Configuring SSH or RSH before installing VeritasSF

13627662

Configuring SSH or RSH before installing SF
                                                       Author: Rover Yao
                                                       Time: 2008-12-05
OS: Solaris 10 x86
Servers: SF01
         SF02
1. Log in as root on SF01 from which you want to install the
Veritas product
2. To generate a DSA key pair on SF01, type the following:
# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (//.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
3. Make the /.ssh directory is on SF01,If that directory is missing,Create it on SF01 and set the write pemission to root only.
# mkdir /.ssh
# chmod go-w /
# chmod 700 /.ssh
# chmod go-rwx /.ssh
4. Make sure the secure file transfer program SFTP is enabled on SF01.To enable the SFTP,the /etc/ssh/sshd_config must contain the following two lines:
PermitRootLogin yes
Subsystem  sftp  /usr/lib/ssh/sftp-server
5. If the two lines is not there,Add them and restart SSH.To restart SSH,type the following command on SF01.
# svcadm ssh restart
6. To copy the public DSA key, /.ssh/id_dsa.pub to each target system,
type the following commands:
# sftp SF02
Connecting to SF02...
The authenticity of host 'sf02 (192.168.0.20)' can't be established.
RSA key fingerprint is 49:09:46:22:fd:8a:c2:53:f8:16:d6:87:fd:30:a3:65.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'sf02,192.168.0.20' (RSA) to the list of known hosts.Password:     //Enter root password
sftp> put /.ssh/id_dsa.pub
Uploading /.ssh/id_dsa.pub to /id_dsa.pub
sftp> quit
7. To begin the ssh session on SF02,type the following command:
# ssh SF02
password:    //Enter root password
8. After logging in, enter the following command to append the authorization
key to the id_dsa.pub file:
# cat /id_dsa.pub >> /.ssh/authorized_keys
9. To rm /id_dsa.pub public key file after it is copied to SF02 and added to the authorized keys file,Type the following command:
# rm /id_dsa.pub
10. To log out the ssh session,type the following commmad:
# exit
11. When installing from SF01 that is also an installation target, add
the local system id_dsa.pub key to the local /.ssh/authorized_key
file. The installation can fail if the installation source system is not
authenticated.
12. Run the following commands on the source installation system. These
commands bring the private key into the shell environment and makes the
key globally available for the user root:
# exec /usr/bin/ssh-agent $SHELL
# ssh-add
13. To verify that you can connect SF02,type the following command:
# ssh -l root SF02 uname -a
# ssh -l root SF02 uname -a
SunOS SF02 5.10 Generic_137138-09 i86pc i386 i86pc
The commands should execute on the remote system without the system
requesting a passphrase or password.

本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u/31774/showart_1682036.html