+

Search Tips   |   Advanced Search

Manage installation targets > Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

 

Use the Secure Shell authentication method on target Windows operating systems


Use a Secure Shell (SSH) public/private key-pair to authenticate and connect to your installation targets. For Windows® operating systems, complete the required steps before you can securely use the SSH authentication method.

 

Before you begin

Use the information provided in this topic only if you want to use the SSH public/private key authentication method to access remote installation targets that are running any of the Windows operating systems. You can skip this topic if you plan to use the user name and password authentication method to access the installation targets.

Ensure that a third-party product, such as a Cygwin SSH server, is installed on the Windows installation target.

 

About this task

The normal setup of the Cygwin sshd server to run as a Windows service designates the server to run under the Local SYSTEM account or, for a Windows 2003 Server, to run under a local account ssd_server specifically created with special privileges to run the service. With an SSH server configured and started on the Windows target, the server authenticates user logins using a public/private key-pair. However, with this setup, installation programs that are located on the Windows target and invoked by the centralized installation manager, which is using public SSH public/private key authentication to gain access to the installation target, are run using the identity of the account under which the SSH server is running. As a result, this causes problems with certain centralized installation manager operations when the files or directories on the target system, that the operation is to operate on, are created using different identities. To work around this, change the service that the Cygwin sshd server runs under to log on with the same account, root, that is used to install software on that specific Windows installation target.

Assuming that a local ID root that has Administrator authority to install software on the Windows installation target has been created, the following steps outline how to change the Cygwin sshd server to run under the ID root:

 

Procedure

  1. Change the login ID of the Cygwin sshd service.

    1. From the Windows Start menu, click Settings > Control Panel > Administrative Tools > Services.

    2. From the Services window, right-click CYGWIN sshd, and select Properties.

    3. From the Properties window, select the General tab, and click Stopto stop the sshd service.

      Next, select theLog on tab, Under the Log on as section or prompt, clear the Local System account radio button, and select This account. Type .\root as the ID and type the password for the account. Click Apply.

  2. Grant additional rights to the root account. Ensure that the account has the required privileges in addition to membership to the Administrators group.

    1. From the Windows Start menu, click Settings > Control Panel > Administrative Tools > Local Security Policy.

    2. From the Local Security Settings window, expand Local Policies, and select User Rights Assignment.

    3. From the resulting page that appears on the right, verify that the root account has the following four rights:

      • Adjust memory quotas for a process

      • Create a token object

      • Log on as a service

      • Replace a process level token
      If not, add root as a user with the four rights.

      For Windows 2000, the first item in the preceding list is displayed as Increase quotas instead of Adjust memory quotas for a process.

    4. Close the Local Security Settings window.

  3. From a Cygwin console panel, change ownership of the following directories and files to root:

    • $ chown root /var/log/sshd.log

    • $ chown -R root /var/empty

    • $ chown root /etc/ssh*

  4. Restart the Cygwin sshd service.

    1. From the Properties page of the Cygwin sshd service, select the General tab, and click Start. Verify that the service is now running under the root user account.

 

What to do next

You can now install product packages and maintenance to your Windows installation targets. From the administrative console, click System administration > Centralized Installation Manager > Installation targets.


 

Related tasks

Installing the Secure Shell public key to access your remote workstations