No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionStorage V100R006C20 Object Storage Service Security Maintenance 03

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Importing SSH Public Key Certificates of Operating System Accounts

Importing SSH Public Key Certificates of Operating System Accounts

Before an SSH/SFTP client uses a public key to log in to storage nodes, the SSH public key certificates must be imported to the storage nodes. The SSH public key certificates need to be regularly updated.

Prerequisites

Public key certificates of operating system accounts have been prepared.

Context

Operating system accounts omuser, omsftp, and obsbilling are used for interaction between SSH/SFTP clients and storage nodes.

If SSH/SFTP clients access storage nodes using public keys, manually import the public key files of the operating system accounts to storage nodes.

Procedure

  1. Start PUTTY and enter the management IP address to log in as account omuser to the cluster. The default password is Omuser@storage.
  2. Run the su - root command to switch to user root. The default password is Root@storage.
  3. Run the following commands according to the operating system accounts that want to import the public key:

    • omuser:

      mkdir -p /home/omuser/.ssh/

      chmod 700 /home/omuser/.ssh

      chown omuser:group9000 /home/omuser/.ssh

    • omsftp:

      mkdir -p /home/omsftp/.ssh/

      chmod 700 /home/omsftp/.ssh

      chown omsftp:group9000 /home/omsftp/.ssh

    • obsbilling:

      mkdir -p /etc/keys/obsbilling/

      chmod 700 /etc/keys

      chmod 700 /etc/keys/obsbilling

      chown obsbilling:obsbillinggrp /etc/keys

      chown obsbilling:obsbillinggrp /etc/keys/obsbilling

    NOTE:
    You can import the public key of account obsbilling on DeviceManager by following instructions in 8 in Generating and Importing SSH Public and Private Key Certificates of Operating System Accounts. If the public key of account obsbilling has been imported on DeviceManager, you do not need to import the certificate of account obsbilling again in this section.

  4. Upload the prepared public key file to a directory of the node. For example, upload to the /home/omuser directory. The public key file name is id_rsa.pub.
  5. Run the following commands according to the operating system accounts that want to import the public key:

    • omuser:

      echo >>/home/omuser/.ssh/authorized_keys

      cat /home/omuser/id_rsa.pub >>/home/omuser/.ssh/authorized_keys

      chmod 600 /home/omuser/.ssh/authorized_keys

      chown omuser:group9000 /home/omuser/.ssh/authorized_keys

    • omsftp:

      echo >>/home/omsftp/.ssh/authorized_keys

      cat /home/omuser/id_rsa.pub >>/home/omsftp/.ssh/authorized_keys

      chmod 600 /home/omsftp/.ssh/authorized_keys

      chown omsftp:group9000 /home/omsftp/.ssh/authorized_keys

    • obsbilling:

      echo >>/etc/keys/obsbilling/authorized_keys

      cat /home/omuser/id_rsa.pub >>/etc/keys/obsbilling/authorized_keys

      chmod 600 /etc/keys/obsbilling/authorized_keys

      chown obsbilling:obsbillinggrp /etc/keys/obsbilling/authorized_keys

  6. Copy the public key file of the operating system account to other nodes in the cluster.

    • Copy the file using the password:

      scp /home/omuser/id_rsa.pub omuser@xxx.xxx.xxx.xxx:/home/omuser/id_rsa.pub

      xxx.xxx.xxx.xxx indicates the back-end IP address of the non-management node.

      The default password of user omuser is Omuser@storage.

    • Copy the file using the public and private keys:

      scp -i /home/omuser/.ssh/ssh_host_key /home/omuser/id_rsa.pub omuser@xxx.xxx.xxx.xxx:/home/omuser/id_rsa.pub

      xxx.xxx.xxx.xxx indicates the back-end IP address of the non-management node.

      NOTE:
      To copy the file using the public and private keys, you must have imported the public and private keys of account omuser. For details, see Generating and Importing SSH Public and Private Key Certificates of Operating System Accounts.

  7. Run the following command to delete the public key file.

    rm /home/omuser/id_rsa.pub

  8. Run the ssh omuser@xxx.xxx.xxx.xxx command to go to other nodes and repeat 2 to 5 and 7 to configure the public key files of the operating system accounts for all other nodes.

    • Jump to another node using the password:

      ssh omuser@xxx.xxx.xxx.xxx

      xxx.xxx.xxx.xxx indicates the back-end IP address of the non-management node.

      The default password of user omuser is Omuser@storage.

    • Jump to another node using the public and private keys:

      ssh -i /home/omuser/.ssh/ssh_host_key omuser@xxx.xxx.xxx.xxx

      xxx.xxx.xxx.xxx indicates the back-end IP address of the non-management node.

Translation
Download
Updated: 2019-02-01

Document ID: EDOC1100016657

Views: 5200

Downloads: 5

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next