No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionStorage V100R006C20 Object Storage Service Security Maintenance 03

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Replacing an SSH Host Key

Replacing an SSH Host Key

To ensure the security of your Secure Shell (SSH), you are advised to replace the SSH host key of each storage node after installing the system software and periodically update the key.

Procedure

  1. Start PUTTY and enter the management IP address to log in as account omuser to the cluster. The default password is Omuser@storage.

    Run the su - root command to switch to user root. The default password is Root@storage.

  2. Copy the prepared SSH host key to directory /etc/ssh/.

    node1:~/keys # ll *key*
    -r-------- 1 root root    672 Apr 15 10:32 ssh_host_dsa_key
    -rw-r----- 1 root root    610 Apr 15 10:32 ssh_host_dsa_key.pub
    -r-------- 1 root root    227 Apr 15 10:40 ssh_host_ecdsa_key
    -rw-r----- 1 root root    172 Apr 15 10:40 ssh_host_ecdsa_key.pub
    -r-------- 1 root root    537 Apr 15 10:32 ssh_host_key
    -rw-r----- 1 root root    342 Apr 15 10:32 ssh_host_key.pub
    -r-------- 1 root root    887 Apr 15 10:32 ssh_host_rsa_key
    -rw-r----- 1 root root    234 Apr 15 10:32 ssh_host_rsa_key.pub
    node1:~/keys # cp * /etc/ssh/.

  3. Confirm that the rights of the key (/etc/ssh/*key*) are as follows:

    node1:/etc/ssh # ll *key*
    -r-------- 1 root root    672 Apr 15 10:32 ssh_host_dsa_key
    -rw-r----- 1 root root    610 Apr 15 10:32 ssh_host_dsa_key.pub
    -r-------- 1 root root    227 Apr 15 10:40 ssh_host_ecdsa_key
    -rw-r----- 1 root root    172 Apr 15 10:40 ssh_host_ecdsa_key.pub
    -r-------- 1 root root    537 Apr 15 10:32 ssh_host_key
    -rw-r----- 1 root root    342 Apr 15 10:32 ssh_host_key.pub
    -r-------- 1 root root    887 Apr 15 10:32 ssh_host_rsa_key
    -rw-r----- 1 root root    234 Apr 15 10:32 ssh_host_rsa_key.pub

  4. Restart the sshd service.

    node1:~/keys # service sshd restart
    Shutting down the listening SSH daemon
    Starting SSH daemon

Follow-up Procedure

After the replacement, perform the following operations respectively for a Windows and a Linux client before you log in to the operating system of the node:

  • If you want to log in to the operating system using the SSH client software (such as PuTTY) from a Windows client, a message will be displayed by the software indicating that the host key has been changed. Click Accept & Save, as shown in Figure 4-1.

    Figure 4-1  Accepting and saving a host key

  • If you want to log in to the operating system from a Linux client, open file known_hosts on the client and delete the original key fingerprint; otherwise, the login will fail.

    Find the fingerprint based on the node's IP address and delete the line containing the fingerprint. In the following example, delete the part in bold.

    node1:/etc/ssh # vi ~/.ssh/known_hosts
    192.168.100.11 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPT6lYqSvVv35G4Q3pundsEyuIJN9LKSI9OdNaPDomN+EZPmJvxunOQj+NpT+yaDFM9aD4CIWGSYVgKss4GCyoQ=
    192.168.100.12 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEHVolr6Ud1o+KSzjPQpOwCyMAg+YBOpK1RnvW9KwBWxklHWJbHfQVVrFbpHCbT6LYFlVnlWK0y+OOIyr1PUaYM=
    192.168.100.13 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPh0UZXEAWHCX+fyRj1gBXLwgcU19K1aUTCy45kxmvsp0cLMolfPWmOTApdN11hYggdmM42AvxhTvB3eN3SaGcY=
    192.168.100.14 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEHVolr6Ud1o+KSzjPQpOwCyMAg+YBOpK1RnvW9KwBWxklHWJbHfQVVrFbpHCbT6LYFlVnlWK0y+OOIyr1PUaYM=
    192.168.100.15 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPh0UZXEAWHCX+fyRj1gBXLwgcU19K1aUTCy45kxmvsp0cLMolfPWmOTApdN11hYggdmM42AvxhTvB3eN3SaGcY=
    
Translation
Download
Updated: 2019-02-01

Document ID: EDOC1100016657

Views: 5172

Downloads: 5

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next