Veritas Access Installation Guide
- Licensing in Veritas Access
- System requirements
- Important release information
- System requirements
- Linux requirements
- Software requirements for installing Veritas Access in a VMware ESXi environment
- Hardware requirements for installing Veritas Access virtual machines
- Management Server Web browser support
- Required NetBackup versions
- Required OpenStack versions
- Required Oracle versions and host operating systems
- Required IP version 6 Internet standard protocol
- Network and firewall requirements
- Maximum configuration limits
- Preparing to install Veritas Access
- Deploying virtual machines in VMware ESXi for Veritas Access installation
- Installing and configuring a cluster
- Installation overview
- Summary of the installation steps
- Before you install
- Installing the operating system on each node of the cluster
- Installing Veritas Access on the target cluster nodes
- About managing the NICs, bonds, and VLAN devices
- About VLAN tagging
- Replacing an Ethernet interface card
- Configuring I/O fencing
- About configuring Veritas NetBackup
- About enabling kdump during an Veritas Access configuration
- Reconfiguring the Veritas Access cluster name and network
- Configuring a KMS server on the Veritas Access cluster
- Automating Veritas Access installation and configuration using response files
- Displaying and adding nodes to a cluster
- Upgrading the operating system and Veritas Access
- Performing a rolling upgrade
- Uninstalling Veritas Access
- Appendix A. Installation reference
- Appendix B. Configuring the secure shell for communications
- Appendix C. Manual deployment of Veritas Access
Setting up ssh and rsh connections using the pwdutil.pl utility
The password utility, pwdutil.pl, is bundled in the 7.4.2 release in the /opt/VRTS/repository/ga/images/SSNAS/7.4.2.0/scripts/pwdutil.pl directory. The users can run the utility in their script to set up the ssh and rsh connection automatically.
# ./pwdutil.pl -h
Usage:
Command syntax with simple format:
pwdutil.pl check|configure|unconfigure ssh|rsh <hostname|IP addr>
[<user>] [<password>] [<port>]
Command syntax with advanced format:
pwdutil.pl [--action|-a 'check|configure|unconfigure']
[--type|-t 'ssh|rsh']
[--user|-u '<user>']
[--password|-p '<password>']
[--port|-P '<port>']
[--hostfile|-f '<hostfile>']
[--keyfile|-k '<keyfile>']
[-debug|-d]
<host_URI>
pwdutil.pl -h | -?Table: Options with pwdutil.pl utility
Option | Usage |
|---|---|
--action|-a 'check|configure|unconfigure' | Specifies action type, default is 'check'. |
--type|-t 'ssh|rsh' | Specifies connection type, default is 'ssh'. |
--user|-u '<user>' | Specifies user id, default is the local user id. |
--password|-p '<password>' | Specifies user password, default is the user id. |
--port|-P '<port>' | Specifies port number for ssh connection, default is 22 |
--keyfile|-k '<keyfile>' | Specifies the private key file. |
--hostfile|-f '<hostfile>' | Specifies the file which list the hosts. |
-debug | Prints debug information. |
-h|-? | Prints help messages. |
<host_URI> | Can be in the following formats: <hostname> <user>:<password>@<hostname> <user>:<password>@<hostname>: <port> |
You can check, configure, and unconfigure ssh or rsh using the pwdutil.plutility. For example:
To check ssh connection for only one host:
pwdutil.pl check ssh hostname
To configure ssh for only one host:
pwdutil.pl configure ssh hostname user password
To unconfigure rsh for only one host:
pwdutil.pl unconfigure rsh hostname
To configure ssh for multiple hosts with same user ID and password:
pwdutil.pl -a configure -t ssh -u user -p password hostname1 hostname2 hostname3
To configure ssh or rsh for different hosts with different user ID and password:
pwdutil.pl -a configure -t ssh user1:password1@hostname1 user2:password2@hostname2
To check or configure ssh or rsh for multiple hosts with one configuration file:
pwdutil.pl -a configure -t ssh --hostfile /tmp/sshrsh_hostfile
To keep the host configuration file secret, you can use the 3rd party utility to encrypt and decrypt the host file with password.
For example:
### run openssl to encrypt the host file in base64 format # openssl aes-256-cbc -a -salt -in /hostfile -out /hostfile.enc enter aes-256-cbc encryption password: <password> Verifying - enter aes-256-cbc encryption password: <password> ### remove the original plain text file # rm /hostfile ### run openssl to decrypt the encrypted host file # pwdutil.pl -a configure -t ssh 'openssl aes-256-cbc -d -a -in /hostfile.enc' enter aes-256-cbc decryption password: <password>
To use the ssh authentication keys which are not under the default $
HOME/.sshdirectory, you can use --keyfile option to specify the ssh keys. For example:### create a directory to host the key pairs: # mkdir /keystore ### generate private and public key pair under the directory: # ssh-keygen -t rsa -f /keystore/id_rsa ### setup ssh connection with the new generated key pair under the directory: # pwdutil.pl -a configure -t ssh --keyfile /keystore/id_rsa user:password@hostname
You can see the contents of the configuration file by using the following command:
# cat /tmp/sshrsh_hostfile user1:password1@hostname1 user2:password2@hostname2 user3:password3@hostname3 user4:password4@hostname4 # all default: check ssh connection with local user hostname5 The following exit values are returned: 0 Successful completion. 1 Command syntax error. 2 Ssh or rsh binaries do not exist. 3 Ssh or rsh service is down on the remote machine. 4 Ssh or rsh command execution is denied due to password is required. 5 Invalid password is provided. 255 Other unknown error.