ssadm Command

ssadm is the primary command line tool for SunScreen administration. ssadm has a number of subcommands that perform various operations such as editing and activating a configuration, and examining the status of a Screen.

ssadm runs directly on a locally administered Screen, or indirectly from a remote Administration Station that is using SKIP or IPsec to encrypt IP network communications passing between them. See "How SKIP Works" in SunScreen SKIP User's Guide, Release 1.5.1 for more information regarding SKIP encryption.

The ssadm command resides in the /usr/sbin directory. Include this directory in your directory search path to have access to the commands on the local Screen.

Usage:

ssadm [-b] [-n] subcommand [parameters...]

ssadm [-b] [-n] -r remotehost [-F ticketfile] subcommand [parameters...]

Options:

-b

Allow binary data (instead of text) in standard input and output.

-n

Do not read any input from standard input.

-r remotehost

Access remote Screen using address or hostname remotehost.

-F ticketfile

Use authorization ticket stored in ticketfile.

The available ssadm subcommands are described in "ssadm Subcommand Summary".

The -b option normally is not needed since those subcommands that process binary data enable the binary mode automatically. For example, ssadm backup, ssadm restore, ssadm log, ssadm logdump, and ssadm patch handle binary data even if -b is not specified.

When ssadm is executed locally on the Screen (that is, without the -r option) no login or authentication is required, but you must be superuser to have any effect.

When ssadm is used with the -r option to access a remote Screen, login authentication is required. You must use the ssadm login command to get a ticket that is used by subsequent invocations of ssadm to allow access to the remote Screen. Normally, the ticket is stored in a ticketfile, the name of which can be specified using the -F option, or through the SSADM_TICKET_FILE environment variable. See the ssadm login command for information about ticket files and remote administration using ssadm.

To Execute an ssadm Command on a Local Screen

You can configure a local Screen by typing the commands listed in this appendix on the Screen's keyboard. For example, to activate a policy called Initial, you would type:

# ssadm activate Initial

where ssadm is the command you want to execute, activate is the name of the ssadm subcommand, and Initial is the name of the policy you want to activate.

To Execute an ssadm -r Command on a Remote Administration Station

To configure a Screen from a remote Administration Station, precede the subcommands listed in this appendix with ssadm -r and the address or hostname of the Screen you want to administer. For example, to activate the policy Initial on a remote Screen called SunScreen1, you would type:

# ssadm -r SunScreen1 activate Initial