Installing Remote Agent for Linux or UNIX Servers using the SSH (Secure Shell) protocol

By default, the Remote Agent installer uses RSH (Remote Shell) when remotely installing the Remote Agent. Symantec recommends that you use SSH (Secure Shell) instead.

To remotely install the Remote Agent using the SSH protocol, the following steps must be performed to enable temporary SSH trust relationships between the computers involved. To set up the trust relationship, you must locate the root's home directory on each computer where you want to install the Remote Agent.

Following are the default locations of the root's home directory for each operating system:

Table: Location of the root's home directory

Operating system

Location of the root's home directory

Linux

/root

HP/UX

/

AIX

/

Solaris

/

Macintosh OS X

/var/root

To install the Remote Agent using the SSH protocol

  1. Ensure that SSH is installed and enabled on each computer where you want to install the Remote Agent.

  2. On the SSH client computer from where you want to install the Remote Agent, log on as root.

  3. On the SSH client computer from where the Remote Agent agent is being installed, run the following command:

    ssh-keygen -b 1042 -t dsa

  4. Accept the defaults, including no passphrase.

    An ssh key for the computer is created in the file /.ssh/id_dsa.pub

  5. On each remote computer where you want to install the Remote Agent agent, check to see if a /.ssh/authorized_keys2 file exists in the root's home directory.

  6. Do one of the following:

    • If the file does not exist, copy the /.ssh/id_dsa.pub file on the ssh client to /.ssh/authorized_keys2 on each ssh server system.

    • If the file does exist, create a backup of the /.ssh/authorized_keys2 file and append the contents of the /.ssh/id_dsa.pub file to the original.

  7. On each remote computer where you want to install the Remote Agent agent, verify that the sshd_config file on each ssh server contains the uncommented keyword:

    PubkeyAuthentication yes
    

    The sshd_config file is usually located in /etc/ssh or /etc/opt/openssh.

  8. If the keyword is not found or is set to no, add the keyword and restart sshd. An ssh start/stop script should be located within /etc/init.d.

    The client computer must issue one ssh command to each ssh server so that its key fingerprint is received, and it becomes a known host. Successive ssh-issued commands are answered without prompting for a password, passphrase, or confirmation. You can now successfully run the Remote Agent install script using the -usessh option. After the installation finishes, you can restore the backup copies of /.ssh/authorized_keys2 on each server.

To test the trust relationship on all operating systems

  1. On the SSH client computer from where you installed the Remote Agent, log on as root.

  2. To test the trust relationship, type the following command:

    ssh root@<target name or IP address>

  3. At the prompt, type Yes.

To remove the trust relationship after you install the Remote Agent

More Information

About creating the beoper group

Publishing Linux and UNIX hosts to a media server