AIX

My old vio servers that I setup over 10 years ago are about to be retired and we've setup new vio servers with code level 3.1.3.14.  On the old vio servers, I used rsh to connect and pull errpt and general stats using scripts (I know rsh is bad).  Now I want to do it the right way on my new vio servers using ssh without having to make too many changes to my current scripts.   If you have done something like this, what user did you use on the vio server to set this up?  Again, my goal is to be able to pull the errpt.  Did you run into any issues getting it to not prompt for password?

------------------------------
Norman Owens
Open Systems Architect
Mohawk Industries
------------------------------

Norman,

This is pretty simple to implement with SSH keys for padmin. Search
for "passwordless ssh key login".

There are many additional layers of security you can add, but a basic
passwordless key with SSH in ~padmin/.ssh/authorized_keys will be
wildly more secure than RSH.

Then you can do:

ssh -i the-padmin-key padmin@VIO1 errlog (or errpt)

You'll encounter issues with commands that use the VIO specific ioscli
wrapper. Look them up in the .profile, it's all aliases.

Thanks.

On Thu, Apr 14, 2022 at 02:52:07PM +0000, Norman Owens via IBM Community wrote:
> My old vio servers that I setup over 10 years ago are about to be retired and we've setup new vio servers with code level 3.1.3.14. On the old vio servers, I used rsh to connect and pull errpt and general stats using scripts (I know rsh is bad). Now I want to do it the right way on my new vio servers using ssh without having to make too many changes to my current scripts. If you have done something like this, what user did you use on the vio server to set this up? Again, my goal is to be able to pull the errpt. Did you run into any issues getting it to not prompt for password?
>
> ------------------------------
> Norman Owens
> Open Systems Architect
> Mohawk Industries
> ------------------------------
>
>
> Reply to Sender : https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6049&MID=252992&SenderKey=d5c2c5d7-723b-4444-a53e-647b7a662057
>
> Reply to Discussion : https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6049&MID=252992
>
>
>
> You are subscribed to "AIX" as Russell.Adams@AdamsSystems.nl. To change your subscriptions, go to http://community.ibm.com/community/user/preferences?section=Subscriptions. To unsubscribe from this community discussion, go to http://community.ibm.com/HigherLogic/eGroups/Unsubscribe.aspx?UserKey=c23dfccc-9910-40ae-beeb-fdcbced5bf1f&sKey=KeyRemoved&GroupKey=7b554d78-d4dc-417a-b4dc-017e309e5c91.


------------------------------------------------------------------
Russell Adams Russell.Adams@AdamsSystems.nl
Principal Consultant Adams Systems Consultancy
https://adamssystems.nl/


Original Message:
Sent: 4/14/2022 10:52:00 AM
From: Norman Owens
Subject: Has anyone setup ssh public key password-less authentication on VIO server?

My old vio servers that I setup over 10 years ago are about to be retired and we've setup new vio servers with code level 3.1.3.14.  On the old vio servers, I used rsh to connect and pull errpt and general stats using scripts (I know rsh is bad).  Now I want to do it the right way on my new vio servers using ssh without having to make too many changes to my current scripts.   If you have done something like this, what user did you use on the vio server to set this up?  Again, my goal is to be able to pull the errpt.  Did you run into any issues getting it to not prompt for password?

------------------------------
Norman Owens
Open Systems Architect
Mohawk Industries
------------------------------

Russell,
Thanks for the info.  I was playing around with padmin late last night.  And I kept getting prompted for password.  I generally create a rsa key when I set this up on other servers.  Is the vio server looking for a diff key type?

------------------------------
Norman Owens
Open Systems Architect
Mohawk Industries
------------------------------

Original Message:
Sent: Thu April 14, 2022 11:08 AM
From: Russell Adams
Subject: Has anyone setup ssh public key password-less authentication on VIO server?

Norman,

This is pretty simple to implement with SSH keys for padmin. Search
for "passwordless ssh key login".

There are many additional layers of security you can add, but a basic
passwordless key with SSH in ~padmin/.ssh/authorized_keys will be
wildly more secure than RSH.

Then you can do:

ssh -i the-padmin-key padmin@VIO1 errlog (or errpt)

You'll encounter issues with commands that use the VIO specific ioscli
wrapper. Look them up in the .profile, it's all aliases.

Thanks.

On Thu, Apr 14, 2022 at 02:52:07PM +0000, Norman Owens via IBM Community wrote:
> My old vio servers that I setup over 10 years ago are about to be retired and we've setup new vio servers with code level 3.1.3.14. On the old vio servers, I used rsh to connect and pull errpt and general stats using scripts (I know rsh is bad). Now I want to do it the right way on my new vio servers using ssh without having to make too many changes to my current scripts. If you have done something like this, what user did you use on the vio server to set this up? Again, my goal is to be able to pull the errpt. Did you run into any issues getting it to not prompt for password?
>
> ------------------------------
> Norman Owens
> Open Systems Architect
> Mohawk Industries
> ------------------------------
>
>
> Reply to Sender : https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6049&MID=252992&SenderKey=d5c2c5d7-723b-4444-a53e-647b7a662057
>
> Reply to Discussion : https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6049&MID=252992
>
>
>
> You are subscribed to "AIX" as Russell.Adams@AdamsSystems.nl. To change your subscriptions, go to http://community.ibm.com/community/user/preferences?section=Subscriptions. To unsubscribe from this community discussion, go to http://community.ibm.com/HigherLogic/eGroups/Unsubscribe.aspx?UserKey=c23dfccc-9910-40ae-beeb-fdcbced5bf1f&sKey=KeyRemoved&GroupKey=7b554d78-d4dc-417a-b4dc-017e309e5c91.


------------------------------------------------------------------
Russell Adams Russell.Adams@AdamsSystems.nl
Principal Consultant Adams Systems Consultancy
https://adamssystems.nl/


Original Message:
Sent: 4/14/2022 10:52:00 AM
From: Norman Owens
Subject: Has anyone setup ssh public key password-less authentication on VIO server?

My old vio servers that I setup over 10 years ago are about to be retired and we've setup new vio servers with code level 3.1.3.14.  On the old vio servers, I used rsh to connect and pull errpt and general stats using scripts (I know rsh is bad).  Now I want to do it the right way on my new vio servers using ssh without having to make too many changes to my current scripts.   If you have done something like this, what user did you use on the vio server to set this up?  Again, my goal is to be able to pull the errpt.  Did you run into any issues getting it to not prompt for password?

------------------------------
Norman Owens
Open Systems Architect
Mohawk Industries
------------------------------

Norman,

I'd make a 4096 bit RSA key with ssh-keygen, and add it to padmin's
/home/padmin/.ssh/authorized_keys. Make sure that's owned by padmin
(not root) and locked down to only r/w by padmin. DSA keys may be
disabled.

Also you can verify that the key doesn't have copy/paste errors by
using ssh-keygen to list fingerprints.

ssh-keygen -l -f /home/padmin/.ssh/authorized_keys

If it doesn't work, maybe paste 'ssh -vvv -i key padmin@VIO date' ?

Thanks.

On Thu, Apr 14, 2022 at 03:26:09PM +0000, Norman Owens via IBM Community wrote:
> Russell,
> Thanks for the info. I was playing around with padmin late last night. And I kept getting prompted for password. I generally create a rsa key when I set this up on other servers. Is the vio server looking for a diff key type?
>
> ------------------------------
> Norman Owens
> Open Systems Architect
> Mohawk Industries
> ------------------------------
> -------------------------------------------
> Original Message:
> Sent: Thu April 14, 2022 11:08 AM
> From: Russell Adams
> Subject: Has anyone setup ssh public key password-less authentication on VIO server?
>
> Norman,
>
> This is pretty simple to implement with SSH keys for padmin. Search
> for "passwordless ssh key login".
>
> There are many additional layers of security you can add, but a basic
> passwordless key with SSH in ~padmin/.ssh/authorized_keys will be
> wildly more secure than RSH.
>
> Then you can do:
>
> ssh -i the-padmin-key padmin@VIO1 errlog (or errpt)
>
> You'll encounter issues with commands that use the VIO specific ioscli
> wrapper. Look them up in the .profile, it's all aliases.
>
> Thanks.
>
> On Thu, Apr 14, 2022 at 02:52:07PM +0000, Norman Owens via IBM Community wrote:
> > My old vio servers that I setup over 10 years ago are about to be retired and we've setup new vio servers with code level 3.1.3.14. On the old vio servers, I used rsh to connect and pull errpt and general stats using scripts (I know rsh is bad). Now I want to do it the right way on my new vio servers using ssh without having to make too many changes to my current scripts. If you have done something like this, what user did you use on the vio server to set this up? Again, my goal is to be able to pull the errpt. Did you run into any issues getting it to not prompt for password?
> >
> > ------------------------------
> > Norman Owens
> > Open Systems Architect
> > Mohawk Industries
> > ------------------------------
> >
> >
> > Reply to Sender : https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6049&MID=252992&SenderKey=d5c2c5d7-723b-4444-a53e-647b7a662057 <https: community.ibm.com/community/user/egroups/postreply?groupid="6049&MID=252992&SenderKey=d5c2c5d7-723b-4444-a53e-647b7a662057">
> >
> > Reply to Discussion : https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6049&MID=252992 <https: community.ibm.com/community/user/egroups/postreply?groupid="6049&MID=252992">
> >
> >
> >
> > You are subscribed to "AIX" as Russell.Adams@AdamsSystems.nl <russell.adams@adamssystems.nl>. To change your subscriptions, go to http://community.ibm.com/community/user/preferences?section=Subscriptions. <http: community.ibm.com/community/user/preferences?section="Subscriptions."> To unsubscribe from this community discussion, go to http://community.ibm.com/HigherLogic/eGroups/Unsubscribe.aspx?UserKey=c23dfccc-9910-40ae-beeb-fdcbced5bf1f&sKey=KeyRemoved&GroupKey=7b554d78-d4dc-417a-b4dc-017e309e5c91. <http: community.ibm.com/higherlogic/egroups/unsubscribe.aspx?userkey="c23dfccc-9910-40ae-beeb-fdcbced5bf1f&sKey=KeyRemoved&GroupKey=7b554d78-d4dc-417a-b4dc-017e309e5c91.">
>
>
> ------------------------------------------------------------------
> Russell Adams Russell.Adams@AdamsSystems.nl <russell.adams@adamssystems.nl>
> Principal Consultant Adams Systems Consultancy
> https://adamssystems.nl/ <https: adamssystems.nl/="">
>
>
> Original Message:
> Sent: 4/14/2022 10:52:00 AM
> From: Norman Owens
> Subject: Has anyone setup ssh public key password-less authentication on VIO server?
>
> My old vio servers that I setup over 10 years ago are about to be retired and we've setup new vio servers with code level 3.1.3.14. On the old vio servers, I used rsh to connect and pull errpt and general stats using scripts (I know rsh is bad). Now I want to do it the right way on my new vio servers using ssh without having to make too many changes to my current scripts. If you have done something like this, what user did you use on the vio server to set this up? Again, my goal is to be able to pull the errpt. Did you run into any issues getting it to not prompt for password?
>
> ------------------------------
> Norman Owens
> Open Systems Architect
> Mohawk Industries
> ------------------------------
>
>
> Reply to Sender : https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6049&MID=252997&SenderKey=d5c2c5d7-723b-4444-a53e-647b7a662057
>
> Reply to Discussion : https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6049&MID=252997
>
>
>
> You are subscribed to "AIX" as Russell.Adams@AdamsSystems.nl. To change your subscriptions, go to http://community.ibm.com/community/user/preferences?section=Subscriptions. To unsubscribe from this community discussion, go to http://community.ibm.com/HigherLogic/eGroups/Unsubscribe.aspx?UserKey=c23dfccc-9910-40ae-beeb-fdcbced5bf1f&sKey=KeyRemoved&GroupKey=7b554d78-d4dc-417a-b4dc-017e309e5c91.


------------------------------------------------------------------
Russell Adams Russell.Adams@AdamsSystems.nl
Principal Consultant Adams Systems Consultancy
https://adamssystems.nl/


Original Message:
Sent: 4/14/2022 11:26:00 AM
From: Norman Owens
Subject: RE: Has anyone setup ssh public key password-less authentication on VIO server?

Russell,
Thanks for the info.  I was playing around with padmin late last night.  And I kept getting prompted for password.  I generally create a rsa key when I set this up on other servers.  Is the vio server looking for a diff key type?

------------------------------
Norman Owens
Open Systems Architect
Mohawk Industries
------------------------------

Original Message:
Sent: Thu April 14, 2022 11:08 AM
From: Russell Adams
Subject: Has anyone setup ssh public key password-less authentication on VIO server?

Norman,

This is pretty simple to implement with SSH keys for padmin. Search
for "passwordless ssh key login".

There are many additional layers of security you can add, but a basic
passwordless key with SSH in ~padmin/.ssh/authorized_keys will be
wildly more secure than RSH.

Then you can do:

ssh -i the-padmin-key padmin@VIO1 errlog (or errpt)

You'll encounter issues with commands that use the VIO specific ioscli
wrapper. Look them up in the .profile, it's all aliases.

Thanks.

On Thu, Apr 14, 2022 at 02:52:07PM +0000, Norman Owens via IBM Community wrote:
> My old vio servers that I setup over 10 years ago are about to be retired and we've setup new vio servers with code level 3.1.3.14. On the old vio servers, I used rsh to connect and pull errpt and general stats using scripts (I know rsh is bad). Now I want to do it the right way on my new vio servers using ssh without having to make too many changes to my current scripts. If you have done something like this, what user did you use on the vio server to set this up? Again, my goal is to be able to pull the errpt. Did you run into any issues getting it to not prompt for password?
>
> ------------------------------
> Norman Owens
> Open Systems Architect
> Mohawk Industries
> ------------------------------
>
>
> Reply to Sender : https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6049&MID=252992&SenderKey=d5c2c5d7-723b-4444-a53e-647b7a662057
>
> Reply to Discussion : https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6049&MID=252992
>
>
>
> You are subscribed to "AIX" as Russell.Adams@AdamsSystems.nl. To change your subscriptions, go to http://community.ibm.com/community/user/preferences?section=Subscriptions. To unsubscribe from this community discussion, go to http://community.ibm.com/HigherLogic/eGroups/Unsubscribe.aspx?UserKey=c23dfccc-9910-40ae-beeb-fdcbced5bf1f&sKey=KeyRemoved&GroupKey=7b554d78-d4dc-417a-b4dc-017e309e5c91.


------------------------------------------------------------------
Russell Adams Russell.Adams@AdamsSystems.nl
Principal Consultant Adams Systems Consultancy
https://adamssystems.nl/


Original Message:
Sent: 4/14/2022 10:52:00 AM
From: Norman Owens
Subject: Has anyone setup ssh public key password-less authentication on VIO server?

My old vio servers that I setup over 10 years ago are about to be retired and we've setup new vio servers with code level 3.1.3.14.  On the old vio servers, I used rsh to connect and pull errpt and general stats using scripts (I know rsh is bad).  Now I want to do it the right way on my new vio servers using ssh without having to make too many changes to my current scripts.   If you have done something like this, what user did you use on the vio server to set this up?  Again, my goal is to be able to pull the errpt.  Did you run into any issues getting it to not prompt for password?

------------------------------
Norman Owens
Open Systems Architect
Mohawk Industries
------------------------------
</https:></russell.adams@adamssystems.nl></http:></http:></russell.adams@adamssystems.nl></https:></https:>

Russell,
This is funny, I had to share it. 

When I login to my newly built vio server (version 3.1.3.14), these are the files that I see in .ssh directory:

padmin: [/home/padmin]
--> ls .ssh
authorized_keys2 environment

When I put sshd in debug mode to try and figure out why my passwordless authentication is failing, this is what I get:

debug1: trying public key file /home/padmin/.ssh/authorized_keys
debug1: Could not open authorized keys '/home/padmin/.ssh/authorized_keys': A file or directory in the path name does not exist.

So its looking for authorized_keys not authorized_keys2.  I renamed the file and it works fine!




------------------------------
Norman Owens
Open Systems Architect
Mohawk Industries
------------------------------

Original Message:
Sent: Thu April 14, 2022 11:08 AM
From: Russell Adams
Subject: Has anyone setup ssh public key password-less authentication on VIO server?

Norman,

This is pretty simple to implement with SSH keys for padmin. Search
for "passwordless ssh key login".

There are many additional layers of security you can add, but a basic
passwordless key with SSH in ~padmin/.ssh/authorized_keys will be
wildly more secure than RSH.

Then you can do:

ssh -i the-padmin-key padmin@VIO1 errlog (or errpt)

You'll encounter issues with commands that use the VIO specific ioscli
wrapper. Look them up in the .profile, it's all aliases.

Thanks.

On Thu, Apr 14, 2022 at 02:52:07PM +0000, Norman Owens via IBM Community wrote:
> My old vio servers that I setup over 10 years ago are about to be retired and we've setup new vio servers with code level 3.1.3.14. On the old vio servers, I used rsh to connect and pull errpt and general stats using scripts (I know rsh is bad). Now I want to do it the right way on my new vio servers using ssh without having to make too many changes to my current scripts. If you have done something like this, what user did you use on the vio server to set this up? Again, my goal is to be able to pull the errpt. Did you run into any issues getting it to not prompt for password?
>
> ------------------------------
> Norman Owens
> Open Systems Architect
> Mohawk Industries
> ------------------------------
>
>
> Reply to Sender : https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6049&MID=252992&SenderKey=d5c2c5d7-723b-4444-a53e-647b7a662057
>
> Reply to Discussion : https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6049&MID=252992
>
>
>
> You are subscribed to "AIX" as Russell.Adams@AdamsSystems.nl. To change your subscriptions, go to http://community.ibm.com/community/user/preferences?section=Subscriptions. To unsubscribe from this community discussion, go to http://community.ibm.com/HigherLogic/eGroups/Unsubscribe.aspx?UserKey=c23dfccc-9910-40ae-beeb-fdcbced5bf1f&sKey=KeyRemoved&GroupKey=7b554d78-d4dc-417a-b4dc-017e309e5c91.


------------------------------------------------------------------
Russell Adams Russell.Adams@AdamsSystems.nl
Principal Consultant Adams Systems Consultancy
https://adamssystems.nl/


Original Message:
Sent: 4/14/2022 10:52:00 AM
From: Norman Owens
Subject: Has anyone setup ssh public key password-less authentication on VIO server?

My old vio servers that I setup over 10 years ago are about to be retired and we've setup new vio servers with code level 3.1.3.14.  On the old vio servers, I used rsh to connect and pull errpt and general stats using scripts (I know rsh is bad).  Now I want to do it the right way on my new vio servers using ssh without having to make too many changes to my current scripts.   If you have done something like this, what user did you use on the vio server to set this up?  Again, my goal is to be able to pull the errpt.  Did you run into any issues getting it to not prompt for password?

------------------------------
Norman Owens
Open Systems Architect
Mohawk Industries
------------------------------

Norman,

Excellent! Glad it works.

On Thu, Apr 14, 2022 at 05:57:45PM +0000, Norman Owens via IBM Community wrote:
> Russell,
> This is funny, I had to share it.
>
> When I login to my newly built vio server (version 3.1.3.14), these are the files that I see in .ssh directory:
>
> padmin: [/home/padmin]
> --> ls .ssh
> authorized_keys2 environment
>
> When I put sshd in debug mode to try and figure out why my passwordless authentication is failing, this is what I get:
>
>
>
> debug1: trying public key file /home/padmin/.ssh/authorized_keys
> debug1: Could not open authorized keys '/home/padmin/.ssh/authorized_keys': A file or directory in the path name does not exist.
>
> So its looking for authorized_keys not authorized_keys2. I renamed the file and it works fine!
>
>
>
>
> ------------------------------
> Norman Owens
> Open Systems Architect
> Mohawk Industries
> ------------------------------
> -------------------------------------------
> Original Message:
> Sent: Thu April 14, 2022 11:08 AM
> From: Russell Adams
> Subject: Has anyone setup ssh public key password-less authentication on VIO server?
>
> Norman,
>
> This is pretty simple to implement with SSH keys for padmin. Search
> for "passwordless ssh key login".
>
> There are many additional layers of security you can add, but a basic
> passwordless key with SSH in ~padmin/.ssh/authorized_keys will be
> wildly more secure than RSH.
>
> Then you can do:
>
> ssh -i the-padmin-key padmin@VIO1 errlog (or errpt)
>
> You'll encounter issues with commands that use the VIO specific ioscli
> wrapper. Look them up in the .profile, it's all aliases.
>
> Thanks.
>
> On Thu, Apr 14, 2022 at 02:52:07PM +0000, Norman Owens via IBM Community wrote:
> > My old vio servers that I setup over 10 years ago are about to be retired and we've setup new vio servers with code level 3.1.3.14. On the old vio servers, I used rsh to connect and pull errpt and general stats using scripts (I know rsh is bad). Now I want to do it the right way on my new vio servers using ssh without having to make too many changes to my current scripts. If you have done something like this, what user did you use on the vio server to set this up? Again, my goal is to be able to pull the errpt. Did you run into any issues getting it to not prompt for password?
> >
> > ------------------------------
> > Norman Owens
> > Open Systems Architect
> > Mohawk Industries
> > ------------------------------
> >
> >
> > Reply to Sender : https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6049&MID=252992&SenderKey=d5c2c5d7-723b-4444-a53e-647b7a662057 <https: community.ibm.com/community/user/egroups/postreply?groupid="6049&MID=252992&SenderKey=d5c2c5d7-723b-4444-a53e-647b7a662057">
> >
> > Reply to Discussion : https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6049&MID=252992 <https: community.ibm.com/community/user/egroups/postreply?groupid="6049&MID=252992">
> >
> >
> >
> > You are subscribed to "AIX" as Russell.Adams@AdamsSystems.nl <russell.adams@adamssystems.nl>. To change your subscriptions, go to http://community.ibm.com/community/user/preferences?section=Subscriptions. <http: community.ibm.com/community/user/preferences?section="Subscriptions."> To unsubscribe from this community discussion, go to http://community.ibm.com/HigherLogic/eGroups/Unsubscribe.aspx?UserKey=c23dfccc-9910-40ae-beeb-fdcbced5bf1f&sKey=KeyRemoved&GroupKey=7b554d78-d4dc-417a-b4dc-017e309e5c91. <http: community.ibm.com/higherlogic/egroups/unsubscribe.aspx?userkey="c23dfccc-9910-40ae-beeb-fdcbced5bf1f&sKey=KeyRemoved&GroupKey=7b554d78-d4dc-417a-b4dc-017e309e5c91.">
>
>
> ------------------------------------------------------------------
> Russell Adams Russell.Adams@AdamsSystems.nl <russell.adams@adamssystems.nl>
> Principal Consultant Adams Systems Consultancy
> https://adamssystems.nl/ <https: adamssystems.nl/="">
>
>
> Original Message:
> Sent: 4/14/2022 10:52:00 AM
> From: Norman Owens
> Subject: Has anyone setup ssh public key password-less authentication on VIO server?
>
> My old vio servers that I setup over 10 years ago are about to be retired and we've setup new vio servers with code level 3.1.3.14. On the old vio servers, I used rsh to connect and pull errpt and general stats using scripts (I know rsh is bad). Now I want to do it the right way on my new vio servers using ssh without having to make too many changes to my current scripts. If you have done something like this, what user did you use on the vio server to set this up? Again, my goal is to be able to pull the errpt. Did you run into any issues getting it to not prompt for password?
>
> ------------------------------
> Norman Owens
> Open Systems Architect
> Mohawk Industries
> ------------------------------
>
>
> Reply to Sender : https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6049&MID=253015&SenderKey=d5c2c5d7-723b-4444-a53e-647b7a662057
>
> Reply to Discussion : https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6049&MID=253015
>
>
>
> You are subscribed to "AIX" as Russell.Adams@AdamsSystems.nl. To change your subscriptions, go to http://community.ibm.com/community/user/preferences?section=Subscriptions. To unsubscribe from this community discussion, go to http://community.ibm.com/HigherLogic/eGroups/Unsubscribe.aspx?UserKey=c23dfccc-9910-40ae-beeb-fdcbced5bf1f&sKey=KeyRemoved&GroupKey=7b554d78-d4dc-417a-b4dc-017e309e5c91.


------------------------------------------------------------------
Russell Adams Russell.Adams@AdamsSystems.nl
Principal Consultant Adams Systems Consultancy
https://adamssystems.nl/


Original Message:
Sent: 4/14/2022 1:58:00 PM
From: Norman Owens
Subject: RE: Has anyone setup ssh public key password-less authentication on VIO server?

Russell,
This is funny, I had to share it. 

When I login to my newly built vio server (version 3.1.3.14), these are the files that I see in .ssh directory:

padmin: [/home/padmin]
--> ls .ssh
authorized_keys2 environment

When I put sshd in debug mode to try and figure out why my passwordless authentication is failing, this is what I get:

debug1: trying public key file /home/padmin/.ssh/authorized_keys
debug1: Could not open authorized keys '/home/padmin/.ssh/authorized_keys': A file or directory in the path name does not exist.

So its looking for authorized_keys not authorized_keys2.  I renamed the file and it works fine!




------------------------------
Norman Owens
Open Systems Architect
Mohawk Industries
------------------------------

Original Message:
Sent: Thu April 14, 2022 11:08 AM
From: Russell Adams
Subject: Has anyone setup ssh public key password-less authentication on VIO server?

Norman,

This is pretty simple to implement with SSH keys for padmin. Search
for "passwordless ssh key login".

There are many additional layers of security you can add, but a basic
passwordless key with SSH in ~padmin/.ssh/authorized_keys will be
wildly more secure than RSH.

Then you can do:

ssh -i the-padmin-key padmin@VIO1 errlog (or errpt)

You'll encounter issues with commands that use the VIO specific ioscli
wrapper. Look them up in the .profile, it's all aliases.

Thanks.

On Thu, Apr 14, 2022 at 02:52:07PM +0000, Norman Owens via IBM Community wrote:
> My old vio servers that I setup over 10 years ago are about to be retired and we've setup new vio servers with code level 3.1.3.14. On the old vio servers, I used rsh to connect and pull errpt and general stats using scripts (I know rsh is bad). Now I want to do it the right way on my new vio servers using ssh without having to make too many changes to my current scripts. If you have done something like this, what user did you use on the vio server to set this up? Again, my goal is to be able to pull the errpt. Did you run into any issues getting it to not prompt for password?
>
> ------------------------------
> Norman Owens
> Open Systems Architect
> Mohawk Industries
> ------------------------------
>
>
> Reply to Sender : https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6049&MID=252992&SenderKey=d5c2c5d7-723b-4444-a53e-647b7a662057
>
> Reply to Discussion : https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6049&MID=252992
>
>
>
> You are subscribed to "AIX" as Russell.Adams@AdamsSystems.nl. To change your subscriptions, go to http://community.ibm.com/community/user/preferences?section=Subscriptions. To unsubscribe from this community discussion, go to http://community.ibm.com/HigherLogic/eGroups/Unsubscribe.aspx?UserKey=c23dfccc-9910-40ae-beeb-fdcbced5bf1f&sKey=KeyRemoved&GroupKey=7b554d78-d4dc-417a-b4dc-017e309e5c91.


------------------------------------------------------------------
Russell Adams Russell.Adams@AdamsSystems.nl
Principal Consultant Adams Systems Consultancy
https://adamssystems.nl/


Original Message:
Sent: 4/14/2022 10:52:00 AM
From: Norman Owens
Subject: Has anyone setup ssh public key password-less authentication on VIO server?

My old vio servers that I setup over 10 years ago are about to be retired and we've setup new vio servers with code level 3.1.3.14.  On the old vio servers, I used rsh to connect and pull errpt and general stats using scripts (I know rsh is bad).  Now I want to do it the right way on my new vio servers using ssh without having to make too many changes to my current scripts.   If you have done something like this, what user did you use on the vio server to set this up?  Again, my goal is to be able to pull the errpt.  Did you run into any issues getting it to not prompt for password?

------------------------------
Norman Owens
Open Systems Architect
Mohawk Industries
------------------------------
</https:></russell.adams@adamssystems.nl></http:></http:></russell.adams@adamssystems.nl></https:></https:>