No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
MENU
Support Documentation

Administrator Guide

OceanStor 2800 V5 V500R007

This document is applicable to OceanStor 2800 V5. Routine maintenance activities are the most common activities for the storage device, including powering on or off the storage device, managing users, modifying basic parameters of the storage device, and managing hardware components. This document is intended for the system administrators who are responsible for carrying out routine maintenance activities, monitoring the storage device, and rectifying common device faults.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Logging In to the CLI of the Storage System Using a Public Key

Logging In to the CLI of the Storage System Using a Public Key

Public key authentication uses a pair of associated public and private keys to authenticate users, instead of using usernames and passwords. This section uses PuTTY as an example to describe how to generate public and private keys as well as configure public key authentication to log in to the CLI.

Prerequisites

  • Only a super administrator has the permission to modify users' authentication mode for logging in to the CLI.
  • Public key authentication for logging in to the CLI is configured for local users only, not for domain users.

Precautions

  • After a private key is generated, keep it secure.
  • Change the public key periodically. Use the new private-public key pair for login authentication to improve system security.

Procedure

  1. The super administrator generates a private-public key pair for a local user.

    1. Run the puttygen.exe file.

      Go to the PuTTY Key Generator main window, as shown in Figure 2-6.

      Figure 2-6 Main window of the generator for a private-public key pair

    2. In the Parameters area in the lower part of the page, set Type of key to generate to SSH-2 RSA or SSH-2 DSA, and set Number of bits in a generated key to an integer from 2048 to 8192.
    3. Click Generate and move the cursor over the blank area in the lower part of the Key area to generate a public key.

      The public key will be displayed in the area, as shown in Figure 2-7.

      Figure 2-7 Generating the public key

    4. Copy and save the public key to the local path.
    5. (Optional) In Key passphrase, enter a password to encrypt the private key. In Confirm passphrase, enter the password again.
      NOTE:

      For the security of the private key file, you are advised to configure a secure password to encrypt the private key file.

    6. The method to generate the private key file varies with the tool used to log in to the CLI.
      • If you use PuTTY to log in to the CLI, click Save private key and save the private key file to the local path, as shown in Figure 2-8.
    Figure 2-8 Generating the private key (1)

    • If you use the other tools to log in to the CLI, choose Conversions > Export OpenSSH key and save the private key file to the local path, as shown in Figure 2-9.
    Figure 2-9 Generating the private key (2)

  2. The super administrator modifies the login authentication mode of local users.

    1. Log in to the CLI of the storage system as the super administrator.
    2. Run the change user_ssh_auth_info general user_name=test123 auth_mode=publickey command to modify users' modification mode to public key. user_name indicates the user name of the login authentication mode to be modified.
    3. Copy the locally saved public key to Public key on the CLI as instructed, and press Enter.

      After executing the command successfully, users map the private key to the public key to log in to the CLI.

       
admin:/>change user_ssh_auth_info general user_name=test123 auth_mode=publickey CAUTION:Only public keys generated using the SSH-2 RSA/DSA encryption algorithm and using keys whose lengths range from 2048 to 8192 bits are supported. Public key:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQPLuhb/KuHbyZi1n7yX6N3v5KG0JX8XdDnX0dfhN4yP7V+WXeqRt93YGepnsxIuvve1QCms3jxT8uy2kDMwRY6opLRV2qh5QCk1M54owpdnjwphs1g2oKyddt5iZ7xl0svZU7gfR2qP4WgGI8lBa9rA8bQlZWOd+mW6OJ80Wey37FcyZwNJpRNciTWfg2ju2sQuuvmtmum8hALQu930LbRWmTTtP33IAW/a1LMXjeEj49yhAAfL5OXVvyGMvDi3UfZJmWUZMF6eAG8joSiM50K8QuW7YUzW43t1LAXfGa7wBsp2u6HvckMXxzyr/3tanHkc1nuGZ55+Byw9mbnNn2Z root@Storage 
Command executed successfully.

  3. Local users configure PuTTY and log in to the storage system.

    1. Start PuTTY.

      Go to the PuTTY Configuration dialog box.

    2. Click Session. In the right pane, type the IP address of a storage system's management network port in the Host Name (or IP address) text box. Set Port and Connection type to 22 and SSH respectively.
    3. Choose Connection > Data. In the Login details text box in the right pane, type the user name of the login authentication mode to be modified.
    4. Choose Connection > SSH > Auth. In the right pane, click Browse. Select and open the locally saved private key file.
    5. Click Open to log in to the CLI.
    NOTE:

    If the password of the private key is encrypted in 1.e, type the password when logging in to the CLI, and then press Enter.

    Using username "test123".

Authorized users only. All activities may be monitored and reported.
Authenticating with public key "imported-openssh-key"
Passphrase for key "imported-openssh-key":
Last login: XX XX XX XX:XX:XX XXXX from 192.168.18.158

WARNING: You have accessed the system.
You are required to have a personal authorisation from the system administrator before you use this computer. Unauthorised access to or misuse of this system is prohibited.

System Name     : Huawei.Storage
Health Status : Normal
Running Status  : Normal
Total Capacity  : 4.247TB
SN              : XXXXXXXXXX
Location        :
Product Model : XXXX
Product Version : XXXX
Time            : XXXX-XX-XX/XX:XX:XX UTC+08:00
Patch Version :
test123:/>

Follow-up Procedure

To modify a user's login authentication mode to the Username+Password mode, run the change user_ssh_auth_info general user_name=test123 auth_mode=password command and use the original password to log in to the CLI of a storage system.

Translation
简体中文
Download
Updated: 2019-07-11

Document ID: EDOC1000181576

Views: 18726

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next
Enterprise APP

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.