Do+Able Products 12347 Uživatelský manuál stáhnout pdf (Strana 21)

Hardware Management Console Best Practices

- 21 -

# ssh hscroot@stratus mkauthkeys -a -u minh

'"command=\"logssh \${SSH_ORIGINAL_COMMAND}\" ssh-

rsa

AAAAB3NzaC1yc2EAAAABIwAAAIEAzxTNjoXAvyZBw390oJ27uj

90PxZNtUWhYVN1/kaAfilSIr3z5Hhm7BdaaarUru94qhiM0xds

6cgQpNUQUy6GByoWDrNhdEIdAzXj3uaPscY6wKkNia0llTJPUo

BDBsadaa4oEc0/4poNG/X3uYrsdnbbMNkt/jmnEilSXIgOEmWk

= minh@somehost"'

This command sets up user minh on the stratus HMC so that he can login from

somehost and run HMC commands using SSH. Each command executed by this

user will be logged in syslog. In addition, user minh will not be able to open a

pseudo-tty using SSH, cannot run the mkauthkeys command to undo this setup,

nor can the scp command be used.

In this example, the string ‘ssh-rsa

AAAAB3NzaC1yc2EAAAABIwAAAIEAzxTNjoXAvyZBw390oJ27uj90PxZ

NtUWhYVN1/kaAfilSIr3z5Hhm7BdaaarUru94qhiM0xds6cgQpNUQUy

6GByoWDrNhdEIdAzXj3uaPscY6wKkNia0llTJPUoBDBsadaa4oEc0/4

poNG/X3uYrsdnbbMNkt/jmnEilSXIgOEmWk= minh@somehost’ is

generated by running the command ssh-keygen, which is part of the OpenSSH

package, on somehost, a remote workstation. When this command is run, it will

ask for a passphrase, which should be left empty in order to eliminate prompting

for passphrase when a script is running. Several SSH packages for various

platforms and operating systems are available from a variety of sources.

4.8 Managing and Understanding Security Vulnerabilities on HMC

As stated in the HMC Code Update section, HMC users can subscribe to email

notification of corrective service at the following web site:

http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html

Whenever vulnerability is discovered on the HMC, a bulletin will be sent out to

users on how to obtain the fix. In most cases, because of the closed nature of the

HMC and the presence of the restricted shell, some vulnerability found on non-

HMC systems will not apply. Each time a new release of HMC code is made

available on the support web site, a list of security fixes included in the release is

also published.

4.9 Resource Monitoring and Control

The Resource Monitoring and Control subsystem (RMC) is based on IBM’s

Reliable, Scalable Cluster Technology (RSCT.) It is installed and used on the

1 2 ... 16 17 18 19 20 21 22 23 24 25 26 ... 56 57

Žádné komentáře

Do+Able Products 12347 Uživatelský manuál Strana 21