4.4 Allowing SSH Access

To illustrate how LUM-enabled services work, we will briefly experiment with SSH access for eDirectory LUM-enabled users. In Section 10.2.4, SSH and NetStorage Administration, you will see that SSH access is required for a key NetStorage administration feature.

Complete the steps in the following sections:

4.4.1 Allowing SSH Access Through the Firewall

  1. On the OES 2 getting-started lab server, click Computer > YaST Administrator Settings, then click Security and Users > Firewall.

  2. In the left navigation frame, click Allowed Services.

  3. In the Services to Allow drop-down list, select SSH.

  4. Click Add > Next > Accept.

    The firewall is now configured to allow SSH connections with the server.

  5. Continue with Adding SSH as an Allowed Service in LUM.

4.4.2 Adding SSH as an Allowed Service in LUM

  1. In YaST in the Open Enterprise Server group, click OES Install and Configuration.

  2. Click Accept.

  3. When the Novell Open Enterprise Server Configuration page has loaded, click the Disabled link under Linux User Management.

    The option changes to Enabled and the configuration settings appear.

  4. Click Linux User Management.

  5. Type the eDirectory Admin password in the appropriate field, then click OK > Next.

  6. In the list of allowed services, click sshd.

  7. Click Next > Next > Finish, then close YaST.

  8. Continue with Verifying SSH Access.

4.4.3 Verifying SSH Access

The LUMUsers group in eDirectory now has SSH as an allowed service. To verify this:

  1. On the getting-started lab workstation, in the iManager Roles and Tasks list, click Directory Administration > Modify Object.

  2. Click the Browse icon Browse icon next to the Object Name field.

  3. Browse to and select the LUMUsers group object (in COMPANY > LAB > USERS), then click OK.

  4. Click the Linux Profile tab, click the General sub-tab, then select the UNIX Workstation object.

  5. Click the Linux Services sub-tab.

  6. Notice that sshd (the SSH daemon) is listed as a LUM-Enabled service, then click OK.

  7. (Optional) If you want to verify that SSH access works, install an SSH client on the workstation and attach to the getting-started lab server through one of the LUM-enabled users. Be aware, however, that this creates a POSIX home directory for the user in /home and might require adjustments to procedures in the next section, Creating a Home Directory for the linux* Users.

  8. Continue with Creating a Home Directory for the linux* Users.