When the TADDM application is installed on a Windows server and you need to use public / private key authentication to connect to Unix / Linux clients, you can use the following procedure to configure and test the authentication process.

 

Step 1: Generate the public / private key pair on a Unix / Linux client.

Login to the Unix / Linux client as the user that will be running the TADDM discovery, in this example the user is called “taddm”. OpenSSH was installed on this Linux server

Execute the following command to generate the key pair:

ssh-keygen –t dsa

Generating public/private dsa key pair.

Enter file in which to save key (/home/taddm/.ssh/id_dsa):

Enter passphrase (empty for no passphrase):<password>

Enter same passphrase again:<password>

Your identification has been saved in /home/taddm/.ssh_id_dsa.

Your public key has been saved in /home/taddm/.ssh/id_dsa.pub.

The key fingerprint is:

3c:97:8e:f1:f0:43:71:8d:a5:d5:9d:3d:a7:6d:fd:50: This email address is being protected from spambots. You need JavaScript enabled to view it. This email address is being protected from spambots. You need JavaScript enabled to view it.

Change directory to

cd /home/taddm/.ssh

There are two file in this directory, id_dsa and id_dsa.pub

Copy the public key to the authorized keys file

cp id_dsa.pub authorized_keys

Copy the private key to your windows system

Make sure the .ssh folders permissions are set to 700 and the authorized_keys file permissions are set to 600

Step 2: Modify sshd_config on the Unix/Linux client

 

Modify the /etc/ssh/sshd_config file to contain the following:

RSAAuthentication no

PubkeyAuthentication yes

Restart the OpenSSH daemon:

/etc/init.d/ssh restart

Step 3: Configuring TADDM to use the generated keys.

 

The id_dsa key that you copied to the Windows TADDM server needs to be placed in a “.ssh” directory for the user that started the TADDM server. If you are unsure of the correct directory use Step 5 to test the SSH connection, in the output it will display the directory where it expects to find the key.

For example if the user that started the TADDM server is the Administrator then you need to create the “.ssh” directory in the “C:\Documents and Settings\Administrator” folder.

In a command window execute the following command

cd C:\Documents and Settings\Administrator

mkdir “.ssh”

Copy the id_dsa key into this directory.

Step 4: Setting up the TADDM access list to use the keys when discovering the Unix / Linux server

Click the Access List under the Discovery tab.

Click the Add button to add a new access type.

Component type should be set to Computer System

Enter a name for the account

Enter the user name “taddm” in this example

Enter the passphrase that you used when generating the public/private keys.

Enter the passphrase in the Confirm Password box.

Authentication Type should be set to Default.

On the Scope Limitations tab limit the scope to the scope containing the Unix / Linux clients.

Step 5: Test the SSH connection to the Linux server using the TADDM testssh.bat script

 

Open a command shell on the TADDM server, change to the directory where TADDM support tools are installed, in this example it is C:\ibm\cmdb\dist\support\bin>

Issue the following command:

testssh.bat -u <taddm administrator> -p <password> <target server> <command>

If the taddm console user is administrator and password is collation, to run “ls –al” on the server 10.10.10.130 using the taddm access lists, the command would be:

testssh.bat -u administrator -p collation 10.10.10.130 "ls -al"

This will provide debug information for the command and should return a list of the files in the “taddm” user home directory

Step 6: Additional - Setting taddm user on linux to use sudo

 

To test the taddm user on linux  using sudo, you need to use the visudo command

Examples sudo entries to include

taddm ALL=NOPASSWD: /usr/sbin/lsof, /bin/netstat, /usr/sbin/ethtool

You also need to add the above commands to the collation.propeties to ensure it uses the sudo command when running them, file is in C:\ibm\cmdb\dist\etc directory.

com.collation.discover.agent.command.lsof.Linux=sudo lsof

Twitter Feed

OrbData RT @OrbData: Webinar: #IBM TADDM - Discover your devices and critical resources before moving to the cloud 19/10 11:00-11:45 https://t.co/
OrbData Webinar: #IBM TADDM - Discover your devices and critical resources before moving to the cloud 19/10 11:00-11:45 https://t.co/9eXsqADnTl

Address

Address:
100 Longwater Avenue, Green Park, Reading, RG2 6GP, U.K.
Tel:
+44 (0) 118 945 0130
E-Mail:
This email address is being protected from spambots. You need JavaScript enabled to view it.

markerFind on Google Maps

About Us

Orb Data brings together People, Process and Technology to deliver the cornerstone of business success: the management of IT infrastructure. At our heart are our people. We have unrivalled experience, helping us to achieve an enviable reputation for excellence in project delivery. Because we’re independent, we identify actual issues and help organisations resolve them –from spec to deployment, and beyond –providing the right solution in terms of best of breed technology and support. We offer a refreshingly simple approach to the way we conduct business. We take pride in our abilities to provide first class solutions to business problems, and to conduct working relationships with honesty and integrity.

Follow Us On:

JoomShaper