Skip Headers
Oracle® Enterprise Manager Grid Control Advanced Installation and Configuration Guide
11g Release 1 (11.1.0.1.0)

Part Number E16847-10
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

D Setting Up SSH Connectivity

This appendix explains how you can set up SSH connectivity before installing Oracle Management Agent (Management Agent) on Microsoft Windows platforms. In particular, this appendix covers the following:

Overview

SSH (Secure Shell) Setup is the connectivity that is established between the host running Oracle Management Service (OMS) and the host where the Management Agent needs to be installed. This is primarily required for the Agent Deploy application to install Management Agents over HTTP on remote hosts.

The Agent Deployment application is an application that is part of the Enterprise Manager Grid Control console. It is used for deploying Management Agents in your environment using an interactive user interface. The installation of a Management Agent from the source host to the remote destination host happens using SSH, and for this communication to happen over SSH, an SSH setup is required between the two hosts. This also helps to avoid SSH authentication calls during future Agent Deploy operations.

Caution:

The SSH Setup must always be set between the destination hosts and the OMS, and never among the destination hosts.

In Enterprise Manager 11g Grid Control Release 1 (11.1.0.1.0), the Agent Deploy application sets up and drops the SSH connectivity automatically, but if the Management Agent is going to be on a Microsoft Windows operating systems, then you need to manually install and configure Cygwin on that host.

Note:

The Agent Deployment Wizard is certified and supported with Cygwin 1.5.

Setting Up SSH Server (SSHD) on Microsoft Windows

Before starting with the SSHD setup, ensure you are not using OpenSSH and MKSNT when using the Agent Deploy application. The Agent Deploy application uses the complete Cygwin suite (full collection of the software tools packaged in Cygwin). To get the complete collection of Cygwin, do the following:

Note:

The Agent Deployment Wizard is certified and supported with Cygwin 1.5.
  1. Ensure OpenSSH\bin and mksnt are not in your %PATH%. If they are, remove them by doing the following:

    1. Right-click on My Computer and go to Properties.

    2. In the System Properties window that appears, click Advanced.

    3. In this tab, click Environment Variables.

    4. Here, search for the Path system variable, select it, and if the OpenSSH\bin and mksnt are present in the PATH, click Edit.

    5. In the Edit System Variable dialog box that appears, delete these two values from the PATH, and click OK.

  2. Now, stop the SSH Daemon if it is running from OpenSSH. To do this:

    1. Right-click on My Computer, and select Manage.

    2. In the Computer Management window that appears, go to Services under Services and Applications.

    3. In the right-pane, select the SSH daemon service and click the Stop Service icon.

      Note:

      Ensure you rename the installation directories of OpenSSH and MKSNT.
  3. To install the full suite of Cygwin software, go to http://www.cygwin.com, and install Cygwin in your C:\cygwin directory.

    Note:

    If you are installing Cygwin into another directory than what has been previously mentioned, ensure you update the $OMS_INSTANCE_HOME/sysman/prov/resources/ssPaths_msplats.properties file with the proper Cygwin binary values after installing Oracle Enterprise Manager Grid Control.

    Caution:

    If you are installing Cygwin at a directory that is other than C:\cygwin on a remote machine, you must also ensure that Cygwin is installed on the OMS machine at the exact same location.

    The Cygwin installation directory should not contain any spaces.

    While installing Cygwin, ensure you choose the following binaries:

    1. Zip, unzip binaries from the Archive package.

      Figure D-1 Zip UnZip Binaries

      Zip Unzip Binaries
    2. OpenSSH and dependencies (automatically selected if you choose OpenSSH) from the Net package.

      Figure D-2 Net Packages

      Net Packages
  4. Modify the C:\cygwin\cygwin.bat file to add the following line:

    set CYGWIN=binmode tty ntsec
    
  5. Ensure cygrunsrv is installed by going to C:\cygwin\bin and executing the following:

    bash
    cygrunsrv -h
    

    Note:

    If you are prompted to provide a Cygwin value, enter binmode tty ntsec. If this returns an error message stating "service does not exist", you are on the right track, and can proceed to the next step.
  6. Open a new command prompt and execute the following:

    bashssh-host-config
    

    Note:

    Enter "no" when prompted to create sshd user account (message reads "sshd user account needs to be created").

    Enter "yes" at all other prompts.

    When prompted to answer the question "Which value should the environment variable CYGWIN have when sshd starts?", Oracle recommends that you set the value to at least "ntsec" as shown in the following example. This will enable you to change the user context without having to specify the password.

    As an answer to the previously mentioned question, specify a value that is similar to the following and press Enter:

    CYGWIN="binmode tty ntsec"
    
  7. Now, open the /etc/passwd file, and remove only those entries of the user that you will use to connect to the OMS machine.

    For example,

    • If the user that you are employing to connect to the OMS machine is a local user, execute the following:

      /bin/mkpasswd -l –u <USER> >> /etc/passwd
      
    • If the user you are employing to connect to the OMS machine is a domain user, execute the following:

      /bin/mkpaswd.exe -d -u <USER> >> /etc/passwd
      /bin/mkgroup.exe -d >> /etc/group
      
      
      mkdir -p /home/<USER>  (for example, mkdir -p /home/pjohn)
      chown <USER> /home/<USER> (for example, chown pjohn /home/pjohn)
      
  8. Start the SSH daemon.

    If the user you are employing to connect to the OMS machine is a domain user, do the following:

    1. Right-click on My Computer, and select Manage.

    2. In the Computer Management dialog box that appears, go to Services and Applications, and select CYGWIN sshd.

    3. Right-click CYGWIN sshd and select Properties.

    4. In the Properties dialog box, go to the Log On tab.

    5. Here, specify the domain/username and password. Click Apply.

    6. Now, go to the CYGWIN command prompt, and execute the following:

      chmod 644 /etc/ssh*
                 chmod <USERNAME> /var/empty
         chmod 755 /var/empty   chmod 644 /var/log/sshd.log
      

      Note:

      If /var/log/sshd.log does not exist, you do not have to execute the following command:
      chmod 644 /var/log/sshd.log
      
    7. Start the SSH daemon by executing:

      /usr/sbin/sshd
      

      Alternatively, from the same BASH prompt, you can also execute:

      cygrunsrv -S sshd
      

      Note:

      Use cygrunsrv -E sshd to stop the SSH daemon.
  9. You can now test your cygwin setup.

    To do this, go to a different machine (that has the ssh client running), and execute the following command:

    ssh -l <USERNAME> <localhost> 'date'
    
    OR
    
    ssh -l <USERNAME> <this node> 'date'
    

    For example,

    ssh -l pjohn egal07.db.funds.com 'date'
    

    This command will prompt you to specify the password. When you specify the correct password, the command should return the accurate date.

Setting Up SSH on Microsoft WIndows Using sshUserSetupNT.sh

Note:

Before executing the sshUserSetupNT.sh script, execute the following commands to ensure the home directory has been correctly set:
  1. Execute echo $HOME

    Ensure this displays the home directory of the current user.

  2. If it points to the home directory of another user, execute the following command:

    export HOME=<Windows style absolute path of homedir>
    
  3. Now, execute echo $HOME again, to verify the home directory. The $HOME value must be the same as that passed to -homeDir

This is the script that should be executed to set up SSH on Microsoft Windows platforms. The usage of the script is as follows:

./sshUserSetupNT.sh -user -asUser -asUserGrp -sshLocalDir -homeDir -hosts -hostfile 

Note:

After the SSHUserSetupNT.sh script has been executed, you must verify the successful SSH user setup on all the hosts, individually.

That is, if you have run the script to set up SSH on two hosts (host1, and host2), you must run the following command on each host to verify successful SSH setup:

ssh -l <username> host1 'date'

and then run:

ssh -l <username> host2 'date'

Caution:

You must execute the sshUserSetupNT.sh script on the local OMS machine from within the cygwin (BASH) shell only. The script will fail to execute if done from outside this location.

All the previously mentioned options are mandatory, and should be passed while executing the script.

Note:

It is assumed that C:\cygwin is the default installation directory for the Cygwin binaries.

If you install cygwin at a location other than c:\cygwin (default location), it can cause the SSH setup to fail, and in turn, the agent installation will fail.

To work around this issue, you must either install cygwin in the default directory (c:\cygwin), or update the ssPaths_msplats.properties file with the correct path to the cygwin binaries. The ssPaths_msplats.properties is available in <OMS_INSTANCE_HOME>/sysman/prov/resources/.

You can look into the following remote registry key to find out the correct Cygwin path:

HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/

Description

This script is used on Microsoft Windows platforms to set up SSH from the host on which it is run to the specified remote hosts. After this script is run, you can use SSH to execute commands on the remote hosts, or copy files between the local host and the remote hosts without being prompted for passwords or confirmations.

The list of remote hosts and their user names are specified as command-line parameters to the script.

Note:

If you have used spaces in the $HOME value (for example, /cygdrive/c/Documents and Settings/pjohn), specify the $HOME value in Microsoft Windows style and within double quotation marks (for example, "C:\ Documents and Settings\pjohn").

Note:

Specify the full path within double quotation marks (" ").

Caution:

You must execute the sshUserSetupNT.sh script on the local OMS machine from within the cygwin (BASH) shell only. The script will fail to execute if done from outside this location.

Setting Up the Timezone Variable on Remote Hosts

This section lists the steps you must follow to set up the timezone environment variable on remote hosts.

To verify if the timezone environment variable (TZ) is accessible by the SSH server on the remote hosts, execute the following command from the OMS host:

ssh -l <user_name> -n <remote_node> 'echo $TZ'

If this command does not return the TZ environment variable value, you must set the TZ variable and ensure this is accessible by the SSH server. You can set the TZ environment variable on remote hosts in the following sections:

Set the TZ variable and Restart the SSH Daemon

If the shell being used is BASH, add the following line to the .bashrc file in the home directory of the user (being used) for ssh access:

export TZ=<your machine's timezone>

If you are using a CSH shell, then add the following line to the .cshrc file in that directory:

setenv TZ <your machine's timezone>
  1. Depending on the shell that is present on the host, set the TZ variable by executing the following command:

    For a CSH Shell, specify:
    setenv TZ PST8PDT
    
  2. Restart the SSH daemon by executing:

    sudo /etc/init.d/sshd restart
    
  3. Now, execute the following command from the OMS home to verify if the SSH server can access the TZ variable.

    ssh -l <user_name> -n <node_name> 'echo $TZ'
    

Set the TZ Variable in the "Shell rc" File

The timezone variable must be set in the rc file of the shell that the host is using.

For example, if the host is using a BASH shell, go to the user's home directory ($HOME) and add the following to the ~/.bashrc file to set the TZ variable:

TZ=PST8PDT; export TZ

If the host is using a CSH shell, go to $HOME and add the following to the ~/.cshrc file:

setenv TZ PST8PDT

Now, execute the following command from the OMS home to verify if the SSH server can access the TZ variable.

ssh -l <user_name> -n <node_name> 'echo $TZ'