Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Replacing the Default Public or Private Key Pair
Currently, only the ibc_os_hsuser can use digital signature RSA to use SSH to log in to the device without a password on the heartbeat port. To ensure account security, it is recommended that you replace the default ibc_os_hs public/private key pair with your own key pair. You can generate a public/private key pair as instructed by the following or use other tools to generate one. Currently, the ibc_os_hs user only supports RSA.
Operation
- On a device running Linux, log in as root, run the ssh-keygen -t rsa command to generate a public/private key pair, and press Enter to accept all the default settings. A private key file id_ras and a public key file id_rsa.pub are generated and are saved in the /root/.ssh/id_rsa file, as shown in Figure B-1.
- Run the mv command to rename the public key file id_rsa.pub to authorized_keys.
mv /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
- Run getremotefile to upload private key file id_rsa and public key file authorized_keys to the /home/permitdir directory of each controller on disk arrays.
- Log in to the controllers and enter the developer mode by running the following command:
admin:/>change user_mode current_mode user_mode=developer developer:/> \\ Login succeeds.
Switch to the minisystem mode, run changeibckey to replace the public and private keys of ibc_os_hs, and store the keys to disks.
Figure B-2 Replacing the public and private keys of ibc_os_hs
