This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.
Control-M/Server for UNIX and Microsoft Windows Control-M/Agent for UNIX and Microsoft Windows Control-M/Enterprise Manager
How do you define via the CCM GUI a "Remote Host/Agent" and an "Owner" that uses "SSH" and "Key Authentication" method?
The following video demonstrates this solution:
1. Login to the CCM GUI and from the menus select "Components --> New --> Remote Host..."
2. From the drop down list in the "CONTROL-M/Server Name" field select the CONTROL-M/Server that the new Remote Host will be connected to
3. Specify the Remote Host nodeid (i.e. Hostname) in the "Remote Host Name" field
4. Select the Agents that will be used to access the Remote Host. Do this by ticking the checkbox's of the Agents that you wish to use
Note: A minimum of one Agent must be selected
Note: It is recommended, but not mandatory, for redundancy and performance reasons to have more than one Agent that can be used to access a Remote Host
5. Press the "Next" button
6. Select the "SSH" radio button (default) and specify the SSH Server Port and Encryption Algorithm
7. It is recommended to check (i.e. select) the "Compression" checkbox if the connection to the Remote Host will be over a slow network connection (e.g. Modem)
Note: If the connection is over a fast network connection, so checking (i.e. selecting) the "Compression" checkbox will slow the performance of CONTROL-M accessing the Remote Host
8. Press the "Next" button
9. Select the "I want to define a new owner for this host" radio button
10. In the "Owner Properties" enter the following details:
Owner = The UNIX Account Name that you want to submit jobs as on this Remote Host
Host = The Remote Host nodeid (i.e. hostname)
Select the "Use Key authentication (SSH Only)" radio button
Key Name = The private key that you want to use to Authenticate against the Remote Host (The is the private key you created using "ctmkeygen" utility on CONTROL-M/Server)
Passphrase = The Passpgrase of the private key (The is the passphrase you specified when you created the private key using "ctmkeygen" utility on CONTROL-M/Server)
Note: For more information about using the "ctmkeygen" utility refer to the "CONTROL-M/Server for UNIX and Microsoft Windows Administration Guide", version 6.3.01 (and above), chapter 3 "Utilities", sub chapter "ctmkeygen" or see Knowledge Article KM-000010042851 available from the BMC Knowledge Base
Note: If the "Use Key authentication (SSH Only)" radio button is grayed out and can not be selected, see Knowledge Article KM-000010042851 available from the BMC Knowledge Base, for details on what can cause that and how it be resolved
11. Press the "Finish" button
The Remote Host and Owner are saved and added to CONTROL-M/Server.
The Remote Host will now appear in the list of Agents seen for the specified CONTROL-M/Server in the CCM GUI.
1. When you "test" or "ping" the Remote Host via CCM GUI, only the network connectivity to the remote host is checked and not the user authentication
i.e. The "test"/"ping" will work even if the private/public keys do not match, or the public key has not been moved to the Remote Host
2. After you create the private/public key using "ctmkeygen" utility you need to move the public key to the SSH Server (i.e. The remote host)
The method to do this depends on the SSH Server type (OpenSHH or SSH2)
Please refer to the "CONTROL-M/Server for UNIX and Microsoft Windows Administration Guide", version 6.3.01 (and above), chapter 3 "Utilities", sub chapter "ctmkeygen" and see the section "Copying public keys to the SSH server" for some instructions on how this can be done
For more information about this please refer to your SSH Server Administrator or to any public documentation available for your SSH Server type
3. When moving the public key to the SSH Server host (which is the remote host), if using FTP:
- From UNIX to UNIX it should be done in ASCII mode
- From Windows to UNIX, or vice-versa, it should be done in Binary mode
4. To confirm the original public key file and destination public key file are the same, use `cksum <public key filename>` command and ensure this command returns the same value on both hosts
5. If the value specified in the "owner" field of the Job has not been defined as the Owner Account for this Remote Host in "Owner Authentication Settins" properties window, the job wil fail and the message in the Job Log will be something like:
TR5167 Error: Owner: <owner> is not defined for the remote host: <nodeid>. Use 'Owners Authentication Settings' or ctmsetown to do define it
6. If the public or private keys are not correct, the job will fail and the message in the Job Log will be something like:
TR5167 Authentication failed. Invalid user/password/key
7. For more information about this issue please refer to the following guides:
- "CONTROL-M/Enterprise Manager Administration Guide", version 6.3.01 (or above), chapter 2 "CONTROL-M/EM administrative tasks", sub chapter "Configuring remote hosts for a CONTROL-M/Server"
- "CONTROL-M/Server for UNIX and Microsoft Windows Administration Guide", version 6.3.01 (and above), chapter 3 "Utilities", sub chapter "ctmkeygen"