This Article is must read for IT Professionals
http://www.computerweekly.com/Articles/2008/11/07/233269/it-job-market-in-recession.htm
Wednesday, November 19, 2008
Wednesday, November 12, 2008
List of Find Commands in case needed
Introduction
The find command allows the Unix user to process a set of files and/or directories in a file subtree.
You can specify the following:
where to search (pathname)
what type of file to search for (-type: directories, data files, links)
how to process the files (-exec: run a process against a selected file)
the name of the file(s) (-name)
perform logical operations on selections (-o and -a)
Search for file with a specific name in a set of files (-name)
find . -name "rc.conf" -print
This command will search in the current directory and all sub directories for a file named rc.conf.
Note: The -print option will print out the path of any file that is found with that name. In general -print wil print out the path of any file that meets the find criteria.
How to apply a unix command to a set of file (-exec).
find . -name "rc.conf" -exec chmod o+r '{}' \;
This command will search in the current directory and all sub directories. All files named rc.conf will be processed by the chmod -o+r command. The argument '{}' inserts each found file into the chmod command line. The \; argument indicates the exec command line has ended.
The end results of this command is all rc.conf files have the other permissions set to read access (if the operator is the owner of the file).
How to apply a complex selection of files (-o and -a).
find /usr/src -not \( -name "*,v" -o -name ".*,v" \) '{}' \; -print
This command will search in the /usr/src directory and all sub directories. All files that are of the form '*,v' and '.*,v' are excluded. Important arguments to note are:
-not means the negation of the expression that follows
\( means the start of a complex expression.
\) means the end of a complex expression.
-o means a logical or of a complex expression. In this case the complex expression is all files like '*,v' or '.*,v'
The above example is shows how to select all file that are not part of the RCS system. This is important when you want go through a source tree and modify all the source files... but ... you don't want to affect the RCS version control files.
How to search for a string in a selection of files (-exec grep ...).
find . -exec grep "www.athabasca" '{}' \; -print
This command will search in the current directory and all sub directories. All files that contain the string will have their path printed to standard output.
If you want to just find each file then pass it on for processing use the -q grep option. This finds the first occurrance of the search string. It then signals success to find and find continues searching for more files.
find . -exec grep -q "www.athabasca" '{}' \; -print
This command is very important for process a series of files that contain a specific string. You can then process each file appropriately. An example is find all html files with the string "www.athabascau.ca". You can then process the files with a sed script to change those occurrances of "www.athabascau.ca" with "intra.athabascau.ca".
The find command allows the Unix user to process a set of files and/or directories in a file subtree.
You can specify the following:
where to search (pathname)
what type of file to search for (-type: directories, data files, links)
how to process the files (-exec: run a process against a selected file)
the name of the file(s) (-name)
perform logical operations on selections (-o and -a)
Search for file with a specific name in a set of files (-name)
find . -name "rc.conf" -print
This command will search in the current directory and all sub directories for a file named rc.conf.
Note: The -print option will print out the path of any file that is found with that name. In general -print wil print out the path of any file that meets the find criteria.
How to apply a unix command to a set of file (-exec).
find . -name "rc.conf" -exec chmod o+r '{}' \;
This command will search in the current directory and all sub directories. All files named rc.conf will be processed by the chmod -o+r command. The argument '{}' inserts each found file into the chmod command line. The \; argument indicates the exec command line has ended.
The end results of this command is all rc.conf files have the other permissions set to read access (if the operator is the owner of the file).
How to apply a complex selection of files (-o and -a).
find /usr/src -not \( -name "*,v" -o -name ".*,v" \) '{}' \; -print
This command will search in the /usr/src directory and all sub directories. All files that are of the form '*,v' and '.*,v' are excluded. Important arguments to note are:
-not means the negation of the expression that follows
\( means the start of a complex expression.
\) means the end of a complex expression.
-o means a logical or of a complex expression. In this case the complex expression is all files like '*,v' or '.*,v'
The above example is shows how to select all file that are not part of the RCS system. This is important when you want go through a source tree and modify all the source files... but ... you don't want to affect the RCS version control files.
How to search for a string in a selection of files (-exec grep ...).
find . -exec grep "www.athabasca" '{}' \; -print
This command will search in the current directory and all sub directories. All files that contain the string will have their path printed to standard output.
If you want to just find each file then pass it on for processing use the -q grep option. This finds the first occurrance of the search string. It then signals success to find and find continues searching for more files.
find . -exec grep -q "www.athabasca" '{}' \; -print
This command is very important for process a series of files that contain a specific string. You can then process each file appropriately. An example is find all html files with the string "www.athabascau.ca". You can then process the files with a sed script to change those occurrances of "www.athabascau.ca" with "intra.athabascau.ca".
Configuring Tree in Novell E Directory
setup steps
? login on Box? # login root? # root’s password root123? # cd /software/eDirectory_8_7_3? # cd AIX/setup? # ./nds-install? it will ask for license agreement enter y? read the license and enter y.? it will ask for .nkf file enter y ? and give the path /software/eDirectory_8_7_3? It will install the eDirectory 8.7.3? Now go to cd /etc? Enter: ndsconfig new -t -n "o=\.com" -a "cn=Admin.o=\.com" -L 389 -l 636 -o 8008 -O 8010? It will configure the server and will create the tree COLES-MYER? After this install the Novell client on your local windows environment ? Install the ConsoleOne on windows local environment.? Reboot the system and login ? Now in windows local go to the startup->programs->Novell (Common)-> Novell LoginIt will open the window Give the following information User name : adminPassword : passwordTree : Context : o=\.comServer : Server Address
Now open the console one.
Got to Ldap Server - >right click -> go to the SSL/TLS configuration Tab-Uncheck require TLS for All Operation and apply
Got to LDAP Group - >right click -> go to the Genral Tab-Uncheck Require TLS for simple bind password.
? login on Box? # login root? # root’s password root123? # cd /software/eDirectory_8_7_3? # cd AIX/setup? # ./nds-install? it will ask for license agreement enter y? read the license and enter y.? it will ask for .nkf file enter y ? and give the path /software/eDirectory_8_7_3? It will install the eDirectory 8.7.3? Now go to cd /etc? Enter: ndsconfig new -t
Now open the console one.
Got to Ldap Server - >right click -> go to the SSL/TLS configuration Tab-Uncheck require TLS for All Operation and apply
Got to LDAP Group - >right click -> go to the Genral Tab-Uncheck Require TLS for simple bind password.
Sample Script for creating Queue and Channels
Queue-
DEFINE QLOCAL (ILS.CARRIER_APPOINTMENT_INBOUND) DESCR('WebSphere MQ Default Local Queue') PUT(ENABLED) USAGE (NORMAL);
Channel :-
DEFINE CHANNEL("Channel Name") CHLTYPE(SVRCONN) TRPTYPE(TCP) MCAUSER('mqm');
DEFINE QLOCAL (ILS.CARRIER_APPOINTMENT_INBOUND) DESCR('WebSphere MQ Default Local Queue') PUT(ENABLED) USAGE (NORMAL);
Channel :-
DEFINE CHANNEL("Channel Name") CHLTYPE(SVRCONN) TRPTYPE(TCP) MCAUSER('mqm');
MQ Server Queue Manager Creation and Setup
Document to Install Create Queues Channels, Clusters and Browse Queues through MQJExplorer
1. Create Queue manager
crtmqm -c "Queue Manager Name" -ll -q
2. Start Queue Manager
strmqm Queue Manager Name
3.Run MQSC to Verify Script Files for creating queue
runmqsc -v Queue Manager Name < "/usr/mqm/samp/QueueCreate.sh" > "/usr/mqm/samp/QueueCreate.out"
4. Run Mqsc to Create Queue :-
runmqsc Queue Manager Name < "/usr/mqm/samp/QueueCreate.sh" > "/usr/mqm/samp/QueueCreate.out"
5. Run MQSC to Verify Script Files for creating Channel
runmqsc -v Queue Manager Name < "/usr/mqm/samp/ChannelCreate.sh" > "/usr/mqm/samp/ChannelCreate.out"
6.run mqsc to create channel :-
runmqsc Queue Manager Name < "/usr/mqm/samp/ChannelCreate.sh" > "/usr/mqm/samp/ChannelCreate.out"
//After Creation all the Queues and Channels Alter Queue Manager
alter qmgr REPOS(DEFAULT_CLUSTER)
Connecting Queues by MQJExplorer :-
Completion Code 2, Reason 2059
1. Set the Channel by typing the Command at MQSC Command
define channel(SYSTEM.ADMIN.SVRCONN) chltype(SVRCONN) mcauser('mqm')
2. Start the Listener :-
runmqlsr -t tcp -m Q-Manager-Name -p 1415 &
endmqlsr -m Q-Manager-Name
3.Make Sure u have Started the Command Server “Use the strmqcsv command to start the command server for the specified queue manager. This enables WebSphere MQ to process commands sent to the command queue.”
strmqcsv
endmqcsv
3. Install MQJExplorer(for Accessing queues on AIX Box)
Connect by Selecting Remote Radio ButtonQueue Manager Name Machine Name
E.g. : Queue Manager Name :- Queue Manager NameMachine Name : ma-india62.asia.manh.com
Commonly Used Command
Displaying Queue/Channel Details.:-
Display queue()Display channel()
Deleting Queue/Channel :-
delete Qlocal/Qremote()delete channel()
Documents for Reference:-
1.For Referrence u can Refer MQFunctionAvaliable.doc 2. Look into script File QueueCreate.sh,ChannelCreate.sh for Creating Queues and Channels.3. amqaac04AIX (2).pdf4.mqjexplorer.zip
Useful Links:-
1.http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp?topic=/com.ibm.mq.csqzaf.doc/csqzaf0828.htm
2.http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp?topic=/com.ibm.mq.csqzaj.doc/csqzaj10.htm
1. Create Queue manager
crtmqm -c "Queue Manager Name" -ll -q
2. Start Queue Manager
strmqm Queue Manager Name
3.Run MQSC to Verify Script Files for creating queue
runmqsc -v Queue Manager Name < "/usr/mqm/samp/QueueCreate.sh" > "/usr/mqm/samp/QueueCreate.out"
4. Run Mqsc to Create Queue :-
runmqsc Queue Manager Name < "/usr/mqm/samp/QueueCreate.sh" > "/usr/mqm/samp/QueueCreate.out"
5. Run MQSC to Verify Script Files for creating Channel
runmqsc -v Queue Manager Name < "/usr/mqm/samp/ChannelCreate.sh" > "/usr/mqm/samp/ChannelCreate.out"
6.run mqsc to create channel :-
runmqsc Queue Manager Name < "/usr/mqm/samp/ChannelCreate.sh" > "/usr/mqm/samp/ChannelCreate.out"
//After Creation all the Queues and Channels Alter Queue Manager
alter qmgr REPOS(DEFAULT_CLUSTER)
Connecting Queues by MQJExplorer :-
Completion Code 2, Reason 2059
1. Set the Channel by typing the Command at MQSC Command
define channel(SYSTEM.ADMIN.SVRCONN) chltype(SVRCONN) mcauser('mqm')
2. Start the Listener :-
runmqlsr -t tcp -m Q-Manager-Name -p 1415 &
endmqlsr -m Q-Manager-Name
3.Make Sure u have Started the Command Server “Use the strmqcsv command to start the command server for the specified queue manager. This enables WebSphere MQ to process commands sent to the command queue.”
strmqcsv
endmqcsv
3. Install MQJExplorer(for Accessing queues on AIX Box)
Connect by Selecting Remote Radio ButtonQueue Manager Name Machine Name
E.g. : Queue Manager Name :- Queue Manager NameMachine Name : ma-india62.asia.manh.com
Commonly Used Command
Displaying Queue/Channel Details.:-
Display queue(
Deleting Queue/Channel :-
delete Qlocal/Qremote(
Documents for Reference:-
1.For Referrence u can Refer MQFunctionAvaliable.doc 2. Look into script File QueueCreate.sh,ChannelCreate.sh for Creating Queues and Channels.3. amqaac04AIX (2).pdf4.mqjexplorer.zip
Useful Links:-
1.http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp?topic=/com.ibm.mq.csqzaf.doc/csqzaf0828.htm
2.http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp?topic=/com.ibm.mq.csqzaj.doc/csqzaj10.htm
How to go about FTPS implementation at Web Methods
Obtaining OpenSSH
webMethods does not provide any OpenSSH software. The sample Integration
Server OpenSSH package contains only wrapper flow services for invoking a
command line tool. Therefore, you must obtain and install an OpenSSH
implementation before using the package described in the rest of this document.
The package was developed using OpenSSH, available for most platforms at the
following location
http://www.openssh.org/downloads/
If you are running Linux or other Unix platform, it is very likely already installed.
Windows users may find the Cygwin installation easiest to use. It is available at
http://www.cygwin.com/. Several commercial command line implementations are
also available, although the package may have to be changed to accommodate their
use.
Security considerations
Configuring OpenSSH as a server is beyond the scope of this document. Please
see the References section for information on this. A couple of general guidelines
for configuration of the SSH server, see the sshd man page for details on how to set
these options:
- Disallow port forwarding unless specifically required by the application
- Create unprivileged users for connections. Never use the root or Administrator
account.
- Limit the command set allowed to be run by the client using the ‘command=’
option in the authorized_keys file.
Installing the IS OpenSSH package:
The OpenSSH package is available for download from the Advantage website under
Best Practices -> Product Security Information:
http://advantage.webmethods.com/
Copy the OpenSSH.zip file into the replicate/incoming directory in the Integration
Server’s root directory. Open the Administrator, click on the Manage Packages
menu item, select Install Inbound Packages, and install the package.
Go to the serverroot/packages/OpenSSH/config directory and edit the
openssh.properties file to reflect the path to each SSH command. The defaults are
listed below. If you need to change any of them, you must reload the OpenSSH
package to pick up the changes. To disable a command, comment out the line
completely. Note that due to the nature of the ‘ssh’ command, it is not enabled by
default.
# SCP command
openssh.scpcmd=scp
#openssh.scpcmd=d:\\cygwin\\bin\\scp.exe
# SSH command (disabled by default)
#openssh.sshcmd=ssh
#openssh.sshcmd=d:\\cygwin\\bin\\ssh.exe
#openssh.sshcmd=/usr/local/bin/ssh
# SFTP command
#openssh.sftpcmd=d:\\cygwin\\bin\\sftp.exe
openssh.sftpcmd=sftp
The options.properties file defines global and host specific options for the SSH
commands you run. The default options are as follows. You may override global
settings in this file or on the command line.
# See openssh_config for details
# Global defaults for Integration Server
Host *
PasswordAuthentication no
StrictHostKeyChecking yes
Compression yes
BatchMode yes
IdentityFile openssh/intserv.rsa
Configuring OpenSSH
The Integration Server should have its own protected directory to store the identify
file used to perform SSH operations. The follow steps show an example of how to
set up a separate identify file for the Integration Server. These steps are for a Unix
server, but similar steps can be taken on a Windows server.
In the samples below, the machine running Integration Server is considered the
client machine and is labeled ‘ishost’. The remote server running SSH is labeled
‘remotehost’. Commands you type are in italics.
Setup the OpenSSH directory
Switch to the Integration Server root directory and create a new directory called
‘openssh’. Set permissions on the directory so that only the Integration Server can
access it.
ishost$ cd /opt/webmethods6/IntegrationServer
ishost$ mkdir openssh
ishost$ chmod 700 openssh
Creating an identify file
The following command is used to generate an identify file for the Integration Server.
Do not set a passphrase for the key, as the Integration Server has no way to
interactively enter one. If you choose a different directory or default identity file
name, you must update the package’s options.properties file with the new location.
The following commands create a 1024 bit RSA keypair.
Note: The intserv.rsa file should be treated like a password.
ishost$ ssh-keygen -b 1024 -f openssh/intserv.rsa -t rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in intserv.rsa.
Your public key has been saved in intserv.rsa.pub.
The key fingerprint is:
96:25:7a:2a:ba:7b:d6:f9:ad:42:5e:79:af:6d:d4:3b intserv@myserver
ishost $ ls openssh
intserv.rsa intserv.rsa.pub
Configuring key-based login to the remote server
In order to connect to the remote server using the identity key from the previous
step, you must make a couple of configuration changes to the remote server
machine.
First, login to the remote server. The first time you log in, you will likely get an
authenticity warning regarding an unknown host. SSH does this each time a host it
has never encountered before. You should verify this key out of band, a phone call
or email, with the remote server administrator. This check is to prevent man in the
middle attacks against SSH.
ishost$ ssh remotehost
The authenticity of host remotehost (10.1.1.1)' can't be established.
RSA key fingerprint is 9d:08:b5:00:9c:41:31:ed:ee:f5:4c:5f:85:de:3e:8d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ' remotehost, 10.1.1.1' (RSA) to the list of known
hosts.
Add the intserv.rsa.pub key to the .ssh/authorized_keys file on the remote host.
Create the file if it does not exist. The key must be on a single line. It will not be
recognized otherwise. Also, you must protect this file from access by others in order
for authentication to work.
Copy the public key to the remote system
ishost$ scp openssh/intserv.rsa.pub remotehost:.ssh/.
user@host password:
intserv.rsa.pub 100% ***************************** 243 00:00
ishost$ ssh remotehost
user@remotehost password:
remotehost $ vi .ssh/authorized_keys
remotehost $ chmod 400 .ssh/authorized_keys
remotehost $ cat .ssh/authorized_keys
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAyqqWc0QoaGx/ixCx9UUQt3N+/zZQ3rJcPZt6V2FVp8F2jJbOZlJS
dfEfvuQvv5wqI2mH3DOcduB6G6InTRiiNbInqla9cglBM8eptyrSSP6BHTX+Kak4ZtCzCp7MDuOegDFl
yDVTiL0ePJhJsoHkIIZTRBQe8opvd8UAAXU/7ys= user@ishost
remotehost $ exit
You should now be able to log in without a password.
ishost$ ssh –F packages/OpenSSH/config/options.properties remotehost
If you are still prompted for a password or the login fails, it may be helpful to set the
‘-v’ option to enable debugging. This option is available on the server side as well.
Services
The following is a summary of the services in the OpenSSH package. All services
return the following three strings:
status – return code from program, 0 is normal
error – error string from program
output – output from command
pub.openssh:scp
This service securely copies a file or group of files from the server running
Integration Server to a remote server.
Parameters:
Name Description
filename Name of local file to copy
remotehost Name of remote host
remotefile Name of remote file
extraparms Additional parameters to scp command, see manual page for
details. ‘-v’ is useful for debugging
timeout Amount of time to wait for command to complete (default = 30).
This will not be adequate for very large files.
pub.openssh:sftp
This service runs a batch mode sftp script. A sample script file to create a remote
directory called testdoc and copy the document to the remote server is as follows.
The ‘-‘ before the mkdir command tells the sftp server to ignore errors on directory
creation.
-mkdir testdocs
cd testdocs
put mydoc testdocs
This script copies the contents of remote directory ‘remotedir’ to ‘newdir’ on the
Integration Server host. If newdir exists, the copy fails. Prefix the ‘lmkdir’ command
with a ‘-‘ to ignore the directory creation error.
lmkdir newdir
lcd newdir
cd remotedir
mget *
Parameters:
Name Description
Remotehost Name of remote host
Batchcommands Batch script to run, see manual page
Extraparms Additional parameters to sftp command
Timeout Amount of time to wait for command to complete (default = 30)
See the man page for sftp for complete details on available sftp commands. It is not
currently possible to interactively script the sftp command.
pub.openssh:ssh
This service runs a command on the remote server.
This command is effectively a command shell on the remote server. You must
exercise great care in the commands you allow to execute on the remote
server as well as the permissions of the remote account. By default, the ssh
command is disabled.
Parameters:
Name Description
remotehost Name of remote host
remotecommand Remote command to run (e.g., ls)
extraparms Additional parameters to the ssh command
timeout Amount of time to wait for command to complete (default = 30)
webMethods does not provide any OpenSSH software. The sample Integration
Server OpenSSH package contains only wrapper flow services for invoking a
command line tool. Therefore, you must obtain and install an OpenSSH
implementation before using the package described in the rest of this document.
The package was developed using OpenSSH, available for most platforms at the
following location
http://www.openssh.org/downloads/
If you are running Linux or other Unix platform, it is very likely already installed.
Windows users may find the Cygwin installation easiest to use. It is available at
http://www.cygwin.com/. Several commercial command line implementations are
also available, although the package may have to be changed to accommodate their
use.
Security considerations
Configuring OpenSSH as a server is beyond the scope of this document. Please
see the References section for information on this. A couple of general guidelines
for configuration of the SSH server, see the sshd man page for details on how to set
these options:
- Disallow port forwarding unless specifically required by the application
- Create unprivileged users for connections. Never use the root or Administrator
account.
- Limit the command set allowed to be run by the client using the ‘command=’
option in the authorized_keys file.
Installing the IS OpenSSH package:
The OpenSSH package is available for download from the Advantage website under
Best Practices -> Product Security Information:
http://advantage.webmethods.com/
Copy the OpenSSH.zip file into the replicate/incoming directory in the Integration
Server’s root directory. Open the Administrator, click on the Manage Packages
menu item, select Install Inbound Packages, and install the package.
Go to the serverroot/packages/OpenSSH/config directory and edit the
openssh.properties file to reflect the path to each SSH command. The defaults are
listed below. If you need to change any of them, you must reload the OpenSSH
package to pick up the changes. To disable a command, comment out the line
completely. Note that due to the nature of the ‘ssh’ command, it is not enabled by
default.
# SCP command
openssh.scpcmd=scp
#openssh.scpcmd=d:\\cygwin\\bin\\scp.exe
# SSH command (disabled by default)
#openssh.sshcmd=ssh
#openssh.sshcmd=d:\\cygwin\\bin\\ssh.exe
#openssh.sshcmd=/usr/local/bin/ssh
# SFTP command
#openssh.sftpcmd=d:\\cygwin\\bin\\sftp.exe
openssh.sftpcmd=sftp
The options.properties file defines global and host specific options for the SSH
commands you run. The default options are as follows. You may override global
settings in this file or on the command line.
# See openssh_config for details
# Global defaults for Integration Server
Host *
PasswordAuthentication no
StrictHostKeyChecking yes
Compression yes
BatchMode yes
IdentityFile openssh/intserv.rsa
Configuring OpenSSH
The Integration Server should have its own protected directory to store the identify
file used to perform SSH operations. The follow steps show an example of how to
set up a separate identify file for the Integration Server. These steps are for a Unix
server, but similar steps can be taken on a Windows server.
In the samples below, the machine running Integration Server is considered the
client machine and is labeled ‘ishost’. The remote server running SSH is labeled
‘remotehost’. Commands you type are in italics.
Setup the OpenSSH directory
Switch to the Integration Server root directory and create a new directory called
‘openssh’. Set permissions on the directory so that only the Integration Server can
access it.
ishost$ cd /opt/webmethods6/IntegrationServer
ishost$ mkdir openssh
ishost$ chmod 700 openssh
Creating an identify file
The following command is used to generate an identify file for the Integration Server.
Do not set a passphrase for the key, as the Integration Server has no way to
interactively enter one. If you choose a different directory or default identity file
name, you must update the package’s options.properties file with the new location.
The following commands create a 1024 bit RSA keypair.
Note: The intserv.rsa file should be treated like a password.
ishost$ ssh-keygen -b 1024 -f openssh/intserv.rsa -t rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in intserv.rsa.
Your public key has been saved in intserv.rsa.pub.
The key fingerprint is:
96:25:7a:2a:ba:7b:d6:f9:ad:42:5e:79:af:6d:d4:3b intserv@myserver
ishost $ ls openssh
intserv.rsa intserv.rsa.pub
Configuring key-based login to the remote server
In order to connect to the remote server using the identity key from the previous
step, you must make a couple of configuration changes to the remote server
machine.
First, login to the remote server. The first time you log in, you will likely get an
authenticity warning regarding an unknown host. SSH does this each time a host it
has never encountered before. You should verify this key out of band, a phone call
or email, with the remote server administrator. This check is to prevent man in the
middle attacks against SSH.
ishost$ ssh remotehost
The authenticity of host remotehost (10.1.1.1)' can't be established.
RSA key fingerprint is 9d:08:b5:00:9c:41:31:ed:ee:f5:4c:5f:85:de:3e:8d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ' remotehost, 10.1.1.1' (RSA) to the list of known
hosts.
Add the intserv.rsa.pub key to the .ssh/authorized_keys file on the remote host.
Create the file if it does not exist. The key must be on a single line. It will not be
recognized otherwise. Also, you must protect this file from access by others in order
for authentication to work.
Copy the public key to the remote system
ishost$ scp openssh/intserv.rsa.pub remotehost:.ssh/.
user@host password:
intserv.rsa.pub 100% ***************************** 243 00:00
ishost$ ssh remotehost
user@remotehost password:
remotehost $ vi .ssh/authorized_keys
remotehost $ chmod 400 .ssh/authorized_keys
remotehost $ cat .ssh/authorized_keys
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAyqqWc0QoaGx/ixCx9UUQt3N+/zZQ3rJcPZt6V2FVp8F2jJbOZlJS
dfEfvuQvv5wqI2mH3DOcduB6G6InTRiiNbInqla9cglBM8eptyrSSP6BHTX+Kak4ZtCzCp7MDuOegDFl
yDVTiL0ePJhJsoHkIIZTRBQe8opvd8UAAXU/7ys= user@ishost
remotehost $ exit
You should now be able to log in without a password.
ishost$ ssh –F packages/OpenSSH/config/options.properties remotehost
If you are still prompted for a password or the login fails, it may be helpful to set the
‘-v’ option to enable debugging. This option is available on the server side as well.
Services
The following is a summary of the services in the OpenSSH package. All services
return the following three strings:
status – return code from program, 0 is normal
error – error string from program
output – output from command
pub.openssh:scp
This service securely copies a file or group of files from the server running
Integration Server to a remote server.
Parameters:
Name Description
filename Name of local file to copy
remotehost Name of remote host
remotefile Name of remote file
extraparms Additional parameters to scp command, see manual page for
details. ‘-v’ is useful for debugging
timeout Amount of time to wait for command to complete (default = 30).
This will not be adequate for very large files.
pub.openssh:sftp
This service runs a batch mode sftp script. A sample script file to create a remote
directory called testdoc and copy the document to the remote server is as follows.
The ‘-‘ before the mkdir command tells the sftp server to ignore errors on directory
creation.
-mkdir testdocs
cd testdocs
put mydoc testdocs
This script copies the contents of remote directory ‘remotedir’ to ‘newdir’ on the
Integration Server host. If newdir exists, the copy fails. Prefix the ‘lmkdir’ command
with a ‘-‘ to ignore the directory creation error.
lmkdir newdir
lcd newdir
cd remotedir
mget *
Parameters:
Name Description
Remotehost Name of remote host
Batchcommands Batch script to run, see manual page
Extraparms Additional parameters to sftp command
Timeout Amount of time to wait for command to complete (default = 30)
See the man page for sftp for complete details on available sftp commands. It is not
currently possible to interactively script the sftp command.
pub.openssh:ssh
This service runs a command on the remote server.
This command is effectively a command shell on the remote server. You must
exercise great care in the commands you allow to execute on the remote
server as well as the permissions of the remote account. By default, the ssh
command is disabled.
Parameters:
Name Description
remotehost Name of remote host
remotecommand Remote command to run (e.g., ls)
extraparms Additional parameters to the ssh command
timeout Amount of time to wait for command to complete (default = 30)
Subscribe to:
Posts (Atom)