Print-friendly Version

Using ctelnet in Sun Cluster Software With Secure Shell

Vlad Grama, September, 2004

Description

You can use the ctelnet application in Sun Cluster software to connect to systems by means of the ssh command instead of telnet. The ctelnet tool is part of the Sun Cluster Console (SUNWccon) package in Sun HPC ClusterTools software.

The ctelnet application is a GUI used to run interactive commands simultaneously on systems with identical software configurations. By default ctelnet uses telnet for communication. In some environments this is a disadvantage because:

• All systems must run a telnet server; in hardened configurations this would not be desirable.
• Communication between ctelnet and the systems is not encrypted; sensitive information such as passwords is sent in clear text.

Note: It is not necessary to have a cluster configured in order to make use of this Tech Tip. ctelnet is usually used to connect to identically configured systems in a cluster, but this is not a requirement here. You can connect to any group of systems.

Requirements

The system on which ctelnet runs (referred to as "the client system") must have the SUNWccon package installed. The other packages in the Sun Cluster distribution are not required.

Each of the systems to which ctelnet connects (referred to as "controlled systems") must run a Secure Shell server. (Note: The SSH server is shipped standard with the Solaris 9 OS and above, and it can also be obtained free for older Solaris releases.)

The tested configuration is:

• Client system: Solaris 9 Operating System (SPARC Platform Edition) and the Sun Cluster Console package from the Sun Cluster 3.0 distribution
• Controlled systems: Solaris 9 OS (SPARC) with Solaris Secure Shell server

Default Use of ctelnet

1. Create the /etc/clusters Text File

Each line describes a group of controlled systems. The syntax is:

<clustername> <whitespace-delimited list of hosts>

Note: In this example, <clustername> need not be the name of a configured cluster. We simply use this name to tell ctelnet the group of systems to which we want to connect.

2. Run the Command

ctelnet <clustername>

A telnet connection is opened to each system part of <clustername> as defined in /etc/clusters. For each connection a GUI window is displayed.

An additional window with the Cluster Console title is shown. Whatever is typed in this Cluster Console window is sent simultaneously to all systems in the group, and the output from each system is shown in its corresponding window.

If you want to run some commands on a subset of the systems in the group, you can use the Hosts menu to select the systems to which your input will be directed.

Making ctelnet Use ssh Instead of telnet

Our goal is to connect to the systems in a group using ssh instead of telnet. The ctelnet-like command that we will use has a second argument: the user name used for the ssh connections to the controlled systems. This additional argument is required because the ssh client needs the user name when invoked. The telnet client used by default does not need this -- the user name is typed after the connection is initiated.

Configuration steps:

1. Create the following script named myctelnet:

#!/bin/ksh

# DESCRIPTION:
#             receives one argument - <user> and sets the _SSH_USER
#             environment var to this argument; the original ctelnet
#             is called with an environment modified such that
#             the first directory in PATH is the $FAKE_TELNET_DIR
#             in $FAKE_TELNET_DIR we will create a script with 
#             the name telnet. This script simply calls ssh
#             passing $_SSH_USER as the user name for the connections

################## Script variable settings ##########################
# the path to the ctelnet binary part of SUNWccon package
CTELNETBIN=/opt/SUNWcluster/bin/ctelnet
# the directory in which we will create our telnet script
FAKE_TELNET_DIR=/root/faketelnet

# default value for ssh user in case we don't receive a second
# argument
_SSH_USER=badmin 
# we export this variable because it will be used
# by the ${FAKE_TELNET_DIR}/telnet script which
# will be called by ctelnet
export _SSH_USER
# PATH value which will be inherited by ctelnet
PATH="${FAKE_TELNET_DIR}:/usr/bin:/usr/sbin"
export PATH
######################################################################

#

# set _SSH_USER
[ $# -gt 1 ] && _SSH_USER="$2"

echo "Secure Shell connections will be made as user ${_SSH_USER}"
echo "Faketelnetdir value: ${FAKE_TELNET_DIR}"
${CTELNETBIN} $1

exit 0

2. In the directory with the name used as the value for the FAKE_TELNET_DIR variable in the preceding script, create the following script with the name telnet:

#!/bin/ksh

#
# the _SSH_USER environment variable is inherited
# from the myctelnet script
#
/usr/local/bin/ssh  "${_SSH_USER}@$1"

 exit 0

3. Run the myctelnet script:

myctelnet <clustername> <ssh_user>

Example

Assume we want to initiate secure ctelnet connections to systems sys1 and sys2. As user admin, from our system ctelsys, we would do the following:

1. Check that the SUNWccon package is installed on ctelsys:

   # pkginfo SUNWccon
   

2. Add one line for our group. The name of the group is grp1:

# echo "grp1 sys1 sys2" >>/etc/clusters

3. Create a directory for our scripts (here called ctldir):

# mkdir /ctldir

4. Create the myctelnet script in /ctldir:

# vi /ctldir/myctelnet
< add the contents of this script from above>
< set FAKE_TELNET_DIR variable to "/ctldir">
< set CTELNETBIN variable if you don't have the ctelnet binary in the default location>

5. Create the telnet script in /ctldir:

   # vi /ctldir/telnet
   < add the contents of this script from above>
   

6. Make scripts executable:

# chmod 755 /ctldir/myctelnet /ctldir/telnet

7. Run the myctelnet script:

# /ctldir/myctelnet grp1 admin

Final Comments

This method offers the flexibility of running ctelnet using both methods:

• As used by default: Run the original ctelnet binary, and connections are made using telnet.
• Indirectly: Run the myctelnet script, and connections are encrypted, using ssh.

The /etc/clusters configuration file does not need to be modified for this to work. The only change is that myctelnet has a slightly different syntax than ctelnet. myctelnet needs exactly two arguments: the name of the cluster and the name of the user you wish to connect as.

About the Author

Vlad Grama is a student at the University Politehnica Bucuresti in Romania. He works as a Solaris sys admin in the university's HPC lab.

The information and links on this page have been provided by a BigAdmin user. The submitter is solely responsible for such information and links. Sun is not responsible for the availability of external sites or resources, and does not endorse and is not responsible or liable for any content, advertising, products, or other materials on or available from such sites or resources. Sun will not be responsible or liable, directly or indirectly, for any actual or alleged damage or loss caused by or in connection with use of or reliance on the information posted here, or goods or services available on or through any external site or resource.