No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor 9000 V300R006C00 Security Maintenance 07

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Using Secure Signature Algorithms During Authentication

Using Secure Signature Algorithms During Authentication

Using secure signature algorithms during authentication is recommended.

Using secure encryption algorithms during authentication encryption is recommended.

MD5 is an insecure algorithm and is not recommended.

NOTE:
NDMP only supports MD5. Therefore, you are advised to use the NDMP backup feature only on a LAN. If the NDMP backup feature is used on a non-LAN, security risks may arise.

SHA256 and SHA1 algorithms can be used to perform signature encryption for the object storage service compatible with Amazon S3 APIs and its accounts. Only SHA1 algorithms can be used to perform signature encryption for the object storage service compatible with OpenStack Swift APIs.

NOTE:
SHA1 is an insecure algorithm, security risks may arise when using SHA1 for authentication encryption. SHA256 is preferentially used.
To disable SHA1 of the object storage service compatible with Amazon S3 APIs and SHA1 for account management of the object storage service compatible with Amazon S3 APIs, do the following:
  1. Use SSH to remotely log in to the management storage node as user omuser. (The IP address is the management IP address of OceanStor 9000.)
  2. Run the cli_start -u admin to log in to CLI.
  3. Run the following commands as you need:
    • Run the change object_storage_compatible_s3_osc_service sha1 disable command to disable sha1 for object storage service compatible with Amazon S3 APIs.
    • Run the change object_storage_compatible_s3_poe_service sha1 disable command to disable sha1 for account management of the object storage service compatible with Amazon S3 APIs.
SNMPv3 allows users to use MD5 and SHA256 algorithms for authentication message encryption and use DES and AES algorithms for data encapsulation and encryption. SHA256 and AES algorithms are recommended and can be set based on the following procedure:
  1. Use SSH to remotely log in to the management storage node as user omuser. (The IP address is the management IP address of OceanStor 9000.)
  2. Run the cli_start -u admin command to open the CLI.
  3. Run the change snmp usm < usm_id > < user_name > < user_level > SHA AES command to set SHA256 and AES algorithms.

    usm_id is the SNMP security user ID; user_name is the SNMP security user name; user_level is the user level.

Translation
Download
Updated: 2019-04-28

Document ID: EDOC1000122530

Views: 12935

Downloads: 41

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next