AIX > Tips & Techniques > Systems Management

On-Demand Systems Management

SSH simplifies AIX administrative tasks

In today's on-demand world, customers have to spin up LPARs and deploy them more frequently and faster than before. The capability to rapidly make changes or to provision important files and run scripts on multiple LPARs has become a critical component in managing systems. However, for many, having to enter a password to do this on every system touched is a major annoyance. The ideal solution is to be able to script repeatable processes so no manual intervention is required. There are ways to do this using SSH that make this kind of deployment far more simple.

What is SSH?

Secure shell (SSH) was written to provide more secure alternatives to insecure protocols such as rlogin, rcp, FTP and telnet. It provides authentication, encryption and data integrity across the Internet. The version that currently ships with AIX v7 and v6 is openssh v5.4p1, and it also uses openssl 0.9.8. You can check if these are installed as follows:

lslpp -l | grep openss
openssh.base.client     5.4.0.6100   COMMITTED   Open Secure Shell Commands
openssh.base.server     5.4.0.6100   COMMITTED   Open Secure Shell Server
openssh.man.en_US     5.4.0.6100   COMMITTED   Open Secure Shell
openssh.msg.EN_US     5.4.0.6100   COMMITTED   Open Secure Shell Messages -
openssh.msg.en_US     5.4.0.6100   COMMITTED   Open Secure Shell Messages -
openssh.base.client     5.4.0.6100   COMMITTED   Open Secure Shell Commands
openssh.base.server     5.4.0.6100   COMMITTED   Open Secure Shell Server
openssl.base     0.9.8.1300   COMMITTED   Open Secure Socket Layer
openssl.license     0.9.8.1300   COMMITTED   Open Secure Socket License
openssl.man.en_US     0.9.8.1300   COMMITTED   Open Secure Socket Layer
openssl.base     0.9.8.1300   COMMITTED   Open Secure Socket Layer

You can also check the version of ssh with:

ssh -V
OpenSSH_5.4p1, OpenSSL 0.9.8m 25 Feb 2010

The most recent version of SSH available is at AIX v5.8, however it’s source code that you’ll need to compile yourself. So for the purposes of this article, I’ll use the SSH v5.4 that comes with AIX.

SSH encrypts all of the authentication traffic, helping ensure user names and passwords don't travel in the clear. SSH provides several authentication options, including the use of UNIX passwords or the use of a public/private key pair for authentication. Additionally, SSH interfaces with TCP wrappers for logging and access control and has its own built-in access control that's fairly granular. The suite includes several features, including the capability to do secure backups, tunneling and X11 forwarding, all within a secure environment. SSH also comes with a secure FTP server: SFTP.

Tweet