186 The IBM TotalStorage NAS Gateway 500 Integration Guide
If the primary hard disk fails in such a configuration, the operating system
continues to run from the second hard disk until the failed drive is replaced. If a
reboot has to be done in this degraded state, the operator needs to select the
second disk as the booting device in the boot list.
8.3 OpenSSH for command line access
In companies, the security guidelines prohibit the use of telnet. The problem with
telnet is that all data, even user names and passwords, is transmitted in plain
text. OpenSSH offers the possibility to connect remotely via command line but to
encrypt all data that will be transferred between the command line client and the
NAS Gateway 500. This allows you to do system management tasks securely.
OpenSSL is the Secure Socket Layer toolkit which contains libraries that provide
cryptographic tasks for authentication and encryption. OpenSSL is a prerequisite
to install OpenSSH.
OpenSSH is a toolkit that provides access to the machine where it is installed on
(in our case, the NAS Gateway 500). The authentication and the data transfer is
done through an encrypted data channel. The OpenSSH protocol also notifies
you if someone (an ill-disposed party) tries to alter data packets of your session.
8.3.1 How to obtain OpenSSH
It is permissible to use SSH and SSL, but due to license restrictions, this
software is not shipped as part of the NAS Gateway 500. There are different
sources on the Web to obtain OpenSSH and OpenSSL. We used this site:
This contains a direct link to the OpenSSH installation files and a link that leads
you through the license agreement to the OpenSSL software. When writing this
redbook, the files were called openssl-0.9.6m-2.aix5.1.ppc.rpm (there was no
explicit version for AIX 5.2) and openssh-3.7.1p2_52.tar.Z (which was the latest
version for AIX 5.2). After you have downloaded the files, you can FTP them to
the NAS Gateway 500. We suggest that you have a special directory for such
things, for example, /opt/download. For all of the following actions, you have to
be root user on the machine.
Tip: More information about OpenSSL and OpenSSH can be found on these
project Web sites: