In the following example, vi6401 is the OpenVMS station running Console Manager, rx8642mp is the IP name of MP/iLO of a managed HP Integrity system and lantscs1 is the IP name of a secure console server connected to a number of remotely managed consoles. The IP stack being used in the example is TCPIP Services for OpenVMS. Users of Process Software IP stacks are directed to the notes at the end of this section to learn the default locations for the security keys and other files.
$ set default SYS$MANAGER: $ directory/columns=1 [.ssh2...] Directory SYS$SYSROOT:[SYSMGR.ssh2] AUTHORIZATION.;2 hostkeys.DIR;1 IDENTIFICATION.;2 random_seed.;1 system_vi6401_rsa_512.;1 system_vi6401_rsa_512.pub;1 root-lantscs1_ca_com.pub Total of 7 files. Directory SYS$SYSROOT:[SYSMGR.ssh2.hostkeys] key_22_rx8642mp.pub;1 key_22_lantscs1_ca_com.pub;1 Total of 2 files. Grand total of 2 directories, 8 files. $ type SYS$SYSROOT:[SYSMGR.ssh2]AUTHORIZATION. KEY root-lantscs1_ca_com.pub $ type SYS$SYSROOT:[SYSMGR.ssh2]IDENTIFICATION. IdKey system_vi6401_rsa_512 $ type SYS$SYSROOT:[SYSMGR.ssh2]system_vi6401_rsa_512.pub ---- BEGIN SSH2 PUBLIC KEY ---- Subject: system Comment: "512-bit rsa, system@vi6401.ca.com, Fri Jan 22 2010 22:44:26" AAAAB3NzaC1yc2EAAAADAQABAAAAQQCnPkUp38XDn6auF1tstpjtDVLundrt/0OnrCM4cR 8Pzhf9JyWOeSiCNHZDKCCLxMefl7Ms45SnMFS857xQvz0B ---- END SSH2 PUBLIC KEY ---- $ type root-lantscs1_ca_com.pub ssh-dss AAAAB3NzaC1kc3MAAABBAMMAkLPbbSqMr/iY+ja9Y1BLtjo2jHYPQ0C65na4DpXGQSdVlx15xQ+eGKE4k5AMuYF0cWnz1x/3lHOgKDEvKS8AAAAVAJ8VGuq3tap1BHJBRXKw4BSwzOr3AAAAQCRb7WbSqXQfK55kd8b1Cq4skplQGFBVss+R6AwaILN8f3Ocp+392KSoPJnW5vM0sDYx6JbrvFSeLa8E5EdMZkQAAABAIdV1ndTBLDhx/pKxm0hrDiM3Whr2RqOPG1TGnAiNwZY3DBBYznjfADSQSfRH5S9dpjz9fvhhegL8spp2hLovTw== root@lantscs1
|
File |
Purpose |
Creation |
Comment |
|---|---|---|---|
|
SYS$SYSROOT: |
List of public key files. Contains an entry for each user public key copied from the console servers. The matching private key remains on the console server. |
Text editor |
Used for publickey authentication only. Contains an entry for each user public key copied from the console servers. |
|
SYS$SYSROOT: |
Identify file that is a list of private keys belonging to the SYSTEM user on the Console Management system. Contains one entry for each private key whose matching public key was uploaded to the console servers. |
Text editor |
Used for publickey authentication only. The Identity file is then referenced from Security Profile via logical name. |
|
SYS$SYSDEVICE: |
Default ssh client configuration for the Console Management system. Contains configuration details such as the allowed authentication methods, name of the authorization file and identification file. |
Text editor |
Contains the default ssh client configuration. A user may have a private copy in the [.SSH2] sub-directory under their login directory. |
|
SYS$SYSROOT: |
Public half of the user key for the SYSTEM account on the CA Console Management system. |
Generated once using the ssh_keygen utility. |
Mandatory for the public key authentication method. Generated once. For publickey authentication, this needs to be copied to the appropriate directory on terminal/console servers for them to accept connections. (Note: the HP MP/iLo does not support publickey authentication at this time.) |
|
SYS$SYSROOT: |
Private half of the user key for the SYSTEM account on the CA Console Management system. |
Generated once using the ssh_keygen utility. |
Mandatory for the public key authentication method. May be encrypted using a passphrase, which then must be entered in the Security Profile. |
|
SYS$SYSROOT: |
Public half of the user key for the "root" account on the console server named lantscs1. |
Generated by the console server, typically during its installation and setup. |
Mandatory for the public key authentication method. Must be copied from the console server to SYS$SYSROOT:[SYSMGR.SSH2] using an appropriate name. An entry for this key will be made into the file named [.SSH2]AUTHORIZATION (described later). |
|
SYS$SYSROOT: |
Public half of the hostkey for the terminal server named lantscs1. |
Received from consoler server at first handshake (may not be present before that.) |
Needed for any authentication method. May be deleted if stale (e.g. after T.S. host keys were regenerated) |
|
SYS$SYSROOT: |
Public half of the hostkey from the HP Integrity MP/iLo. |
Received from the MP/iLO during first handshake (may not be present before that.) |
Needed for any authentication method. May be deleted if stale (e.g. after MP/iLO host keys are regenerated) |
Notes:
The following shows the location of the default client configuration file, SSH2_CONFIG., for each of the supported IP stacks:
TCPIP Services for OpenVMS - SYS$SYSDEVICE:[TCPIP$SSH.SSH2] TCPware - TCPWARE_SPECIFIC:[TCPWARE.SSH2]SSH2_CONFIG. MULTINET - MULTINET_SPECIFIC_ROOT:[MULTINET.SSH2]SSH2_CONFIG.
A private copy of the client configuration file may be located in SYS$SYSROOT:[SYSMGR.SSH2], and if it is present, it will override the default client configuration file.
All three IP stacks use the same locations for the user public/private keys as well as using the same default names for the identity and authorization files.
yes – commented out or set to yes
“%U’s password: “ – must contain the string “password:”
No
|
Copyright © 2010 CA.
All rights reserved.
|
|