Ensure that you are familiar with how to run the PuTTY and plink utilities.
The Secure Shell (SSH) protocol specifies that the first access to a new host server sends a challenge to the SSH user to accept the SSH server public key or user password. Because this is the first time that you connect to an SSH server, the server is not included in the SSH client list of known hosts. Therefore, there is a fingerprint challenge, which asks if you accept the responsibility of connecting with this host. If you type y, the host fingerprint and IP address are saved by the SSH client.
When you use PuTTY, you must also type y to accept this host fingerprint. However, the host fingerprint and IP address are stored in the registry for the user name that is logged on to Windows.
The SSH protocol also specifies that once the SSH server public key is accepted, another challenge is presented if the fingerprint of an SSH server changes from the one previously accepted. In this case, you must decide whether you want to accept this changed host fingerprint.
For interactive mode, you can use the PuTTY executable to open the SSH restricted shell.
C:\support utils\putty<username>@svcconsoleip
where support utils\putty is the location of your putty.exe file, <username> is the IP address of your management GUI, and <username> is the user name that you want to use.
IBM_2145:cluster0:superuser>lsuser id name password ssh_key remote usergrp_id usergrp_name 0 superuser yes yes no 0 SecurityAdmin 1 smith no yes no 4 Monitor 2 jones no yes no 2 CopyOperator
You can type exit and press Enter to escape the interactive mode command.
The following is an example of the host fingerprint challenge when using plink in interactive mode:
C:\Program Files\IBM\svcconsole\cimom>plink superuser@9.43.225.208 The server's host key is not cached in the registry. You have no guarantee that the server is the computer you think it is. The server's key fingerprint is: ssh-rsa 1024 e4:c9:51:50:61:63:e9:cd:73:2a:60:6b:f0:be:25:bf If you trust this host, enter "y" to add the key to PuTTY's cache and carry on connecting. If you want to carry on connecting just once, without adding the key to the cache, enter "n". If you do not trust this host, press Return to abandon the connection. Store key in cache? (y/n) y Using user name "superuser". Authenticating with public key "imported-openssh-key" IBM_2145:your_cluster_name:superuser>
For single-line command mode, you can type the following all on one command line:
C:\Program Files\IBM\svcconsole\cimom> plink superuser@9.43.225.208 lsuser Authenticating with public key "imported-openssh-key" id name password ssh_key remote usergrp_id usergrp_name 0 superuser yes yes no 0 SecurityAdmin 1 smith no yes no 4 Monitor 2 jones no yes no 2 CopyOperator
The following is an example of the host fingerprint challenge when using plink in single-line command mode:
C:\Program Files\IBM\svcconsole\cimom> plink superuser@9.43.225.208 lsuser The server's host key is not cached in the registry. You have no guarantee that the server is the computer you think it is. The server's key fingerprint is: ssh-rsa 1024 e4:c9:51:50:61:63:e9:cd:73:2a:60:6b:f0:be:25:bf If you trust this host, enter "y" to add the key to PuTTY's cache and carry on connecting. If you want to carry on connecting just once, without adding the key to the cache, enter "n". If you do not trust this host, press Return to abandon the connection. Store key in cache? (y/n) y Authenticating with public key "imported-openssh-key" id name password ssh_key remote usergrp_id usergrp_name 0 superuser yes yes no 0 SecurityAdmin 1 smith no yes no 4 Monitor 2 jones no yes no 2 CopyOperator