No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


FusionStorage V100R006C20 Object Storage Service Security Maintenance 03

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Generating and Importing SSH Public and Private Key Certificates of Operating System Accounts

Generating and Importing SSH Public and Private Key Certificates of Operating System Accounts

Create SSH/SFTP public and private key certificates of operating system accounts and import the certificates to storage nodes. Routinely update the certificates.


Operating system accounts omuser and omsftp are used for communication between storage nodes. Private key files of operating system accounts must comply with the OpenSSH public and private key format.

Operating system account obsbilling is used for interaction between SFTP clients and storage nodes.


  1. The following uses PuTTY as the SSH client software as an example. Therefore, PuTTY Key Generator is used to create key pairs. To obtain the PuTTY installation package, visit the following website:
  2. Install PuTTY and run PuTTY Key Generator.

    1. Decompress and double-click putty-xxx-installer.exe to install PuTTY.
    2. Start Start. In the menu bar, click All programs, locate the PuTTY directory, click PuTTYGen under this directory, and run PuTTY Key Generator.

  3. In the Parameters area on the configuration page, set Type of key to generate to SSH-2 RSA and Number of bits in a generated key to 2048, as shown in Figure 4-2.

    Figure 4-2  Setting certificate parameters

  4. Click Generate and constantly move the mouse on the configuration to generate abundant random numbers in order to create keys.
  5. Figure 4-3 shows the page after keys have been generated.

    Figure 4-3  Keys successfully generated

    • The description of a key is displayed in Key comment and can be edited.
    • Key passphrase and Confirm passphrase are used to set the key passphrase, that is, the password of a key. These two parameters are used to enhance the security of key login and must share the same value. The passphrase must be 12 to 128 characters in length and contain at least three types of uppercase letters, lowercase letters, digits, and special characters. The special characters include "`~!@#$%^&*()-_=+\\|[{}];:'\",<.>/? " and spaces.

  6. Choose Conversions > Export OpenSSH key to save the private key file whose extension name is *.ppk.
  7. Create a text file, copy the content in the blue box in Figure 4-3 to the text file, and save the text file in *.pub format, that is, the public key file.
  8. Use DeviceManager to import the public and private key files.
    1. Log in to DeviceManager.
    2. Choose Settings > Cluster Settings > Cluster Node Settings > Node Authentication.
    3. In the Public and Private Key Management area, select a user and import public and private keys.

      • Users omuser and omsftp need to perform the following steps to import public and private keys:

        1. Click Select after the Public Key text box, select a public key, and click Select....
        2. Click Select after the Private Key text box, select a private key, and click Select....
        3. In the Password text box, enter a passphrase.
      • User obsbilling needs to perform the following step to import the public key:

        1. Click Select after the Public Key text box, select a public key, and click Select....

    4. Click Save. Read the prompt message in the pop-up warning box, select the check box before the message, and click OK.
Updated: 2019-02-01

Document ID: EDOC1100016657

Views: 5190

Downloads: 5

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next