How to get around the new security implementation running HMC R3v2.6

From: Stefan Strandfelt (stefan_strandfelt@YAHOO.COM)
Date: Mon Feb 09 2004 - 08:06:18 EST

• Next message: Greg Breuer: "AIX 5.1, 43Ps and the mouse"
• Previous message: Renison, Rick: "Re: PID Length"
• Next in thread: hdkutz@HDKUTZ.DE: "Re: How to get around the new security implementation running HMC R3v2.6"
• Reply: hdkutz@HDKUTZ.DE: "Re: How to get around the new security implementation running HMC R3v2.6"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

How to get around the new security implementation running HMC R3v2.6
lshmc -V
Release: 3
 Version: 2.6
HMC Build level 20040113.1

0. If you follow this HowTo, you do in at your own risk, no guarantee are given at all, you are
on your on!

1. Enable Remote Command Execution with ssh
Hardware Management Console -> Navigation Area -> HMC Maintenance
Enable or Disable Remote Command Execution
Tick the box next to "Enable remote command execution using the ssh facility"

2. Create the hscpe user.
Hardware Management Console -> Navigation Area -> HMC Management -> Users
Users -> New -> Users
Login name: hscpe
Full name: hscpe
User role: System Administrator

3. Get PE Password
3a. Logon the HMC with ssh as the user hscpe and run the following
    command to get the serialnumber of the HMC.
    [hscpe@hmc1 hscpe]$ lshmc -v | grep ^*SE
    *SE 10AA01A
    [hscpe@hmc1 hscpe]$

3b. Contact IBM and supply them with the serialnumber of your HMCs.

4. Get around the new security implementation and export the HMC GUI to another machine!

Get around the restricted shell and get a working environment.

aix1:/ ssh hscpe@hmc1 # Logon to the HMC with ssh as the user hscpe
hscpe@aixhmc1's password:
[hscpe@hmc1 hscpe]$ SE=`lshmc -v | grep ^*SE | cut -c 5-`
[hscpe@hmc1 hscpe]$ pesh $SE
Password: # Use the password you got from IBM.
[hscpe@hmc1 hscpe]$
[hscpe@hmc1 hscpe]$ echo $PATH
/opt/IBMJava2-131/jre/bin:/bin:/usr/bin:/usr/local/bin:/usr/bin/X11:/usr/X11R6/bin:/opt/hsc/bin:/opt/csm/bin:/opt/IBMJava2-131/jre/bin:
[hscpe@hmc1 hscpe]$
[hscpe@hmc1 hscpe]$ vi /home/hscpe/.mysshrc # Add the path you got above to the PATH line. And
comment the set -r row.
[hscpe@hmc1 hscpe]$
[hscpe@hmc1 hscpe]$ cat /home/hscpe/.mysshrc/.mysshrc
PATH=/opt/IBMJava2-131/jre/bin:/bin:/usr/bin:/usr/local/bin:/usr/bin/X11:/usr/X11R6/bin:/opt/hsc/bin:/opt/csm/bin:/opt/IBMJava2-131/jre/bin:
#PATH=/opt/IBMJava/jre/bin/:/usr/local/bin:/hmcrbin/:/usr/hmcrbin:
export PATH
#set -r
[hscpe@hmc1 hscpe]$

Now we need to make sure that the file "/home/hscpe/.mysshrc" does NOT get changed
and we need to get the X11 forwarding working, since IBM has not followed the
sshd manpage regaring the use of "$HOME/.ssh/rc" and "/etc/ssh/sshrc",
this can however have been done on purpose to prohibit X11 forwarding to work.

[hscpe@hmc1 hscpe]$ su - # Become root
Password: # Use the default password which is "passw0rd" if you haven't changed it.
[root@hmc1 root]#
[root@hmc1 root]# cat /etc/ssh/sshrc
cp /opt/hsc/data/ssh/hmcsshrc $HOME/.mysshrc 2>/dev/null
chmod 555 $HOME/.mysshrc 2>/dev/null
cp /opt/hsc/data/ssh/bashrc $HOME/.bashrc 2>/dev/null
chmod 555 $HOME/.bashrc 2>/dev/null
cp /opt/hsc/data/ssh/hmcprofile $HOME/.bash_profile 2>/dev/null
chmod 555 $HOME/.bash_profile 2>/dev/null
[root@hmc1 root]#
[root@hmc1 root]# mv /etc/ssh/sshrc /etc/ssh/sshrc.`date +%Y%m%d` # move the file
[root@hmc1 root]#
[root@hmc1 root]# cat /home/hscpe/.ssh/rc
cp /opt/hsc/data/ssh/hmcsshrc $HOME/.mysshrc 2>/dev/null
chmod 555 $HOME/.mysshrc 2>/dev/null
cp /opt/hsc/data/ssh/bashrc $HOME/.bashrc 2>/dev/null
chmod 555 $HOME/.bashrc 2>/dev/null
cp /opt/hsc/data/ssh/hmcprofile $HOME/.bash_profile 2>/dev/null
chmod 555 $HOME/.bash_profile 2>/dev/null
[root@hmc1 root]#
[root@hmc1 root]# mv /home/hscpe/.ssh/rc /home/hscpe/.ssh/rc.`date +%Y%m%d` # move the file
[root@hmc1 root]#

Logout from the HMC

Now to verify that we got a working environment where we can export
the HMC GUI to another machine without running pesh and requesting
PE passwords all the time.

aix1:/ export DISPLAY=10.10.10.10:0.0 # export the display to the machine where you want to have
the HMC GUI exported to!
aix1:/ xclock # To verify that the export of the display works.
aix1:/
aix1:/ ssh hscpe@hmc1 # Logon to the HMC with ssh as the user hscpe
hscpe@aixhmc1's password:
[hscpe@hmc1 hscpe]$ wsm & # NOw you should get the HMC GUI after a little while.

Now you should have a working environment where you can export the HMC GUI to another machine
without the need for PE passwords!

This short How To has been made by:
Stefan Strandfelt
stefan_strandfelt@yahoo.com

If you update this HowTo, you must send the updated HowTo to the author.
2003-11-26 v1.0 First version for R3v2.5
2003-11-27 v1.1 Corrected some typos.
2004-02-09 v1.2 Updated for R3V2.6

__________________________________
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html

• Next message: Greg Breuer: "AIX 5.1, 43Ps and the mouse"
• Previous message: Renison, Rick: "Re: PID Length"
• Next in thread: hdkutz@HDKUTZ.DE: "Re: How to get around the new security implementation running HMC R3v2.6"
• Reply: hdkutz@HDKUTZ.DE: "Re: How to get around the new security implementation running HMC R3v2.6"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:34 EDT