your HP Integrity servers, it may be necessary to upgrade the system firmware. Depending upon the system model and configuration, you may also require an MP/iLO Advanced Pack license in order to enable SH on the MP/iLO. Contact your HP support representative for further assistance.
- Ensure the network console has its Internet Protocol (IP) address registered on the Console Manager host or in the BIND server (where used).
- Prepare your Console Manager host for SSH access as per the TCP/IP stack documentation, for the chosen type of SSH authentication method. The Console Manager configuration supports SSH v2 password, publickey and host based authentication methods. This typically entails using SSH_KEYGEN to generate host or Identity key pairs, and in some instances a manual exchange of public keys.
- Verify the SSH connectivity at DCL prompt before configuring it in the Console Manager database. For example, to do this, with HP TCP/IP Services to a LAN base HP Integrity MP named myMPiLo:
$ @sys$startup:tcpip$define_commands.com
$! ssh “username@hostname#port”
$ ssh “Admin@myMPiLo#22”
This step allows the first host key exchange to occur and the network console’s public host key to be stored.
We are proving ahead of time that your SSH setup is good and valid and works at the DCL command line. If your connection is successful, you are now ready to configure the configuration database to make use of this connection. See the chapter “Modifying the Configuration Database”.
Notes:
- We recommend that you register the network console IP address on the Console Manager host. Otherwise, if the BIND server is unavailable, Console Manager will be unable to connect to the terminal server.
- Use the SSH verbose option or debug level 5 to identify any basic connectivity issue, as documented for your IP stack (HP TCPIP Services SSH client: option –v or –d 5. Process Software SSH client: /VERBOSE or /DEBUG=5).
- In the event of a key fingerprint mismatch, remove any obsolete key file(s) from the directory SYS$SYSROOT:[SYSMGR.ssh2.hostkeys]. Next try to establish the connection to the managed system using the SSH client command from DCL prompt (in other words, repeat Step 5 above).
Establish Security Credentials for a System
Prior to using Console Manager to connect to a system in a secure network environment, you must establish security credentials. This is a two step process in Console Manager. In the configuration editor, create a security profile and set security settings for a system.
Step 1: Create a Security Profile
To create a security profile record, use the commands ADD SECURITY_PROFILE or MODIFY SECURITY_PROFILE and then specify the fields'values. Not all fields are required for all connection types.
|
Item
|
Description
|
|
Name
|
A unique name for the security profile
|
|
Information
|
Description to clarify name
|
|
User
|
User account name
|
|
Password
|
Password for user account (stored encrypted, displays as all *'s).
Required for password-based authentication; Ignored for publickey authentication
|
|
Pass-phrase
|
Passphrase for the certificate (stored encrypted, displays as all *'s).
Required if you have protected your private key(s) with a passphrase
|
|
Key/Identity file
|
Optional.
The logical name that equates to the file specification of the key/identity file. If you not specify a logical name, the default file specification of SYS$SYSROOT:[SYSMGR.SSH2]IDENTIFICATION. Will be used.
For more information about this logical name see the chapter "Set up the Environment".
|
Step 2: Add a security profile to the system record
Set security settings for a system. Use the command ADD SYSTEM or MODIFY SYSTEM, specifying values for the following fields:
|
Field
|
Description
|
|
Security Profile
|
Name of security profile
|
|
Connection type
|
Set connection type to SSH
|
Copyright © 2010 CA.
All rights reserved.
|
|