HPE Community
Operating System - HP-UX
1847585 Members
2855 Online
110265 Solutions
New Discussion

Confguring Ignite for SSH

 
Thom_Fitzpatrick
Advisor

‎03-20-2007 02:16 AM

‎03-20-2007 02:16 AM

Confguring Ignite for SSH

I would like to know how to configure Ignite to use ssh as the communication mechanism instead of rsh. I know that you can specify a -S on the command line when running the gui, but where can I permanently set an option to do this automatically?
All your base are belong to us
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎03-20-2007 02:24 AM

‎03-20-2007 02:24 AM

Re: Confguring Ignite for SSH

Shalom,

You can't really run Ignite using ssh. I remember asking for the enhancement in 2003. The person at HP I talked about thought it was a nice idea and promised to pass it on. Some parts of the restore process require the r protocols be enabled in inetd.conf

You can use an alias to make the application run the -S instead of the normal application.

alias ignite='ignite -S'

That might mess up some of your scripts.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Thom_Fitzpatrick
Advisor

‎03-20-2007 02:55 AM

‎03-20-2007 02:55 AM

Re: Confguring Ignite for SSH

This page sez SSH is supported (I know, that and 50 cents will get me a cup of coffee...)

http://docs.hp.com/en/IUX/whatsnew.html

"The choice to use of ssh for initiating make_net_recovery, make_tape_recovery, and bootsys sessions is introduced, providing enhanced security."
All your base are belong to us
0 Kudos
Reply
Al Miller_1
Valued Contributor

‎03-20-2007 04:08 PM

‎03-20-2007 04:08 PM

Re: Confguring Ignite for SSH

Beginning with Ignite-UX version C.6.8, "bootsys" and the "ignite" GUI contain support for performing certain operations via SSH.

When running bootsys with the "-S" option, SSH will be used in place of remsh/rexec/rcp when contacting client systems from an Ignite-UX server. Because the bootsys command performs several operations on the client in sequence, it must be able to log in unattended. Historically, this was done via .rhosts, but in ssh-mode, bootsys looks for the user's public key and prompts the user whether to copy that key to the client system. It then starts an ssh-agent process and registers the user's private key using ssh-add. Once all this is set up, bootsys copies the install kernel and install filesystem to the client and performs the operations necessary to initiate the reboot to begin the installation.

Similarly, the "ignite" GUI supports using SSH to initiate make_*_recovery sessions on clients from an Ignite-UX server. Because only one command needs to be executed on the client, it does not go through the process of copying public keys and starting an ssh-agent. It simply attempts to log in in ssh batch mode, and if denied tries again prompting for a password. The actual data transfer during the make_net_recovery session still occurs via NFS.

Al
0 Kudos
Reply
Al Miller_1
Valued Contributor

‎03-20-2007 04:46 PM

‎03-20-2007 04:46 PM

Re: Confguring Ignite for SSH

I forgot to mention a few additional points regarding ssh and Ignite-UX. The original poster asked whether ssh can be set as the default in "ignite". The answer is yes, this can be set via the "Use ssh to gather client data" question in the "Options->Server Configuration" menu. bootsys does not have a similar option, it will default to legacy r-command behavior unless "-S" is specified.

Finally, there have been some usability problems reported since the original release of this functionality in C.6.8. These are described in the Ignite-UX C.7.1 release notes, available at http://docs.hp.com/en/IUX/docs/Cver_release_note.html. In particular, look for JAGag30060, JAGag30076, JAGag30456 and JAGag23043.
0 Kudos
Reply
Thom_Fitzpatrick
Advisor

‎03-21-2007 07:24 AM

‎03-21-2007 07:24 AM

Re: Confguring Ignite for SSH

Ok, I made the one change via the i/f, and I guess I'll just have to remember the -S option from here on out. Seems there *should* be a global config variable for that....
All your base are belong to us
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.