SEO

#1 (**permalink**) 01-25-2008, 06:45 AM

Hello,

It annoys me that NIM uses rsh to distribute software, and other tasks. I
find it annoying, because then security basically boils down to trusting
IP addresses.

Can SSH somehow be used instead? - Or are there other ways of securing
NIM operations?

--
Regards,
Troels Arvin <[email protected]>
http://troels.arvin.dk/

#2 (**permalink**) 01-25-2008, 06:45 AM

On Jan 24, 4:05*pm, Troels Arvin <[email protected]> wrote:
> Hello,
>
> It annoys me that NIM uses rsh to distribute software, and other tasks. I
> find it annoying, because then security basically boils down to trusting
> IP addresses.
>
> Can SSH somehow be used instead? - Or are there other ways of securing
> NIM operations?
>
> --
> Regards,
> Troels Arvin <[email protected]>http://troels.arvin.dk/

as long as you are at least at aix 5.3, change "Communication Protocol
used by client" to nimsh rather than shell.

#3 (**permalink**) 01-25-2008, 02:33 PM

On Jan 24, 4:05*pm, Troels Arvin <[email protected]> wrote:
> Hello,
>
> It annoys me that NIM uses rsh to distribute software, and other tasks. I
> find it annoying, because then security basically boils down to trusting
> IP addresses.
>
> Can SSH somehow be used instead? - Or are there other ways of securing
> NIM operations?
>
> --
> Regards,
> Troels Arvin <[email protected]>http://troels.arvin.dk/

Although NIMSH eliminates the need for rsh, in the default
configuration it does
not provide trusted authentication based on key encryption. To use
cryptographic
authentication with NIMSH, you can configure NIMSH to use OpenSSL in
the
NIM environment. When you install OpenSSL on a NIM client, SSL socket
connections are established during NIMSH service authentication.
Enabling
OpenSSL provides SSL key generation and includes all cipher suites
supported
in SSL version 3.

smitty nim_config_services

A good reference is redbook SG24-7296-00

hth
Duncan

SEO

SSH-based NIM?