What is DB2ssh?

By Mihai Iacob
DB2 Security Development

The IBM DB2 pureScale Feature provides high levels of distributed availability, scalability and transparency to the application, but why do I need to enable password-less SSH for the root user in my DB2 pureScale cluster? Well you don’t any longer and this site  explains how to use db2ssh to securely deploy and configure the DB2 pureScale Feature.

Both the DB2 installer and GPFS, the filesystem used by DB2 pureScale, have a requirement to run commands as root on a remote system. Db2ssh provides an alternative to enabling password-less SSH as root, by effectively SSH-ing as a regular user, and then elevating privileges to root to run the require commands.

Wait, isn’t that asking for trouble? Can a non-root user run remote commands as root in my cluster ? Not at all, there are rigorous security checks put in place to make sure only the root user can run commands remotely as root. This is accomplished by having the root user digitally sign any message that is sent to the remote system and having the remote system verify this signature before executing any commands. SSH can also be configured in a secure way to prevent against replay attacks.

Take a look at the article to find out how to configure and troubleshoot DB2ssh.