SSH

The Statistics Server supports SSH authentication via public key exchange. Password authentication is always attempted first, and if that fails then key based authentication is tried.

Longitude installs keys under Longitude/ss/config/sshKeys. The appropriate public key needs to be configured on the monitored computer before key based authentication will succeed.

The Longitude Unix and Unix Transaction applications use either SSH or rexec to connect to the managed computer. An SSH connection is attempted first, and, if that fails, rexec is attempted.

If an AIX server does not have SSH available and rexec is disabled, rexec can be re-enabled as follows:

1. Uncomment the line for rexecd in /etc/inetd.conf
2. Run refresh –s inetd

By default Longitude uses SSH when monitoring computers with the Unix application, however if SSH is unavailable, Longitude will use rexec instead.

When the Unix application is being added to a machine, Heroix Longitude first tries to authenticate using SSH-1 or SSH-2, using public key based authentication if configured. If the ssh connection fails, Longitude will use the same username and password to execute commands via rexec.

See also: kb95: Configuring public-key authentication for SSH based collections

Please see the requirements below if collections fail to register when you add the Unix application:

1. The computer must support SSH or rexec access. If SSH is not enabled, then rexec is used.
   Note: Some SSH implementations may prohibit root from logging in to the system directly. You can use a non-root account to collect Unix metrics in most cases.
2. If you configure Longitude to collect statistics from the computer as root, the computer must not be configured to disallow remote access as root.

Public-key authentication is available for the Execute OS command in action rules and correlated events. To configure this:

• The statistics server used for the monitored computer will execute the OS Command - it will need to be configured to use the SSH key. See kb95: Configuring public-key authentication for SSH based collections for details on configuring the statistics server to work with SSH Keys.
• Enter the Login User and the key that has been configured for that user