Topics: AIX, HMC, System Admin

HMC Access & Security Issues

As of Hardware Management Console (HMC) Release 3, Version 2.3, the rexec command is no longer available on the HMC. Use ssh command instead. From Version 2.5, users are required to enter a valid HMC user id/password when downloading the WebSM client from the HMC. The URL for the WebSM client is: http://[HMC fully qualified domain name]/remote_client.html.

Standard users receive the restriced shell via a set -r in .mysshrc when logging in. Comment the set -r command in /opt/hsc/data/ssh/hmcsshrc to get rid of the restricted shell for your users (it gets copied to $HOME/.mysshrc). For more information on commands that can be used in restriced shell on the HMC, go to HMC Power 4 Hints & Tips.

A special hscpe user ID can be created which has unrestricted shell access via the pesh command. Use lshmc -v to determine the serial number of the HMC (after *SE). Then call IBM support and request for the password of the hscpe user for the pesh command. IBM is able to generate a password for the hscpe user for one day.

If you found this useful, here's more on the same topic(s) in our blog:

UNIX Health Check delivers software to scan Linux and AIX systems for potential issues. Run our software on your system, and receive a report in just a few minutes. UNIX Health Check is an automated check list. It will report on perfomance, capacity, stability and security issues. It will alert on configurations that can be improved per best practices, or items that should be improved per audit guidelines. A report will be generated in the format you wish, and the report includes the issues discovered and information on how to solve the issues as well.

Interested in learning more?