No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Administrator Guide

OceanStor V3 Series V300R006

This document is applicable to OceanStor 2200 V3, 2600 V3, 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18500 V3, and 18800 V3. Routine maintenance activities are the most common activities for the storage device, including powering on or off the storage device, managing users, modifying basic parameters of the storage device, and managing hardware components. This document is intended for the system administrators who are responsible for carrying out routine maintenance activities, monitoring the storage device, and rectifying common device faults.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Logging In to the CLI of the Storage System (Public Key)

Logging In to the CLI of the Storage System (Public Key)

When a maintenance terminal manages the storage system through the engine's management network port, you can log in to the CLI of the storage system in public key authentication mode to improve system security. This section uses PuTTY as an example to illustrate how to generate a public and private key pair and how to authenticate the public key for logging in to the CLI.

Prerequisites

  • Only a super administrator has the permission to modify users' authentication mode for logging in to the CLI.
  • Public key authentication for logging in to the CLI is configured for local users only, not for domain users.

Precautions

  • Configure the management IP address on management network port 0 of the controller's management module for public key authentication.
  • After a private key is generated, keep it secure.
  • Change the public key periodically. Use the new private-public key pair for login authentication to improve system security.

Procedure

  1. The super administrator generates a private-public key pair for a local user.

    1. Run the puttygen.exe file.

      Go to the PuTTY Key Generator main window, as shown in Figure 2-15.

      Figure 2-15 Main window of the generator for a private-public key pair

    2. In the Parameters area in the lower part of the page, set Type of key to generate to SSH-2 RSA or SSH-2 DSA, and set Number of bits in a generated key to an integer from 2048 to 8192.
    3. Click Generate and move the cursor over the blank area in the lower part of the Key area to generate a public key.

      The public key will be displayed in the area, as shown in Figure 2-16.

      Figure 2-16 Generating the public key

    4. Copy and save the public key to the local path.
    5. (Optional) In Key passphrase, enter a password to encrypt the private key. In Confirm passphrase, enter the password again.
      NOTE:

      For the security of the private key file, you are advised to configure a secure password to encrypt the private key file.

    6. The method to generate the private key file varies with the tool used to log in to the CLI.
      • If you use PuTTY to log in to the CLI, click Save private key and save the private key file to the local path, as shown in Figure 2-17.
    Figure 2-17 Generating the private key

    • If you use the other tools to log in to the CLI, choose Conversions > Export OpenSSH key and save the private key file to the local path, as shown in Figure 2-18.
    Figure 2-18 Generating the private key

  2. The super administrator modifies the login authentication mode of local users.

    1. Log in to the CLI of the storage system as the super administrator.
    2. Run the change user_ssh_auth_info general user_name=test123 auth_mode=publickey command to modify users' modification mode to public key. user_name indicates the user name of the login authentication mode to be modified.
    3. Copy the locally saved public key to Public key on the CLI as instructed, and press Enter.

      After executing the command successfully, users map the private key to the public key to log in to the CLI.

       
      admin:/>change user_ssh_auth_info general user_name=test123 auth_mode=publickey 
      CAUTION:Only public keys generated using the SSH-2 RSA/DSA encryption algorithm and using keys whose lengths range from 2048 to 8192 bits are supported. 
      Public key:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQPLuhb/KuHbyZi1n7yX6N3v5KG0JX8XdDnX0dfhN4yP7V+WXeqRt93YGepnsxIuvve1QCms3jxT8uy2kDMwRY6opLRV2qh5QCk1M54owpdnjwphs1g2oKyddt5iZ7xl0svZU7gfR2qP4WgGI8lBa9rA8bQlZWOd+mW6OJ80Wey37FcyZwNJpRNciTWfg2ju2sQuuvmtmum8hALQu930LbRWmTTtP33IAW/a1LMXjeEj49yhAAfL5OXVvyGMvDi3UfZJmWUZMF6eAG8joSiM50K8QuW7YUzW43t1LAXfGa7wBsp2u6HvckMXxzyr/3tanHkc1nuGZ55+Byw9mbnNn2Z root@Storage 
      Command executed successfully.     

  3. Local users configure PuTTY and log in to the storage system.

    1. Start PuTTY.

      Go to the PuTTY Configuration dialog box.

    2. Click Session. In the right pane, type the IP address of a storage system's management network port in the Host Name (or IP address) text box. Set Port and Connection type to 22 and SSH respectively.
    3. Choose Connection > Data. In the Login details text box in the right pane, type the user name of the login authentication mode to be modified.
    4. Choose Connection > SSH > Auth. In the right pane, click Browse. Select and open the locally saved private key file.
    5. Click Open to log in to the CLI.
    NOTE:

    If the password of the private key is encrypted in 1.e, type the password when logging in to the CLI, and then press Enter.

    Using username "test123".

    Authorized users only. All activities may be monitored and reported.

    Authenticating with public key "imported-openssh-key"

    Passphrase for key "imported-openssh-key":

    Last login: XX XX XX XX:XX:XX XXXX from 192.168.18.158

    WARNING: You have accessed the system.

    You are required to have a personal authorisation from the system administrator before you use this computer. Unauthorised access to or misuse of this system is prohibited.

    System Name : Huawei.Storage

    Health Status : Normal

    Running Status : Normal

    Total Capacity : 4.247TB

    SN : XXXXXXXXXX

    Location :

    Product Model : XXXX

    Product Version : VX00R00XC00

    Time : XXXX-XX-XX/XX:XX:XX UTC+08:00

    Patch Version :

    test123:/>

Follow-up Procedure

To modify a user's login authentication mode to the Username+Password mode, run the change user_ssh_auth_info general user_name=test123 auth_mode=password command and use the original password to log in to the CLI of a storage system.

Download
Updated: 2019-07-12

Document ID: EDOC1000138854

Views: 36221

Downloads: 2049

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next