TRUE

BMC PATROL for UNIX and Linux 9.13

All versions
 

Release notes and notices
updated 22 May
This section provides information about what is new or changed in this space, including urgent issues, documentation updates, service packs, and patches. 

 

Tip

To stay informed of changes to this space, place a watch on this page. 

DateTitleSummary
May 22, 2019Technical bulletinsAdded Red Hat Enterprise Linux 8.0, x86_64 support
March 22, 20199.13.00 enhancements

Released a patch to fix issues reported in the earlier versions.

List of issues that were corrected by this patch

December 17, 2018Technical bulletinsAdded CentOS 7.6 support
December 10, 2018Technical bulletinsAdded Red Hat Enterprise Linux 7.6 support
October 11, 2018Technical bulletinsAdded Oracle Enterprise Linux 7.5 UEK support
July 31, 2018Technical bulletinsAdded Debian 8.11 and 9.5 support
July 25, 2018Announcing support for Red Hat Enterprise Linux 6.10Added platform support
July 03, 2018Announcing support for new platformsAdded platform support
May 22, 20189.13.20.04: Patch for PATROL for UNIX and Linux

Released a patch to fix issues reported in the earlier versions.

List of issues that were corrected by this patch

May 14, 2018Announcing support for Red Hat Enterprise Linux 7.5 operating systemAdded platform support
February 28, 20179.13.20.03: Patch for PATROL for UNIX and Linux

Released a patch to fix issues reported in the earlier versions.

List of issues that were corrected by this patch

October 27, 20179.13.20.02: Patch for PATROL for UNIX and Linux

Released a patch to fix issues reported in the earlier versions.

List of issues that were corrected by this patch

September 29, 2017Announcing support for new platformsAdded platform support
July 31, 20179.13.20.01: Patch for PATROL for UNIX and Linux

Released a patch to fix issues reported in the earlier versions

List of issues that were corrected by this patch

June 16, 2017Announcing support for new platformsAdded platform support
April 13, 2017Announcing support for CentOS 7.3 operating systemAdded platform support
March 28, 20179.13.20: Service Pack 2

PATROL for UNIX and Linux provides the following features:

  • Added platform support
  • Fixed defects

List of issues that were corrected by this Service Pack

December 09, 20169.13.00.03: Patch 3 for BMC PATROL for UNIX and Linux

Released a patch to fix an issue reported in the earlier versions

List of issues that were corrected by this patch

December 02, 2016Announcing support for new platformsAdded platform support
October 25, 20169.13.10.02: Patch 2 for BMC PATROL for UNIX and Linux

Released a patch to fix an issue reported in the earlier versions

List of issues that were corrected by this patch

September 29, 20169.13.10.01: Patch 1 for BMC PATROL for UNIX and Linux

Released a patch to fix issues reported in the earlier versions

List of issues that were corrected by this patch

July 12, 2016Announcing support for new platformsAdded platform support
June 17, 20169.13.10: Service Pack 1

PATROL for UNIX and Linux provides the following features:

  • Provides improved data security by using Advanced Encryption Standard (AES).
  • Perform Data Collector version updated to 10.5.00
  • Supports Ubuntu 16.04 platform
April 29, 2016Announcing support for Solaris 10 U11 operating systemAdded platform support
April 29, 2016Announcing support for Ubuntu 15.04, and 15.10 operating systemsAdded platform support
April 22, 2016Announcing support for Oracle Enterprise Linux 5.11, 6.7, and 7.2 operating systemsAdded platform support
April 22, 2016Announcing support for SUSE Linux Enterprise Server 12.1 operating systemsAdded platform support
April 22, 2016Announcing support for Oracle Solaris 11.3 operating systemsAdded platform support
April 14, 2016Announcing support for CentOS 6.7 and 7.2 operating systemsAdded platform support
April 14, 2016Announcing support for Debian 8.3.00 and 8.4.00 operating systemAdded platform support
April 05, 20169.13.00.05: Patch 5 for BMC PATROL for UNIX and Linux

Released a patch to fix an issue reported in the earlier versions

List of issues that were corrected by this patch

April 04, 2016Announcing support for AIX 7.2 operating systemAdded platform support
March 31, 2016Announcing support for Red Hat Enterprise Linux 6.7 and 7.2 operating systemAdded platform support
December 30, 2015Announcing support for Debian 7.9.00 and 8.2.00 operating systemAdded platform support
November 27, 20159.13.00.04: Patch 4 for BMC PATROL for UNIX and Linux

Released a patch to fix an issue reported in the earlier versions

List of issues that were corrected by this patch

July 27, 20159.13.00.03: Patch 3 for BMC PATROL for UNIX and Linux

Released a patch to fix an issue reported in the earlier versions

List of issues that were corrected by this patch

June 30, 20159.13.00.02: Patch 2 for BMC PATROL for UNIX and Linux

Released a patch to fix an issue reported in the earlier versions

List of issues that were corrected by this patch

June 22, 2015Announcing support for Debian 7.7.00 operating systemAdded platform support
April 17, 20159.13.00.01: Patch 1 for BMC PATROL for UNIX and Linux

Released a patch to fix various issues reported in the earlier versions

List of issues that were corrected by this patch

April 16, 2015Announcing support for Red Hat Enterprise Linux 7.1Added platform support
March 02, 2015Announcing support for Oracle Enterprise Linux and CentOS operating systemsAdded platform support

December 18, 2014

9.13.00 enhancements

Added new features and fixed various issues reported in the earlier versions 

 

You can create a custom PDF of this release notes and notices branch.

 Click here to see the steps.

The BMC Documentation portal gives you the ability to generate PDF and Microsoft Word documents of single pages, and to create PDF exports of multiple pages in a space.  

Creating PDF and Word exports

You can create a PDF of a page or a set of pages. (Non-English page exports are not supported.) You can also create a Word document of the current page.

To export to PDF or Word

  1. From the Tools menu in the upper-right, select a format:
    • Export to Word to export the current page to Word format
    • Export to PDF to export the current page or a set of pages to PDF
  2. If exporting to PDF, select what you want to export:
    • Only this page to export the current page
    • This page and its children to export a set of pages
    For example, selecting This page and its children from the home page exports the entire space to PDF.

XML and HTML exports

If you require an export in XML or HTML format, contact us.

 

Related topics

Known and corrected issues

9.13.00 enhancements

System requirements and supported resources

 

 System requirements for the KM

Installing

 

Information about installing the product and migrating the product data.

Upgrading

 

Upgrade and migration process.

Monitor types and attributes

 

Information about monitoring elements of the KM.

Configuring after installation

 

Required post-installation configuration tasks.

Using

 

Interface descriptions, using the product.

Troubleshooting

 

Issue resolution, error messages, logs, and contacting Support.
Frequently asked questions

This section addresses common questions about using the BMC PATROL Knowledge Module (KM) for UNIX and Linux to perform remote monitoring.

Which version of PATROL KM for UNIX and Linux supports remote monitoring?

PATROL KM for UNIX and Linux started supporting remote monitoring from version 9.8.00 onwards.

Which data collection method is used by remote monitoring?

Remote monitoring uses the PATROL Scripting Language (PSL) data collection method to discover instances and to get data through the remote External PSL Call (XPC).

What is the role of pukremotexec.xpc in remote monitoring?

PATROL KM for UNIX and Linux uses an XPC-based collection mechanism to support monitoring of the remote hosts. The pukremotexec.xpc stand-alone executable communicates with PATROL Agent through standard input (stdin) and output (stdout) channels connected with pipes. The communication between PATROL Agent and the XPC server is handled by the SDK libraries through PSL function calls.

pukremotexec.xpc is an XPC-based SSH2 client that opens sessions with remote hosts, runs commands on those hosts, and returns the output to the PSL collectors. For the PSL collectors, the command execution is transparent and the same PSL collectors work well with the local host and the remote host.

The XPC-based SSH2 client has following advantages:

  • A single SSH2 client (process) can handle multiple remote sessions simultaneously.
  • Multiple system commands can be executed over a single remote session simultaneously.

The XPC-based client is responsible for collecting information from the remote host for the application classes.

What hardware do I need to monitor multiple UNIX computers remotely?

The following table lists the hardware requirements for a single PATROL Agent running on a dedicated computer and monitoring 175 remote hosts.

Hardware requirements for remote monitoring on multiple UNIX computers

ResourceMinimum requirementRecommended
Processor
  • Linux:
    Dual processor, x86-64, Itanium 2, and IBM zSeries
  • Oracle Solaris:
    Dual processor, SUN UltraSPARC, and x86-64
  • IBM AIX:
    Dual processor, Power 5, Power 6, and Power 7
  • HP-UX:
    Dual processor, Itanium 2 and PA-RISC
  • Linux:
    Quad processor, x86-64, Itanium 2, and IBM zSeries
  • Oracle Solaris:
    Quad processor, SUN UltraSPARC, and x86-64
  • IBM AIX:
    Quad processor, Power 5, Power 6, and Power 7
  • HP-UX:
    Quad processor, Itanium 2 and PA-RISC
Server memory2 GB4 GB
Disk space600 MB600 MB

Which operating systems can I monitor remotely?

The following operating systems that are supported by PATROL Agent and PATROL KM for UNIX and Linux can be monitored remotely:

  • Red Hat Enterprise Linux 4.x, 5.x, and 6.x
  • SUSE Linux Enterprise Server 10 and 11
  • Oracle Enterprise Linux 5.x and 6.x
  • VMware ESX Server 2.5, 3.0, 3.5, and 4.0
  • Solaris 9, 10, and 11
  • IBM AIX 6.1, and 7.1
  • HP-UX 11.11, 11.23, and 11.31
  • CentOS 5.x and 6.x

What are the pre-requisites for enabling remote monitoring?

The PATROL Agent computer should be a dedicated server for remote monitoring. The SSH client should be installed on the PATROL Agent computer to communicate with the remote host on which the SSH server is installed. The SSH server should be available and running on port 22 on the remote host before adding it into a PATROL Agent.

Note

It is not mandatory to install the SSH client on the PATROL Agent computer; the pukremotexec.xpc process performs the role of an SSH client.

Configuration requirements for host computers (PATROL Agent)

  • The operating system that is supported by PATROL Agent and PATROL KM for UNIX and Linux must be installed.
  • PATROL Agent and PATROL KM for UNIX and Linux version 9.8.00 or later must be installed.

Configuration requirements for the remote host

  • The SSH2 server must be installed and running.
  • The SSH2 server must be configured as follows:
    • To configure the remote host for password-based authentication, add the following entry to the SSH2 server configuration (sshd_config) file, if it is not already present:
      PasswordAuthentication yes
    • To configure the remote host for key-based authentication, add the following entry to the SSH2 server configuration (sshd_config) file, if it is not already present:
      PubkeyAuthentication yes
    • To configure a port number on the remote host, add the following entry to the SSH2 server configuration (sshd_config) file, if it is not already present:
      Port 22

You must restart the SSH2 server after making configuration changes.

The following figure illustrates a configuration with multiple remote hosts.

Monitoring configuration with multiple remote hosts

Which authentication mechanisms are used in remote monitoring?

PATROL KM for UNIX and Linux supports the following types of user authentication mechanisms.

Password-based

When you configure a remote host for monitoring, you must provide a user name and a password to access the remote host. PATROL KM for UNIX and Linux stores these login credentials in a secure key store. The SSH2 client submits the credentials to the remote host in order to initiate a remote connection. If the credentials are validated successfully, the SSH2 client starts collecting data for the remote host.

To configure the remote host for password-based authentication, add the following entry to the SSH2 server configuration (sshd_config) file, if it is not already present:

PasswordAuthentication yes

Key-based

When you configure a remote host for monitoring, you must provide the public and private key file paths, and the passphrase (if applicable). The key file paths must be absolute paths (for example, /home/user/id_rsa.pub), and the PATROL user must have read permissions to access the key files. PATROL KM for UNIX and Linux stores the key file paths in a secure key store.

To configure the remote host for key-based authentication, add the following entry to the SSH2 server configuration (sshd_config) file, if it is not already present:

PubkeyAuthentication yes

Note

The KM stores the file name information and not the public or private key. BMC recommends that you set a passphrase for the private key.

What are “user profiles” in remote monitoring?

User profiles provide a way share credentials among multiple hosts. The hosts that have the same credentials can be grouped into a user profile. You can then assign that profile to all hosts.

Example

Host A, Host B, and Host C have the same credentials (patqa1/patAdm1n). You can create a profile named Test with credentials, patqa1/patAdm1n.

All hosts that are added to the Test profile automatically refer to these profile credentials for authentication; you do not have to enter credentials every time.

Which application classes are supported for remote monitoring?

The remote monitoring functionality in version 9.8.00 and later of PATROL KM for UNIX and Linux, supports the following application classes:

  • COLLECTORS
  • CPU
  • DISK
  • FILESYSTEM
  • MEMORY
  • PROCESS
  • PROCESS_PRESENCE
  • SMP
  • UNIX_OS
  • USERS
  • AIX_VIRTUALIZATION (version 9.10.00 onwards)
  • KERNEL (version 9.10.00 onwards)
  • NETWORK (version 9.10.00 onwards)
  • NFS (version 9.10.00 onwards)
  • SWAP (version 9.10.00 onwards)
  • ZPOOL (version 9.10.00 onwards)

Limitations

The following application class limitations apply for remote monitoring on UNIX and Linux computers:

  • Discovering an application class depends on the system command. Discovery might not work if the command is not available, the output is invalid, or the user account that you provided while adding the remote host does not have permission to execute the command.
  • The PROCESS_PRESENCE application class discovers and creates all default instances for the respective remote host.

    • The Synchronization functionality does not work for remote hosts.

    • Solaris non-global zone processes cannot be monitored if you are monitoring a Solaris global zone computer as a remote host. This functionality works only for local monitoring.

  • The SMP application class will not be discovered if a single processor is running on the remote host.

  • The FILESYSTEM application class is discovered 5 minutes after the discovery of the remote host.

  • The filesystems on which the PATROL user does not have read and execute permissions are not monitored. The parameters for these filesystems remain offline unless the required permissions are granted to the PATROL user.

  • The menu commands that require root credentials are not supported.

Which system commands do application classes refer to?

The following table lists the application classes and the system commands that they use.

System commands used by PATROL KM for UNIX and Linux application classes

Application classSystem commands

CPU

vmstat, sar, uptime

DISKS

iostat

FILESYSTEM

df, mount

MEMORY

vmstat

PROCESS

ps

PROCESS PRESENCE

ps

SMP

mpstat

USERS

who

AIX_VIRTUALIZATION

lparstat

KERNEL

sar, vmstat

NETWORK

  • netstat
  • dmesg (Linux only)
  • kstat (Solaris only)
  • entstat (AIX only)
  • lanadmin (HP-UX only)

NFS

nfsstat
SWAPswap / swapon

ZPOOL

zpool / zfs

How many remote hosts can one PATROL Agent monitor?

There is no maximum limit to the number of remote hosts that one PATROL Agent can monitor. However, in the PATROL Performance, Scalability and Reliability (PSR) lab, the largest configuration tested was 175 hosts.

Can I use an earlier version of PATROL Agent?

Yes. You can use any one of the earlier PATROL Agent versions supported. BMC recommends you to use the latest version of the PATROL Agent for better performance.

Can I monitor UNIX and Linux systems from PATROL Agent for Windows?

No, you cannot monitor UNIX or Linux systems from a Microsoft Windows computer.

How do I configure PATROL KM for UNIX and Linux for remote monitoring?

The REMOTE_HOST and REMOTE_CONT application classes are supported to monitor remote hosts.

To add a remote host for monitoring

  1. Install PATROL Agent and PATROL KM for UNIX and Linux version 9.8.00 or later on a computer.
  2. Add the computer in step 1 in the PATROL console as a Managed Node.
  3. Load UNIX3.kml and Remote.kml.
    By default, all the application classes in the DCM collection method are discovered.

  4. To switch to the PSL collection method, right-click UNIX OS and choose KM Commands > Knowledge Module Admin > Toggle PSL/DCM Collection.

  5. After full discovery, right-click the Remote Monitoring container and choose KM Commands > Manage List of Monitored Hosts.

    When the Manage List of Monitored Hosts dialog box appears, the Add New Host option is selected by default.

  6. Click OK, and in the Add New Host dialog box, provide the host name, user name, and password of the remote host to be monitored.

    Note

    The host can also be added by using a profile, and public and private keys.

To modify a remote host

  1. Right-click the Remote Monitoring container and choose KM Commands > Manage List of Monitored Hosts.
  2. In the Manage List of Monitored Hosts dialog box, select the remote host that you want to modify, and select the Modify Host option.
  3. Click OK.
  4. Edit the host information as necessary, and then click OK to save the changes.

To delete a remote host

  1. Right-click the Remote Monitoring container and choose KM Commands > Manage List of Monitored Hosts.
  2. In the Manage List of Monitored Hosts dialog box, select the remote host that you want to modify, and select the Delete Host option.
  3. Click OK.

Can I simultaneously use the DCM method to monitor the local host and the PSL method to monitor a remote host?

No, you cannot use the DCM method for local monitoring and the PSL method for remote monitoring, simultaneously. You must switch from DCM collection to PSL collection to enable remote monitoring on UNIX computers.

Warning

Do not run multiple PATROL Agents for DCM and PSL collection, as this could result in duplicate monitoring on the local host.

Does each collector have its own dedicated SSH session?

No, all of the collectors for a remote host use the same SSH session.

Is the SSH connection to a remote host persistent?

Yes, a persistent SSH connection is maintained for each remote host being monitored.

Can I specify a different polling cycle for each application class?

Yes, you can specify a different polling cycle for each application class.

Note

The default polling cycles that are applied for each application class in remote monitoring are the same as those used in local monitoring, except the FILESYSTEM application class.

Can I change threshold values for a specific remote host instance?

You can configure threshold values for a specific remote host using the BMC PATROL KM for Event Management.

What instance hierarchy is displayed for remote hosts?

The instance hierarchy that is displayed for a remote host is the same as that of a local host.

How does BMC ProactiveNet discover remote hosts?

BMC ProactiveNet discovers remote host instances as devices.

What are the Performance and Scalability metrics for remote monitoring?

The following table lists the metrics based on 2 processors and 2 GB of RAM for 175 remote hosts monitored for 120 hours.

Performance and Scalability metrics for remote monitoring with PATROK KM for UNIX and Linux

Operating systemAverage CPU (in %)Average Memory (in MB)Network

PATROL Agentpukremotexec. xpcPATROL Agentpukremotexec. xpcIn (Kilo Bytes per second)Out (Kilo Bytes per second)
Oracle Solaris 10 20.436.37329.4112.3055.610.3
Red Hat Enterprise Linux 5.4 x86-6423.457.0407.0912.7365.411.9
IBM AIX 6.1 Power621.046.25392.3013.4483.023.4
HP-UX 11.23 PARISC369.45422.7014.4356.110.7


How do I configure remote hosts via the PATROL Configuration Manager (PCM)?

You can add remote hosts in the PATROL Agent by creating the following rulesets in PCM:

To add a remote host in the PATROL Agent, create:

  • "/REMOTE/HOSTS/remoteHost/hostInfo" = {REPLACE = "remoteHost<Ctrl+B>NONE<Ctrl+B>0<Ctrl+B>UserName"}
  • "/SecureStore/REMOTE_HOSTS/remoteHost/passWord" = {REPLACE = "COLLECTORS;FILESYSTEM;KERNEL;LDOM;LVIRT;MEMORY;NETWORK;NFS;POOL;PROCCONT;PROCESS;PROJECT;REMOTE_CONT;REMOTE_HOSTS;UNIX_OS;USERS;VIRTUALIZATION;WPAR;ZFS;ZPOOL;ZONE/EncryptedPassword"}

To add a remote host in the PATROL Agent with public and private key, create:

  • "/REMOTE/HOSTS/remoteHost/hostInfo" = {REPLACE = "remoteHost<Ctrl+B>NONE<Ctrl+B>0<Ctrl+B>UserName<Ctrl+B><Ctrl+B>PublicKey<Ctrl+B>PrivateKey"}
  • "/SecureStore/REMOTE_HOSTS/remoteHost/passPhrase" = {REPLACE = "COLLECTORS;FILESYSTEM;KERNEL;LDOM;LVIRT;MEMORY;NETWORK;NFS;POOL;PROCCONT;PROCESS;PROJECT;REMOTE_CONT;REMOTE_HOSTS;UNIX_OS;USERS;VIRTUALIZATION;WPAR;ZFS;ZPOOL;ZONE/EncryptedPassword"}

To add a remote host in the PATROL Agent using profiles, create:

  • "/REMOTE/PROFILE/profileName/credential" = {REPLACE = "ProfileName<Ctrl+B>UserName"}
  • "/SecureStore/REMOTE/PROFILE/profileName/passWord" = {REPLACE = "COLLECTORS;FILESYSTEM;KERNEL;LDOM;LVIRT;MEMORY;NETWORK;NFS;POOL;PROCCONT;PROCESS;PROJECT;REMOTE_CONT;REMOTE_HOSTS;UNIX_OS;USERS;VIRTUALIZATION;WPAR;ZFS;ZPOOL;ZONE/EncryptedPassword"}
  • "/REMOTE/HOSTS/remoteHost/hostInfo" = {REPLACE = "Hostname<Ctrl+B>ProfileName<Ctrl+B>0<Ctrl+B>UserName"}
  • "/SecureStore/REMOTE_HOSTS/remoteHost/passWord" = {REPLACE = "COLLECTORS;FILESYSTEM;KERNEL;LDOM;LVIRT;MEMORY;NETWORK;NFS;POOL;PROCCONT;PROCESS;PROJECT;REMOTE_CONT;REMOTE_HOSTS;UNIX_OS;USERS;VIRTUALIZATION;WPAR;ZFS;ZPOOL;ZONE/null"}

The following table gives a description of the items to be entered in the preceding rulesets:

ItemDescription
remoteHostName of the remote host
UserNameUser name that you will use to configure remote hosts
ProfileNameProfile name that you will use to share credentials
EncryptedPassword

Encrypted password that you will enter in a secure key store.

You can encrypt the password in the following ways:

  • Use the encrypt() function.
    Syntax: encrypt ("password","DES")
  • Use the pwd_encrypt password binary file from $PATROL_HOME/bin
PublicKey

Public key that you will use for authentication for remote monitoring

PrivateKey

Private key that you will use for authentication for remote monitoring

<Ctrl+B>

Ctrl+B is a key combination that you will use to insert a separator character

For information on configuring remote hosts in the PATROL console, see Configuring PATROL KM for UNIX for remote monitoring.

Can I monitor more than 175 remote hosts on a single computer?

Yes, you can monitor more than 175 remote hosts on a single computer. To do this, you have to run another PATROL Agent on a port different from the one you are already using and add upto 175 remote hosts. In the PATROL PSR lab, a maximum of two PATROL Agents have been tested to function simultaneously. To monitor more than 175 hosts at the same time, ensure that you have enough hardware resources to support this configuration in your environment. For more information, see the recommended hardware configurations.

Troubleshooting SSH

The following information addresses common questions about SSH, and issues that you might face while configuring remote monitoring.

How do I debug PATROL KM for UNIX and Linux for remote monitoring?

You can enable and disable debugging at the XPC and SSH library levels for the remote XPC for a remote host.

To enable debugging for the remote XPC for a remote host

Tip

You can store the debug information for the remote XPC in an external file.

  1. Access the UNIX OS application menu for the remote host in the Remote Monitoring container.
  2. Choose Debug and Diagnostics > PUK Remote XPC Debug Admin.
  3. In the PUK Remote Host Debug Admin dialog box, select the Enable XPC Debug check box to start debugging at the XPC level.
  4. Select the Enable Libssh2 TRACE check box to start debugging at the library level.
  5. Enter the absolute path and name of the log file in which you want the KM to store the debug information (for example, /tmp/PukRemoteDebug.txt).
  6. Click Accept.
    The log file is generated in the format, /tmp/PukRemoteDebug.txt~pid, where pid is the process ID of the running pukremotexec.xpc.

To disable debugging for the remote XPC for a remote host

  1. Access the UNIX OS application menu for the remote host in the Remote Monitoring container.
  2. Choose Debug and Diagnostics > PUK Remote XPC Debug Admin.
  3. In the PUK Remote Host Debug Admin dialog box, clear the Enable XPC Debug check box to stop debugging at the XPC level.
  4. Clear the Enable Libssh2 TRACE check box to stop debugging at the library level.
  5. To close the generated log file, select the Close debug file check box.
  6. Click Accept.

Where I can find the sshd_config file on the system?

The sshd_config file resides in /etc/ssh/, but the location might vary depending upon the operating system or distribution:

  • For Linux, Solaris, and AIX: /etc/ssh/sshd_config
  • For HP-UX: /opt/ssh/etc/sshd_config

Can I modify the sshd_config file as a standard user?

By default, a root user has permissions to modify this file. However, the environment can be configured to allow a standard user to modify this file.

How do I start and stop the sshd service?

You can use the following commands to start and stop the sshd service:

  • Red Hat Enterprise Linux:
    #service sshd restart
  • SUSE Linux:
    # /etc/rc.d/sshd restart
  • Oracle Enterprise Linux:
    # /etc/init.d/sshd stop
    # /etc/init.d/sshd start
    # /etc/init.d/sshd restart
  • Solaris 9 and earlier versions:
    # /etc/init.d/sshd stop
    # /etc/init.d/sshd start
  • Solaris 10:
    # svcadm disable ssh
    # svcadm enable ssh
  • AIX:
    # stopsrc -s sshd
    # startsrc -s sshd
  • HP-UX:
    # /sbin/init.d/secsh stop
    # /sbin/init.d/secsh start

How do I verify and debug the SSH connection for a specific remote host?

You can use the following commands to verify and debug the ssh connection with a remote host. The debug log appears only on that same session of system.

  • For password-based authentication:
    # ssh -2 –v –v –v –l userName -o PreferredAuthentications=password remoteHostsys_command
  • For key-based authentication:
    # ssh -2 –v –v –v –l userName -o PreferredAuthentications=publickey remoteHostsys_command

You must execute these commands on monitoring servers (PATORL Agent computer).

How do I create RSA public and private keys?

An RSA key pair must be generated on the client system. The public portion of this key pair must reside on the servers that the client will access, and the private portion must reside on a secure local area of the client system (by default in the ~/.ssh/id_rsa directory).

The following figure shows the RSA key pair on client and server systems.

RSA key pair on client and server systems

You can generate the keys by using the ssh-keygen utility.

To generate the RSA key pair

  1. Enter the following command on the client system to create the ~/.ssh directory:
    mkdir ~/.ssh
  2. Enter the following command on the client system to change permissions on the ~/.ssh directory:
    chmod 700 ~/.ssh
  3. Enter the following command on the client system:
    ssh-keygen -q -f ~/.ssh/id_rsa -trsa
  4. Enter the passphrase if required.
  5. Enter the passphrase again.

The file permissions should be locked to prevent other users from being able to read the key pair data. OpenSSH might also refuse to support public key authentication if the file permissions are too open. These fixes should be done on all systems involved.

To lock file permissions

  1. Enter the following commands on the client system:
    • chmod go-w ~/
    • chmod 700 ~/.ssh
    • chmod go-rwx ~/.ssh/*

To enable public key authentication

  1. Copy the public portion of the RSA key pair to the servers that the client will access.
    The public key information to be copied should be located in the ~/.ssh/id_rsa.pub file on the client.
  2. Append the public key information to the ~/.ssh/authorized_keys file on the servers.
    You can use the scp or ssh-copy-id utility for copying the ID on the server.
  3. Verify that public key connections to the servers work properly by executing the following commands:
    • client$ ssh -o PreferredAuthentications=publickey sshServerName
    • Enter passphrase for key '/…/.ssh/id_rsa': passphrase
    • passphrase
    • server$

Remote monitoring flowchart

The following figure represents the workflow for remote monitoring:

Remote monitoring flow chart

PDFs


 


 

Was this page helpful? Yes No Submitting... Thank you
© Copyright 2014 - 2017, 2019 BMC Software, Inc.
Legal notices