beautypg.com

HP Integrity NonStop J-Series User Manual

Page 157

background image

B Tips on setting up password free logins with Open SSH

If you install Open SSH with Cygwin, you can use the sftp program to provide more flexible and
better performing deploy targets for both managed builds and makefile project builds. For details,
see

“Creating custom deploy targets ” (page 118)

. Using sftp in your deploy target, however,

requires that you set up passphrase logins for SSH so the deploy target can run sftp in batch
mode without having to supply a password.
This appendix provides tips on setting up both Open SSH on your Windows host and configuring
HP NonStop SSH on NonStop servers for passphrase logins. For more information on Open SSH,
refer to the man pages for ssh, sftp, ssh-keygen, and ssh-agent. For more information on
setting up HP NonStop SSH, refer to the NonStop SSH Reference Manual.
The following are general steps for setting up passphrase logins for user ID swdev.doon for the
NonStop system nonstopsystem.corp.net. Substitute your own user ID and system name as
appropriate.

1.

On your personal Windows system, generate a public/private key pair using the ssh-keygen
command. You'll be asked for a passphrase (twice). The passphrase should be a phrase that
you can easily remember. The longer the phrase, the better the security. The passphrase is
used when encrypting and decrypting your private key. When asked for a file where the key
is to be saved, just hit RETURN to accept the default.
Here is the ssh-keygen command and its output (where XXXXXX represents the passphrase
entered):

$ ssh-keygen -t dsa -C [email protected]/
Generating public/private dsa key pair.
Enter file in which to save the key (/home/doon/.ssh/id_dsa):
Enter passphrase (empty for no passphrase): XXXXXXXXXXX
Enter same passphrase again: XXXXXXXXXXX
Your identification has been saved in /home/doon/.ssh/id_dsa.
Your public key has been saved in /home/doon/.ssh/id_dsa.pub.
The key fingerprint is:
f7:7a:7e:4b:e9:39:c4:85:9c:e5:22:e9:a0:75:07:08 [email protected]
The key's randomart image is:
+--[ DSA 1024]----+
| E. . |
| . . .|
| + = |
| o + * o|
| So.+ + o |
| .. .. o. |
| ..o |
| ..oo. |
| .o..+o |
+-----------------+

2.

Add your public key on NonStop servers of interest. This requires running as super.super.
If you cannot login as super.super, contact your system administrator.
First, find the SSH process name on the NonStop server (typically $ssh0) and open it with
sshcom

(sample commands are shown below). Use alter user to set your public key.

Give it a name (such as key1). You can use that name to delete the public key in the future.
Provide your public key on of two ways. You can provide the fingerprint (which you can get
from the output of ssh-keygen above) or you can point SSH at a file containing the public
key. (The example below provides the fingerprint.)
Here are sample commands to go to the SSH volume, find the SSH process, and set your
public key:

$SYSTEM STARTUP 5> volume zssh
$SYSTEM ZSSH 6> status *,prog *
Process Pri PFR %WT Userid Program file Hometerm
$SSH0 0,611 150 P 005 255,255 $SYSTEM.ZSSH.SSH2 $ZHOME
$ZPTY 0,792 168 P 011 255,255 $SYSTEM.ZSSH.STN $ZHOME
$ZPTY B 1,1054 168 P 001 255,255 $SYSTEM.ZSSH.STN $ZHOME
$SYSTEM ZSSH 7> sshcom $ssh0
SSHCOM_H16_06FEB03
OPEN $ssh0
% alter user swdev.doon, publickey key1 fingerprint f7:7a:7e:4b:e9:39:c4:85:9c:e5:22:e9:a0:75:07:08
% exit

157

This manual is related to the following products:
See also other documents in the category HP Computer hardware: