Now is the Time to Migrate from Older HMCs

Edit: There are still people that do not know about these changes.

Originally posted March 17, 2020 on AIXchange

Reminder: Support will soon end for x86-based HMC devices. Now is the time to migrate your data.

A coworker alerted me to this end of service notice for x86-based HMC devices (excerpt below):

“This is the last release to support the 7042 machine type. HMC V9R2 will support the 7063 machine type and Virtual HMC Apliances (x86/ppc64le) only.

“Note: iFixes and Service packs on top of V9 R1 M940 will be supported on 7042 machine types.”

I’ve previously discussed the big changes to the HMC, but as more of you move to POWER9 hardware, here’s a reminder: It’s time to migrate from the older HMCs that still reside in your environments.

While we’re on this topic, I was recently asked about adding a user ssh key to an HMC. The process is detailed in this IBM Knowledge Center doc (excerpt below):

“To enable scripts to run unattended between an SSH client and an HMC, complete the following steps:

1. Enable remote command execution….
2. On the client’s operating system, run the SSH protocol key generator. To run the SSH protocol key generator, complete the following steps:

a. To store the keys, create a directory that is named $HOME/.ssh (either RSA or DSA keys can be used).
b. To generate public and private keys, run the following command:
ssh-keygen -t rsa

The following files are created in the $HOME/.ssh directory:
private key: id_rsa
public key: id_rsa.pub

The write bits for both group and other are turned off. Ensure that the private key has a permission of 600.

On the client’s operating system, use ssh and run the mkauthkeys command to update the HMC user’s authorized_keys2 file on the HMC by using the following command:

ssh hmcuser@hmchostname mkauthkeys -–add <the contents of $HOME/.ssh/id_rsa.pub>

Note: Double quotes (“) are used in commands to ensure that the remote shell can properly process the command. For example:

ssh “mkauthkeys hscuser@somehmchost –add ‘ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDa+Zc8+hn1+TjEXu640LqnVNB+UsixIE3c649Cgj20gaVWnFKTjcpWVahK/duCLac/zteMtVAfCx7/ae2g5RTPu7FudF2xjs4r+NadVXhoIqmA53aNjE4GILpfe5vOF25xkBdG9wxigGtJyOKeJHzgnElP7RlEeOBijJDKo5gGE12NVfBxboChm6LtKnDxLi9ahhOYtLlFehJr6pV/lMAEuLhd6ax1hWvwrhf/h5Ym6J8JbLVL3EeKbCsuG9E4iN1z4HrPkT5OQLqtvC1Ajch1ravsaQqYloMTWNFzM4Qo5O3fZbLc6RuJjtJv8C5t4/SZUGHZxSPnQmkuii1z9hxt hscpe@vhmccloudvm179′”

To delete the key from the HMC, you can use the following command:
ssh hmcuser@hmchostname mkauthkeys –remove joe@somehost

To enable passwords that prompts for all hosts that access the HMC through SSH, use the scp command to copy the key file from the HMC: scp
hmcuser@hmchostname:.ssh/authorized_keys2 authorized_keys2

Edit the authorized_keys2 file and remove all lines in this file and then, copy it back to the HMC: scp authorized_keys2 hmcuser@hmchostname:.ssh/authorized_keys2″

There’s also supporting information about enabling remote command execution and using the HMC remote command line (excerpt below):

“You can use the command line interface in the following situations:

  • When consistent results are required. If you have to administer several managed systems, you can achieve consistent results by using the command line interface. The command sequence can be stored in scripts and run remotely.
  • When automated operations are required. After you have developed a consistent way to manage the managed systems, you can automate the operations by invoking the scripts from batch-processing applications, such as the cron daemon, from other systems.”