UnixPedia : HPUX / LINUX / SOLARIS: January 2013

Thursday, January 31, 2013

HPUX :Business Copy :ERROR: A bad devicename or groupname exists in HORCM_DEV

 

Today while configuring the business copy set-up on one of serve, I encounter below issue.

 

 

Horcm startup is getting failed with below Error in Curlog :

 

[root@ serverA:/.root]#

#-> horcmshutdown.sh 0

inst 0:

HORCM Shutdown inst 0 !!!

[root@serverA:/.root]#

#-> horcmstart.sh 0

starting HORCM inst 0

HORCM inst 0 has failed to start.

 

00:17:03-0b755-10424- [horcmcfgetent] fseek(top) OK.

00:17:03-0eddc-10424- ERROR: A bad devicename or groupname exists in HORCM_DEV : VG_EJ1_02_024 : vg_test: line 224

00:17:03-0fe87-10424- vg_test      VG_EJ1_02_024   CL5-B4  100     0

00:17:03-10e4b-10424- ERROR: A bad devicename or groupname exists in HORCM_DEV : VG_EJ1_02_025 : vg_test: line 225

00:17:03-1285c-10424- vg_test      VG_EJ1_02_025   CL5-B4  100     1

00:17:03-13812-10424- ERROR: A bad devicename or groupname exists in HORCM_DEV : VG_EJ1_02_026 : vg_test: line 226

00:17:03-1479d-10424- vg_test      VG_EJ1_02_026   CL5-B4  100     2

00:17:03-1574e-10424- ERROR: A bad devicename or groupname exists in HORCM_DEV : VG_EJ1_02_027 : vg_test: line 227

00:17:03-166f7-10424- vg_test      VG_EJ1_02_027   CL5-B4  100     3

00:17:03-18815-10424- [horcmcfgetent] read(conf_file) OK.

00:17:03-19b60-10424- [horcmcfgrdf] close(conf_file) OK.

 

 

It was later found that VG_EJ1_02_024   is already been used in  the horcm0.conf file, on the system. Once a unique devicename given horcm started successfully.

 

 

 

 

 

 

Sunday, January 27, 2013

HPUX : Itanium EFI HP-UX low quorum


Edit the AUTO file so we can boot when one disk is missing:

# efi_cp -d /dev/rdsk/cxtxdxs1 -u /EFI/HPUX/AUTO /tmp/AUTO

# vi /tmp/AUTO

modify "boot vmunix" to "boot vmunix -lq"

then put back the file on both EFI partitions with:

# efi_cp -d /dev/rdsk/cxtxdxs1 /tmp/AUTO /EFI/HPUX/AUTO

HPUX :How to mirror the root disk


How to mirror the root disk
The following procedure shows how to mirror the root disk. Let c10t1d0  be the existing primary disk and c2t10d0  the new mirror boot disk:
For LVM
Use idisk(1M) command to partition the disk according to this file:
# idisk -wf /tmp/partitionfile /dev/rdsk/c2t10d0  
idisk version: 1.2
********************** WARNING ***********************
If you continue you may destroy all data on this disk.
Do you wish to continue(yes/no)? yes
...
              1) Setup the disk partitions
At a cold-installed UX 11.23 system the partition sizes are different compared to UX 11.22. Use diskinfo(1M) to check the partition sizes. E.g. for a UX 11.23 system you would get:
# diskinfo /dev/rdsk/c10t1d0s1 | grep size
size: 512000 Kbytes
# diskinfo /dev/rdsk/c10t1d0s3 | grep size
size: 409600 Kbytes
Create a partition description file:
              2) Create the new device files for the new partitions (c2t10d0s1,s2, (s3))
# insf -e -Cdisk
3) Use efi_fsinit(1M) to initialize the FAT filesystem on the EFI partition:
# efi_fsinit -d /dev/rdsk/c2t10d0s1
NOTE: This step is not neccessary if it can be guaranteed that the mirror disk does not contain a valid EFI filesystem. In this case efi_fsinit(1M) will be done automatically by the subsequent mkboot(1M) command. But if you take e.g. an old UX 11.22 boot disk as mirror disk, mkboot will not automatically run efi_fsinit. As a result only 100MB of the 500MB EFI partition (s1) can be used.
4) Use mkboot(1M) to format the EFI partition (s1) and populate it with the EFI files below /usr/lib/efi/ and to format the LIF volume (part ofs2) and populate it with the LIF files (ISL, AUTO, HPUX, LABEL) below /usr/lib/uxbootlf:
# mkboot -e -l /dev/rdsk/c2t10d0  
# efi_ls -d /dev/rdsk/c2t10d0s1 (to check EFI)

UX 11.22
UX 11.23 (cold-installed)
# vi /tmp/partitionfile
2
EFI 100MB
HPUX 100%
# vi /tmp/partitionfile
3
EFI 500MB
HPUX 100%
HPSP 400MB

FileName Last Modified Size
EFI/ 11/ 5/2003 0
STARTUP.NSH 11/ 5/2003 296
total space 523251712 bytes, free space 520073216 bytes
# lifls -l /dev/rdsk/c2t10d0s2 (to check LIF)

5) Check the content of AUTO file on EFI partition:
# efi_cp -d /dev/rdsk/c2t10d0s1 -u /EFI/HPUX/AUTO /tmp/x; cat /tmp/x
NOTE: Specify the -lq option if prefer that your system boots up without interruption in case of a disk failure:
# mkboot -a "boot vmunix -lq" /dev/rdsk/c2t10d0  
# mkboot -a "boot vmunix -lq" /dev/rdsk/c10t1d0  
6) Copy the HP service partition (UX 11.23 only): (skip this, if you don’t have a service partition)
# dd if=/dev/rdsk/c10t1d0s3 of=/dev/rdsk/c2t10d0s3 bs=1024k
7) Initialize the LVM partition (s2) and add it to vg00:
# pvcreate [-f] –B /dev/rdsk/c2t10d0s2 (take care to uses2)
# vgextend vg00 /dev/dsk/c2t10d0s2
8) Mirror the LVs to thes2 partition:
# for i in lvol1 lvol2 ... lvol8 (specify each LV)
> do lvextend -m 1 /dev/vg00/$i /dev/dsk/c2t10d0s2
> done
9) Check if content of LABEL file (i.e. root, boot, swap and dump device definition) has been initialized (done by lvextend) on the mirror disk:
# lvlnboot -v Boot Definitions for Volume Group /dev/vg00:
Physical Volumes belonging in Root Volume Group:
/dev/dsk/c10t1d0s2 (0/1/1/1.2.0) -- Boot Disk
/dev/dsk/c2t10d0s2 (0/1/1/0.1.0) -- Boot Disk
Boot: lvol1 on: /dev/dsk/c10t1d0s2
/dev/dsk/c2t10d0s2
Root: lvol3 on: /dev/dsk/c10t1d0s2
/dev/dsk/c2t10d0s2
Swap: lvol2 on: /dev/dsk/c10t1d0s2
/dev/dsk/c2t10d0s2
Dump: lvol2 on: /dev/dsk/c10t1d0s2, 0
If not, then set it:
# lvlnboot -r /dev/vg00/lvol3
# lvlnboot -b /dev/vg00/lvol1
# lvlnboot -s /dev/vg00/lvol2
# lvlnboot -d /dev/vg00/lvol2
8) Add a line to /stand/bootconf for the new boot disk (the letter l is for LVM)
# vi /stand/bootconf l /dev/dsk/c2t10d0s2
l /dev/dsk/c10t1d0s2
NOTE: This is not neccessary to be able to boot from the mirror in the first place. But if you omit it then you will run into trouble when installing an EFI boot loader patch (e.g. PHKL_34088). This patch updates the hpux.efi boot loader on all disks listed in the bootconf file.
9) Specify the mirrored disk as alternate bootpath
# setboot –a <HW path of mirror> # setboot –h <HW path of mirror> (for UX 11.23 use the HA alternate) # setboot (to check it) 

HPUX : Changing Boot Option

Changing boot options:
HPUX> boot -is                                                 for single user mode
HPUX> boot -lq                                                 for LVM quorum mode
HPUX> boot –lm                                               for maintenance mode boot
HPUX> boot -tm                                                for failsave mode (no DLKMs etc,)
HPUX> boot backup                                          for booting backup kernel configuration
HPUX> boot vmunix.prev                                 for booting previous kernel

Wednesday, January 23, 2013

HPUX : User is not able to connect via ftp :

User is not able to connect to serverA via ftp  from serverB:

Ftp service is not active in /etc/inetd.conf
#-> grep -i ftp /etc/inetd.conf
#ftp          stream tcp6 nowait root /usr/lbin/ftpd    ftpd -l -a -o -u 022
# Before uncommenting the "tftp" entry below, please make sure

Unhashed the ftp  and run (inetd –c) to re-read the configuration from the file /etc/inetd.conf.
#-> inetd –c
Syslog.log :
Jan 23 13:18:41 serverA inetd[4002]: Rereading configuration
Jan 23 13:18:41 serverA inetd[4002]: ftp/tcp: Added service, server /usr/lbin/ftpd
Jan 23 13:18:41 serverA inetd[4002]: Configuration complete


Still user complain the account is getting “login incorrect error”

Jan 23 13:32:14 serverA ftpd[2576]: FTP server (Revision 5.0 Version wuftpd-2.6.1 Thu Apr 29 06:48:40 GMT 2010) ready.
Jan 23 13:32:17 serverA ftpd[2576]: ACCESS DENIED (not in any class) TO serverB[10.136.xxx.xxx]
Jan 23 13:32:17 serverA ftpd[2576]: FTP LOGIN REFUSED (access denied) FROM serverB[10.136.xxx.xxx], xxxxxxxx




While investigation it was found that ftpaccess do not hold below entries.

#-> cat ftpaccess
banner /etc/issue

Add below line to this ftpacces file :

#-> cat ftpaccess
loginfails 3

class   local   real *.domain 0.0.0.0
class   remote  real *

limit   local   60  Any                 /etc/msgs/msg.toomany
limit   remote  60  Any                 /etc/msgs/msg.toomany

readme  README*    login
readme  README*    cwd=*

message /etc/motd            login
message .message                cwd=*

banner /etc/issue
suppresshostname        yes
suppressversion yes

compress        yes             local remote
tar             yes             local remote

# allow use of private file for SITE GROUP and SITE GPASS?
private         yes
# passwd-check  <none|trivial|rfc822>  [<enforce|warn>]
passwd-check    rfc822  warn

log commands real
log transfers anonymous,real inbound,outbound

# all the following default to "yes" for everybody
delete          no      guest,anonymous         # delete permission?
overwrite       no      guest,anonymous         # overwrite permission?
rename          no      guest,anonymous         # rename permission?
chmod           no      guest,anonymous         # chmod permission?
umask           no      guest,anonymous         # umask permission?


This resolve the issue, now user is able to connect to server and (login incorrect message is gone now)


Route add and delete;

how to delete a static route

Description

 

To delete a static route:

# route delete [ net | host ] destination gateway [args]

 

To delete a static route for network 1x2.26.13.0/24 via 172.26.13.1:

# route delete net 1x2.26.13.0 172.26.13.1

 

To delete a static route to host 1x2.26.14.5 via 172.26.13.1:

# route delete host 1x2.26.14.5 172.26.13.1

Example

route delete net 1x2.26.13.0 1x2.26.13.1

 

adding a route :

 

route add net 1x.36.113 netmask 255.255.255.0 1x.36.112.1 1

route add default 1x.36.112.1 1 source 1x.36.113.244

route add default 1x.36.112.1 1 source 1x.36.113.244

 

Tuesday, January 22, 2013

HPUX : How to remove or release share memory and Semaphore

Database got hung , and it is believe that it was not cleanly down. Which left some shared memory and semaphore on the server.
While database start up , it complain of share memory.

To check the shared Memory and semaphore :

% ipcs -a
% ipcs -mab

#-> ipcs -ma|grep -i Kondba
m  177307655 0x00000000 --rw-rw----    Kondba    condba    Kondba    condba     21 1462915072 28073 21739  9:49:24  9:51:06  4:31:53
m    1769491 0x00000000 --rw-rw----    Kondba    condba    Kondba    condba     21 1476395008 28073 21739  9:49:24  9:51:06  4:31:53
m     229397 0x00000000 --rw-rw----    Kondba    condba    Kondba    condba     21 1194823680 28073 21739  9:49:24  9:51:06  4:31:53
m     196630 0x1c9e12b0 --rw-rw----    Kondba    condba    Kondba    condba     21      12288 28073 21739  9:49:24  9:51:06  4:31:53
m      32793 0x00000000 --rw-rw----    Kondba    condba    Kondba    condba      0  507408384 22350 27863  5:41:15  5:41:15  0:44:12
m      32794 0x3d6313d4 --rw-rw----    Kondba    condba    Kondba    condba      0      12288 22350 22298  9:52:23  9:52:23  0:44:12
m   11304987 0x90321bdc --rw-r-----    Kondba    condba    Kondba    condba     13 1075056640 29768 21978  9:50:04  9:51:12  1:04:19
m     327708 0xdc600560 --rw-r-----    Kondba    condba    Kondba    condba     16 1074008064   305 21291  9:48:09  9:48:09  1:05:20
m     229405 0x3aec7cb8 --rw-r-----    Kondba    condba    Kondba    condba     15  897847296   475 21315  9:48:24  9:48:24  1:06:02

Below process have NATTACH value is equal to 0

32793 0x00000000 --rw-rw----    Kondba    condba    Kondba    condba      0
 32794 0x3d6313d4 --rw-rw----    Kondba    condba    Kondba    condba      0
One line command to check the NATTACH :
#ipcs -mob |awk '$1=="m" && $7==0 {print $0}'
The command syntax to remove the shared memory segments or semaphores is as follows:
   %  ipcrm -m <shared memory id>
   %  ipcrm -s <semaphore id>
  %   ipcrm  -m 32793
  %  ipcrm   -m 32794

After cleaning the shared memory , DB will be started successfully.


HPUX : How to unlock a user and refresh the password policy

To unlock a user account and refresh the password policy

 

>i=<account>

 

Below command will show about the current status of the account

/usr/lbin/getprpw $i

#-> /usr/lbin/getprpw $i

uid=26326, bootpw=NO, audid=503, audflg=0, mintm=1, maxpwln=-1, exptm=90, lftm=-1, spwchg=Wed Jan  9 08:43:09 2013, upwchg=-1, acctexp=-1, llog=-1, expwarn=14, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=NO, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Tue Jan 22 07:05:04 2013, ulogint=Mon Jan 21 06:41:15 2013, sloginy=-1, culogin=-1, uloginy=pts/1, umaxlntr=-1, alock=NO, lockout=0010000

 

To unlock a user account and refresh the password policy run below command

#/usr/lbin/modprpw -k -l $i; /usr/lbin/modprpw -v -l $i

 

 

Monday, January 21, 2013

HPUX Business copy : How to manually split the single disk group of Business Group


How to manually split the single disk group of Business Group
Export the business cpy instance variable
export HORCMINST=0
export HORCC_MRCF=1
> >
> >
> >
> > pairdisplay -g TEST_BC -fxcd
> >
> > Group   PairVol(L/R) Device_File    M  ,Seq#,LDEV#.P/S,Status,   % ,P-LDEV# M
> >
> > TEST_BC    TEST_BC_018(L)  c70t7d6        0  48879  5e1c.P-VOL PSUS,  100    5e20 W
> >
> > TEST_BC    TEST_BC_018(R)  c74t7d6        0  48879  5e20.S-VOL SSUS,  100    5e1c -
> >
> > TEST_BC    TEST_BC_019(L)  c70t7d7        0  48879  5e1d.P-VOL PSUS,  100    5e21 W
> >
> > TEST_BC    TEST_BC_019(R)  c74t7d7        0  48879  5e21.S-VOL SSUS,  100    5e1d -
> >
> > Group   PairVol(L/R) Device_File    M  ,Seq#,LDEV#.P/S,Status,   % ,P-LDEV# M
> >
> > TEST_BC    TEST_BC_020(L)  c70t8d0        0  48879  5e1e.P-VOL PSUS,  100    5e22 W
> >
> > TEST_BC    TEST_BC_020(R)  c74t8d0        0  48879  5e22.S-VOL SSUS,  100    5e1e -
> >
> > TEST_BC    TEST_BC_021(L)  c70t8d1        0  48879  5e1f.P-VOL PSUS,  100    5e23 W
> >
> > TEST_BC    TEST_BC_021(R)  c74t8d1        0  48879  5e23.S-VOL SSUS,  100    5e1f -
> >
> >
> >
> > Below command are destructive it will remove the pairing of disk , and data on SVOL will be non recoverable.
> >
> > #pairsplit  -S  -g TEST_BC -d TEST_BC_018
> >
> > #pairsplit  -S -g TEST_BC -d TEST_BC_019
> >
> > #pairsplit  -S -g TEST_BC -d TEST_BC_020
> >
> > #pairsplit  -S  -g TEST_BC -d TEST_BC_021
> >
> >
> >
> > Now disk are in SMPL status
> >
> >
> >
> > pairdisplay -g TEST_BC -fxcd
> >
> > Group   PairVol(L/R) Device_File    M  ,Seq#,LDEV#.P/S,Status,   % ,P-LDEV# M
> >
> > TEST_BC    TEST_BC_018(L)  c70t7d6        0  48879  5e1c.SMPL  ----,-----   ----- -
> >
> > TEST_BC    TEST_BC_018(R)  c74t7d6        0  48879  5e20.SMPL  ----,-----   ----- -
> >
> > TEST_BC    TEST_BC_019(L)  c70t7d7        0  48879  5e1d.SMPL  ----,-----   ----- -
> >
> > TEST_BC    TEST_BC_019(R)  c74t7d7        0  48879  5e21.SMPL  ----,-----   ----- -
> >
> > Group   PairVol(L/R) Device_File    M  ,Seq#,LDEV#.P/S,Status,   % ,P-LDEV# M
> >
> > TEST_BC    TEST_BC_020(L)  c70t8d0        0  48879  5e1e.SMPL  ----,-----   ----- -
> >
> > TEST_BC    TEST_BC_020(R)  c74t8d0        0  48879  5e22.SMPL  ----,-----   ----- -
> >
> > TEST_BC    TEST_BC_021(L)  c70t8d1        0  48879  5e1f.SMPL  ----,-----   ----- -
> >
> > TEST_BC    TEST_BC_021(R)  c74t8d1        0  48879  5e23.SMPL  ----,-----   ----- -
> >
> >
> >
> > Revert the changes
> >
> >
> >
> > paircreate -g TEST_BC -d TEST_BC_018 -vl
> >
> > paircreate -g TEST_BC -d TEST_BC_019 -vl
> >
> > paircreate -g TEST_BC -d TEST_BC_020 -vl
> >
> > paircreate -g TEST_BC -d TEST_BC_021 -vl
> >
> >
> >
> >
> >
> > pairdisplay -g TEST_BC -fxcd
> >
> > Group   PairVol(L/R) Device_File    M  ,Seq#,LDEV#.P/S,Status,   % ,P-LDEV# M
> >
> > TEST_BC    TEST_BC_018(L)  c70t7d6        0  48879  5e1c.P-VOL PAIR,  100    5e20 -
> >
> > TEST_BC    TEST_BC_018(R)  c74t7d6        0  48879  5e20.S-VOL PAIR,  100    5e1c -
> >
> > TEST_BC    TEST_BC_019(L)  c70t7d7        0  48879  5e1d.P-VOL PAIR,  100    5e21 -
> >
> > TEST_BC    TEST_BC_019(R)  c74t7d7        0  48879  5e21.S-VOL PAIR,  100    5e1d -
> >
> > Group   PairVol(L/R) Device_File    M  ,Seq#,LDEV#.P/S,Status,   % ,P-LDEV# M
> >
> > TEST_BC    TEST_BC_020(L)  c70t8d0        0  48879  5e1e.P-VOL COPY,   92    5e22 -
> >
> > TEST_BC    TEST_BC_020(R)  c74t8d0        0  48879  5e22.S-VOL COPY,   92    5e1e -
> >
> > TEST_BC    TEST_BC_021(L)  c70t8d1        0  48879  5e1f.P-VOL COPY,   44    5e23 -
> >
> > TEST_BC    TEST_BC_021(R)  c74t8d1        0  48879  5e23.S-VOL COPY,   44    5e1f -
> >
> >
> >
> > Split the disk in normal mode ,so it become suspended:
> >
> > pairsplit  -g TEST_BC -d TEST_BC_018
> >
> > pairsplit  -g TEST_BC -d TEST_BC_019
> >
> > pairsplit  -g TEST_BC -d TEST_BC_020
> >
> > pairsplit  -g TEST_BC -d TEST_BC_021
> >
> >
> >
> > pairdisplay -g TEST_BC -fxcd
> >
> > Group   PairVol(L/R) Device_File    M  ,Seq#,LDEV#.P/S,Status,   % ,P-LDEV# M
> >
> > TEST_BC    TEST_BC_018(R)  c74t7d6        0  48879  5e20.S-VOL SSUS,  100    5e1c -
> >
> > TEST_BC    TEST_BC_019(L)  c70t7d7        0  48879  5e1d.P-VOL PSUS,  100    5e21 W
> >
> > TEST_BC    TEST_BC_019(R)  c74t7d7        0  48879  5e21.S-VOL SSUS,  100    5e1d -
> >
> > Group   PairVol(L/R) Device_File    M  ,Seq#,LDEV#.P/S,Status,   % ,P-LDEV# M
> >
> > TEST_BC    TEST_BC_020(L)  c70t8d0        0  48879  5e1e.P-VOL PSUS,  100    5e22 W
> >
> > TEST_BC    TEST_BC_020(R)  c74t8d0        0  48879  5e22.S-VOL SSUS,  100    5e1e -
> >
> > TEST_BC    TEST_BC_021(L)  c70t8d1        0  48879  5e1f.P-VOL PSUS,  100    5e23 W
> >
> > TEST_BC    TEST_BC_021(R)  c74t8d1        0  48879  5e23.S-VOL SSUS,  100    5e1f -

UNIX : Issue while Mounting a logical Volume on mount point


Sometime while mounting a Logical volume on a mount point it show that mount point is busy.

#fuser -cu /abc/test
<no output of process will be reported , but still you could not able to mount it>

Solution :

Run fuser -ku to kill any process or shell or user using it .

#fuser -ku /tabc/test

Then try to mount the logical volume

#mount /dev/vg001/lv_test /abc/test

Sunday, January 20, 2013

HPUX :Create a user to user_test on ANNANTIKA server.


Create a user to user_test on ANNANTIKA server. User description is given below.

User Name:- user_test

Primery group:- dstage8::205:

Secondry group:- dba::200:

Access on folder :-/abc/bipdata/abc_test


 Check there is any user available in /etc/passwd  for same name

   # more /etc/passwd|grep -i <user_Name>

If not follow the below mentioned step.

1.     Take a backup copy of hosts file.

Annatika#cp -p /etc/passwd /tmp/passwd.<current_date>

2.     Add the user by using command line

Useradd –g<P_group> -G <S_group> -C <U_Des> -d<Home Dir> -s <Login_Shell> -m <U_Name>

Eg:-
Annatika#useradd -g dstage8 -G dba –C user_test -d /home/user_test -s /bin/csh -m user_test

Option:-

g  :- For primary user group
G :- For Secondary user group.
d  :- For home directory.
s  :- For user login shell
m :- For user name.
C :- For user Description.


3.     Set the user password.
 #passwd <User_Name>
#New passwd: <Password>
#Re-enter New passwd:<Password>

Eg:-
Annatika#passwd user_test
Annatika# New password:*******
Annatika# Re-enter New Password:*******

4.     Check the user is created and password.

#telnet <server_name>  (User has created on Server)
Login: <user_name>
Password:******

Eg:-
ukcsbdu1#telnet Annatika
Login user_test

Password: *******

ukcsbdu1#exit


5 Check the user home directory and group etc.
#cd <home_directory>
# more /etc/group|grep –i <group_name>

Eg:-
ukcsbdu1#cd /home/user_test
ukcsbdu1#more /etc/group|grep -i dstage8
ukcsbdu1#more /etc/group|grep -i user_test
ukcsbdu1#more /etc/group|grep -i dba

If the user is not added in particular group use following command for adding in group.

usermod -G <Group Name>  <User Name>

Note:- For primary user group use g option.


6 Check Where user is able to access the following folder.

Annatika#cd <Folder path>

HPUX : How to check a inode of a file in unix

Q :How to check a inode of a file in unix

A: On command line :
    #ls -i  /etc/inetd.conf
752010 /etc/inetd.conf

HPUX :Script to find out lock-out user on the system

Below coed can be save as in file as lock.sh

#cat >lock.sh
Then run as hs or ksh
#ksh lock.sh
-----------------------------Start of file ------------------------------------------

for i in ` cat /etc/passwd | cut -d":" -f1`
do
lockout=`/usr/lbin/getprpw -m lockout $i`
LOCK=`echo $lockout |cut -c14`

if [[ $LOCK = 1 ]]
then
echo "--------------------user $i  is locked -------------"
else
echo " --------------------user $i is not locked -----------$i"
fi
done
-----------------------------End of file ----------------------------------------------

HPUX : Generation and Distribution of SSH KEY


Machine1 (user1) wants to login Machine2 (user2) without password.
To configure public-key authentication, follow these steps:
1.      To generate RSA key pairs, run the following command on the Machine1 as user1:
#  mkdir  ~/.ssh
#  ssh-keygen -t rsa
2.      The following output is displayed:
Generating public/private rsa key pair.
Enter file in which to save the key (//.ssh/id_rsa):<Press Enter>
Enter passphrase (empty for no passphrase): <Press Enter>
Enter same passphrase again: <Press Enter>
Your identification has been saved in /tmp/hi.
Your public key has been saved in /tmp/hi.pub.
The key fingerprint is:
84:7d:f5:dd:88:f7:53:88:8a:6e:f7:85:04:28:6e:ed root@<hostname>
5.      HP-UX Secure Shell generates the key pairs id_rsa and id_rsa.pub and stores them in the $HOME/.ssh directory on the Machine1 system.
6.      Set the following configuration directive in the /opt/ssh/etc/sshd_config configuration file on the Machine1 system:

PubkeyAuthentication yes

9.      To ensure that the permissions of the home directory of the Machine1, the $HOME/.ssh directories, and all files under the $HOME/.ssh directory match the permissions listed in Table 4-2, run the following commands:
# ll -d $HOME
# ll -d $HOME/.ssh
#ll $HOME/.ssh/


11.  Table 4-2 lists the specific permissions for these files and directories.
12.  Table 4-2 Permissions for the Machine1 Files and Directories
File/Directory
Permissions
$HOME (home directory)
drwx------    or drwxr-xr-x
$HOME/.ssh
drwx------   or drwxr--r--
$HOME/.ssh/id_rsa and id_dsa
-rw-r--r--    or -rw------
$HOME/.ssh/id_rsa.pub and id_dsa.pub
-rw-r--r-- or -rw------
$HOME/.ssh/config
-rwx------
· 
#mkdir ~/.ssh  [Run this command in Machine2 as user2]
Now the below commands in Machine1 as user1:
#cat $HOME/.ssh/id_dsa.pub |ssh  user2@Machine2  ‘cat - >> $HOME/.ssh/authorized_keys



The following output is displayed:

The authenticity of host ’remoteuser.remotehost (15.70.189.130)’ can’t be established
RSA key fingerprint is 2a:c9:77:ad:d5:d3:ef:c3:1e:12:12:9e:3a:9f:c0:38.
Are you sure you want to continue connecting (yes/no)?

· Enter yes to continue with the connection. The following message is displayed:


Enter no if you do not want to continue with the connection.
·  To enable public-key authentication, set the following directive in the Machine2 configuration file /opt/ssh/etc/sshd_config:

PubkeyAuthentication yes

·  Set the directory and file permissions on the Machine2 as specified in Table 4-3.
Table 4-3 Permissions for the Machine2 Files and Directories
File/Directory
File Permission
$HOME (home directory)
drwx------    or drwxr-xr-x
$HOME/.ssh
drwx------   or drwxr--r--
$HOME/.ssh/authorized_keys and $HOME/.ssh/authorized_keys2
-rw-r--r--    or -rw------


NOTE: The $HOME and $HOME/.ssh directories, and all the files in the $HOME/.ssh directories must be owned by the respective users whose home directories they are.

· To connect to the Machine2 (user2), run the following command in Machine1 as user1:

$ ssh Machine2

The Machine2 does not prompt for the password. The secure connection is established between the Machine2 and the Machine1.

In order to set up ssh to only accept login by public key and not interactive login, the following changes are needed to sshd_config

PermitRootLogin without-password

Change: (remove the # and save the file)
#PubkeyAuthentication yes
to
PubkeyAuthentication yes

You must restart the sshd daemon next to implement:

/sbin/init.d/secsh stop
/sbin/init.d/secsh start

Make sure you have placed a public key file from a system you want to login and tested it first or your access will be console, hands on the keyboard only. That can be a big problem on remote systems.