No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
OceanStor 18000 and 18000F V5 Series V500R007 Kunpeng Installation Guide
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Logging In to the CLI

Logging In to the CLI

After logging in to the CLI of a storage system, you can query, set, manage, and maintain the storage system. On any maintenance terminal connected to a storage system, you can log in to the CLI by using PuTTY to access the IP address of the management network port on the controller of a storage system. Two authentication modes for a CLI login are Username+Password and Public Key. This section describes how to use the two authentication modes to log in to the CLI.

Logging In to the CLI of the Storage System (User Name + Password)

After logging in to the CLI of a storage system, you can query, set, manage, and maintain the storage system. This document uses Windows Server 2008 as an example. The operation procedure may vary according to the operating system.

You can log in to the storage system by either of the following methods:

  • Through a serial port

    After the controller enclosure is connected to the maintenance terminal using a serial cable, you can log in to the CLI of the storage device using a terminal program (such as PuTTY).

  • Through a management network port
    • You can log in to the CLI using an IPv4 or IPv6 address.
    • After connecting the controller enclosure to the maintenance terminal by using a network cable, you can log in to the storage system by using any type of remote login software that supports the SSH.
    • The default IP address of network port 0 on management module 0 is 192.168.128.101 and that of network port 0 on management module 1 is 192.168.128.102. The default subnet mask is 255.255.0.0.
    • The IP address of the controller enclosure's management network port must be in the same network segment as that of the maintenance terminal. Otherwise, you need to modify the IP address of the management network port through a serial port by running the change system management_ip command.

Logging In to the CLI Through a Serial Port

  • This document uses PuTTY as an example. You can download PuTTY from the chiark website.
  • To ensure successful login to the storage system, you are advised to use PuTTY of the latest version.
  1. Run PuTTY.

    The PuTTY Configuration dialog box is displayed.

    Figure 5-4 PuTTY Configuration dialog box

  2. In Connection type, select Serial. In Speed, enter 115200.
  3. Click Open. The following information is displayed.
    Storage login:
  4. Enter the user name and password as prompted. To ensure system security, you are required to change the password upon your initial login. If the login is successful, the following information is displayed.
     
Storage login: admin 
 
Authorized users only. All activity may be monitored and reported. 
Using keyboard-interactive authentication. 
password: 
 
WARNING: You have accessed the system operated by Huawei. 
You are required to have a personal authorisation from the system administrator before you use this computer. Unauthorised access to or misuse of this system is prohibited. 
 
For security purposes, please change the initial password and log in to the system using the new password. 
Old password:************* 
New password:************** 
Reenter password:************** 
 
  System Name     : Huawei.Storage 
  Health Status   : Normal 
  Running Status  : Normal 
  Total Capacity  : 6.240TB 
  SN              : XXXXXXXXXXXXXXXXXXXXXXXXX 
  Location        : 
  Product Model   : XXXXX 
  Product Version : XXXXX 
  Time            : XXXX-XX-XX/16:38:22 +08:00 
admin:/>
  • The default user name of the super administrator is admin. For the default password, refer to the OceanStor V500R007 Account List.
  • Values of Product Model and Product Version vary according to the login device.
  • To ensure system security, you are advised to change your login password periodically by running the change user_password command.
  • If you forget the password as an administrator or a read-only user, the super administrator can run change user to reset the password. If you forget the password as a super administrator (admin by default), the root administrator _super_admin can log in to the CLI through a serial port and run initpasswd to reset the password.
  • When LDAP User is used:
    • For a domain user of domain authentication server 0, the user can log in to the CLI of a storage system by typing domain/domain user name or a combination of the dc field in the domain authentication server's base DN/domain user name.
    • For a domain user of domain authentication server 1, 2, or 3, the user can log in to the CLI of a storage system only by typing a combination of the dc field in the domain authentication server's base DN/domain user name.
    1. If the base DN of the domain authentication server contains only one dc field, the dc field is used as the combination of the dc field in the domain authentication server's base DN.

      For example, if the base DN of the domain authentication server is ou=applications,dc=bigcorp, bigcorp is the combination of the dc field in the domain authentication server's base DN.

    2. If the base DN of the domain authentication server contains multiple dc fields, they are combined and then separated by a period (.) to serve as the combination of the dc field in the domain authentication server's base DN.

      For example, if the base DN of the domain authentication server is ou=applications,dc=bigcorp,dc=com, bigcorp.com is the combination of the dc field in the domain authentication server's base DN.

Logging In to the CLI Through a Management Network Port

  • This document uses PuTTY as an example. You can download PuTTY from the chiark website.
  • To ensure successful login to the storage system, you are advised to use PuTTY of the latest version.
  1. Run PuTTY.

    The PuTTY Configuration dialog box is displayed, as shown in Figure 5-5.

    Figure 5-5 PuTTY Configuration dialog box

  2. In Connection type, select Serial. In Speed, enter 115200.
  3. Click Open. The following information is displayed.
    login as:
  4. Enter the user name and password as prompted. To ensure system security, you are required to change the password upon your initial login. If the login is successful, the following information is displayed.
     
login as: admin 
 
Authorized users only. All activity may be monitored and reported. 
Using keyboard-interactive authentication. 
password: 
 
WARNING: You have accessed the system operated by Huawei. 
You are required to have a personal authorisation from the system administrator before you use this computer. Unauthorised access to or misuse of this system is prohibited. 
 
For security purposes, please change the initial password and log in to the system using the new password. 
Old password:************* 
New password:************** 
Reenter password:************** 
 
  System Name     : Huawei.Storage 
  Health Status   : Normal 
  Running Status  : Normal 
  Total Capacity  : 6.240TB 
  SN              : XXXXXXXXXXXXXXXXXXXXXXXXX 
  Location        : 
  Product Model   : XXXXX 
  Product Version : XXXXX 
  Time            : XXXX-XX-XX/16:38:22 +08:00 
admin:/>
  • The default user name of the super administrator is admin. For the default password, refer to the OceanStor V500R007 Account List.
  • Values of Product Model and Product Version vary according to the login device.
  • To ensure system security, you are advised to change your login password periodically by running the change user_password command.
  • If you forget the password as an administrator or a read-only user, the super administrator can run change user to reset the password. If you forget the password as a super administrator (admin by default), the root administrator _super_admin can log in to the CLI through a serial port and run initpasswd to reset the password.
  • When LDAP User is used:
    • For a domain user of domain authentication server 0, the user can log in to the CLI of a storage system by typing domain/domain user name or a combination of the dc field in the domain authentication server's base DN/domain user name.
    • For a domain user of domain authentication server 1, 2, or 3, the user can log in to the CLI of a storage system only by typing a combination of the dc field in the domain authentication server's base DN/domain user name.
    1. If the base DN of the domain authentication server contains only one dc field, the dc field is used as the combination of the dc field in the domain authentication server's base DN.

      For example, if the base DN of the domain authentication server is ou=applications,dc=bigcorp, bigcorp is the combination of the dc field in the domain authentication server's base DN.

    2. If the base DN of the domain authentication server contains multiple dc fields, they are combined and then separated by a period (.) to serve as the combination of the dc field in the domain authentication server's base DN.

      For example, if the base DN of the domain authentication server is ou=applications,dc=bigcorp,dc=com, bigcorp.com is the combination of the dc field in the domain authentication server's base DN.

Logging In to the CLI (Public Key)

This section uses PuTTY as an example to describe how to generate public and private keys as well as configure public key authentication to log in to the CLI.

Prerequisites

  • Only a super administrator has the permission to modify users' authentication mode for logging to the CLI.
  • Public key authentication for logging to the CLI is configured for local users only, not for domain users.
  • (Optional) When you use the IP address of the SVP to log in to the storage system, public key authentication is unavailable. To use public key authentication for login:
    • You can perform public key authentication on the Windows VM of the SVP by using the internal IP address (172.16.192/193.200 to 172.16.192/193.215) of the storage system.
    • You can also configure a management IP address for the storage system and use the management IP address for public key authentication.

Precautions

  • After a private key is generated, keep it secure.
  • Change the public key periodically. Use the new private-public key pair for login authentication to improve system security.

Procedure

  1. Generate a private-public key pair for a local user.

    1. Run the puttygen.exe file.

      Go to the PuTTY Key Generator main window, as shown in Figure 5-6.

      Figure 5-6 PuTTY Key Generator main window

    2. In the Parameters area, set Type of key to generate to SSH-2 RSA or SSH-2 DSA, and set Number of bits in a generated key to an integer from 2048 to 8192.
    3. Click Generate and move the cursor over the blank area in the lower part of the Key area to generate a public key.

      The public key will be displayed in the area, as shown in Figure 5-7.

      Figure 5-7 Generating the public key

    4. Copy and save the public key to a local path.
    5. (Optional) In Key passphrase, enter a password to encrypt the private key. In Confirm passphrase, enter the password again.

      For security of the private key file, you are advised to configure a secure password to encrypt the file.

    6. Select an appropriate method to generate the private key file. The method varies according to the tools used to log in to the CLI.
      • If you use PuTTY to log in to the CLI, click Save private key and save the private key file to a local path, as shown in Figure 5-8.
      Figure 5-8 Generating the private key
      • If you use other tools to log in to the CLI, choose Conversions > Export OpenSSH key and save the private key file to a local path, as shown in Figure 5-9.
      Figure 5-9 Generating the private key using other tools

  2. Modify the login authentication mode of local users.

    1. Log in to the CLI of a storage system as the super administrator.
    2. Run the change user_ssh_auth_info general user_name=test123 auth_mode=publickey command to change the authentication mode to public key. In the command, user_name indicates the user whose login authentication mode is to be modified.
    3. Copy the locally saved public key to Public key on the CLI as instructed, and press Enter.

      After successful command execution, the user's private key can successfully match the public key for logging to the CLI.

       
admin:/>change user_ssh_auth_info general user_name=test123 auth_mode=publickey 
CAUTION:Only public keys generated using the SSH-2 RSA/DSA encryption algorithm and using keys whose lengths range from 2048 to 8192 bits are supported. 
Public key:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQPLuhb/KuHbyZi1n7yX6N3v5KG0JX8XdDnX0dfhN4yP7V+WXeqRt93YGepnsxIuvve1QCms3jxT8uy2kDMwRY6opLRV2qh5QCk1M54owpdnjwphs1g2oKyddt5iZ7xl0svZU7gfR2qP4WgGI8lBa9rA8bQlZWOd+mW6OJ80Wey37FcyZwNJpRNciTWfg2ju2sQuuvmtmum8hALQu930LbRWmTTtP33IAW/a1LMXjeEj49yhAAfL5OXVvyGMvDi3UfZJmWUZMF6eAG8joSiM50K8QuW7YUzW43t1LAXfGa7wBsp2u6HvckMXxzyr/3tanHkc1nuGZ55+Byw9mbnNn2Z root@Storage 
Command executed successfully.

  3. Configure PuTTY and log in to the storage system.

    1. Start PuTTY.

      The PuTTY Configuration dialog box is displayed.

    2. Click Session. In the right pane, type the IP address of a storage system's management network port in the Host Name (or IP address) text box. Set Port and Connection type to 22 and SSH respectively.
    3. Choose Connection > Data. In the Login details text box in the right pane, type the user name of the login authentication mode to be modified.
    4. Choose Connection > SSH > Auth. In the right pane, click Browse. Select and open the locally saved private key file.
    5. Click Open to log in to the CLI.

    If the password of the private key is encrypted in 1.e, type the password when logging in to the CLI, and then press Enter.

    Using username "test123".

Authorized users only. All activities may be monitored and reported.
Authenticating with public key "imported-openssh-key"
Passphrase for key "imported-openssh-key":
Last login: XX XX XX XX:XX:XX XXXX from 192.168.18.158

WARNING: You have accessed the system.
You are required to have a personal authorisation from the system administrator before you use this computer. Unauthorised access to or misuse of this system is prohibited.

System Name     : Huawei.Storage
Health Status : Normal
Running Status  : Normal
Total Capacity  : 4.247TB
SN            : XXXXXXXXXX
Location        :
Product Model : XXXX
Product Version : VX00R00XC00
Time            : XXXX-XX-XX/XX:XX:XX UTC+08:00
Patch Version :
test123:/>

Follow-up Procedure

To change a user's login authentication mode to Username + Password, run the change user_ssh_auth_info general user_name=test123 auth_mode=password command and use the original password to log in to the CLI of a storage system.

Download
Updated: 2023-02-22

Document ID: EDOC1100123474

Views: 69768

Downloads: 55

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :