Topics: HMC, Security

Secure shell access to HMC

If you wish to be able to access an HMC from the command line, without the need of logging in, you can use ssh (secure shell).

Set-up a secure shell connection to your HMC:

# ssh userid@hostname
You will have to enter a password to get into your HMC.

To allow your root user direct access to the HMC without the need of logging in, you'll have to update the authorized_keys2 file in the .ssh subdirectory of the home directory of your HMC user. There's a problem: a regular user only gets a restricted shell on an HMC and therefore is unable to edit the authorized_keys2 file in subdirectory .ssh. In an HMC version 3 it is possible to disable the restricted shell for users by editing file /opt/hsc/data/ssh/hmcsshrc. In an HMC version 4 and up you no longer get root access (except, you may get it, by contacting IBM), so you can no longer edit this file.

But there's another way to accomplish it.

Let's say your hmc user ID is hmcuser and you were able to logon to the HMC called hmcsystem using this ID and a password (like described above).

First, get a valid authorized_keys2 file, that allows root at your current host access to the HMC. Place this file in /tmp.

Then, use scp to copy the authorized_keys2 file to the HMC:
# scp /tmp/authorized_keys2 hmcuser@hmcsystem:~hmcuser/.ssh/authorized_keys2
[Enter your hmcuser's password, when required]

Now, just test if it works:
# ssh hmcuser@hmcsystem date
You should now be able to access the system without entering a password.

If you found this useful, here's more on the same topic(s) in our blog:

UNIX Health Check delivers software to scan Linux and AIX systems for potential issues. Run our software on your system, and receive a report in just a few minutes. UNIX Health Check is an automated check list. It will report on perfomance, capacity, stability and security issues. It will alert on configurations that can be improved per best practices, or items that should be improved per audit guidelines. A report will be generated in the format you wish, and the report includes the issues discovered and information on how to solve the issues as well.

Interested in learning more?