Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1370994.1
Update Date:2011-10-27
Keywords:
Solution Type  Technical Instruction Sure

Solution  1370994.1 :   Sun StorageTek[TM] 5000 Series NAS: Configuring a STK 5000 NAS array for passwordless login using SSH  

Related Items 
    

  • Sun Storage 5320 NAS Appliance
    •  
  • Sun Storage 5320 NAS Gateway
    •  
  • Sun Storage 5210 NAS Appliance
    •  
  • Sun Storage 5320 NAS Cluster
    •  
  • Sun Storage 5220 NAS Appliance
    •  
  • Sun Storage 5310 NAS Appliance
    •  
  • Sun Storage 5310 NAS Gateway System
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>DISK>NAS>SN-DK: SE5xxx NAS
    •  
  • .Old GCS Categories>Sun Microsystems>Storage - Disk>Network Attached Storage - Other
    •  
  • .Old GCS Categories>Sun Microsystems>Storage - Disk>Network Attached Storage
    •  






In this Document

  Goal

  Solution

  References



 Created from <SR 3-4693254971>



Applies to: 
 
Sun Storage 5220 NAS Appliance - Version: Not Applicable to Not Applicable   [Release: N/A to N/A]
Sun Storage 5210 NAS Appliance - Version: Not Applicable to Not Applicable   [Release: N/A to N/A]
Sun Storage 5310 NAS Appliance - Version: Not Applicable to Not Applicable   [Release: N/A to N/A]
Sun Storage 5310 NAS Gateway System - Version: Not Applicable to Not Applicable   [Release: N/A to N/A]
Information in this document applies to any platform.

NAS head revision : not dependent

JBODs Model       : not dependent

CLUSTER related   : not dependent



Goal

Configure the Sun StorageTek[TM] 5000 Series NAS array to allow login from a ssh client without providing a password and using public keys instead.

Solution

1. Telnet to the NAS array and enable the FTP service(if not already enabled).




% telnet NAS-ARRAY
Trying NAS-ARRAY...
Connected to NAS-ARRAY.
Escape character is '^]'.
password for admin access ? *********
To get to the menus, use the menu command
NAS-ARRAY > load ftpd

2. Create the ssh key on the client.




% ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
12:23:34:45:56:67:78:89:90:0a:ab:bc:cd:de:ef:ff

3. Add your key to file ssh2auth.key or ssh1auth.key
No existing ssh2auth.key file on NAS

The files ssh2auth.key or ssh1auth.key do not exist per default and you might find you in the situation to create those files from scratch and the easiest way is to copy the SSH public key created to the filename used for the NAS, ssh2auth.key.



% cp /home/user/.ssh/id_rsa.pub ~/ssh2auth.key
Preexisting ssh2auth.key file on NAS

If the file exists on the NAS appliance you do not want to overwrite existing key files by just copying your key-file, so you need to download the key-files first using ftp. So ftp to the Sun StorageTek[TM] 5000 NAS as user admin and download ssh2auth.key file in /dvol/etc to a local folder and append your public ssh-key to the file.
% ftp NAS-ARRAY
Connected to NAS-ARRAY.
220-Local time is now 16:20 and the system load is 0%.
220 You will be disconnected after 900 seconds of inactivity.
Name (NAS-ARRAY:user): admin
331 Admin login OK. Password required.
Password:
230-User admin logged in.
230 Current directory is /
ftp> lcd ~/
Local directory now /home/user
ftp> cd /dvol/etc
250 Changed to /dvol/etc
ftp> get ssh2auth.key
ftp> quit
% cat /home/user/.ssh/id_rsa.pub >> /home/user/ssh2auth.key


The files /dvol/etc/ssh1auth.key and /dvol/etc/ssh2auth.key, when present on the NAS, each contain a list of public user ssh-keys from clients, for SSH version 1.x and 2.x of ssh respectively. These files are completely user maintained.
    The keys are generated on the SSH client, and the plain-text public keys are appended to the one of these files that is appropriate to the version of SSH in use.
    The individual keys are separated from one another with a newline character. When editing this file, be careful not to add any extra linefeeds or keystrokes. The Sun StorageTek[TM] 5000 NAS series supports both the OpenSSH and SECSH (ssh.com) key formats. 


4. FTP to the NAS as the user "admin" and place the ssh2auth.key file in /dvol/etc





% ftp NAS-ARRAY
Connected to NAS-ARRAY.
220-Local time is now 16:20 and the system load is 0%.
220 You will be disconnected after 900 seconds of inactivity.
Name (NAS-ARRAY:user): admin
331 Admin login OK. Password required.
Password:
230-User admin logged in.
230 Current directory is /
ftp> lcd ~/
Local directory now /home/user
ftp> cd /dvol/etc
250 Changed to /dvol/etc
ftp> put ssh2auth.key
ftp> quit


5. Telnet to the NAS array to unload ftpd(if appropriate) and enable the SSH service.





% telnet NAS-ARRAY
Trying NAS-ARRAY...
Connected to NAS-ARRAY.
Escape character is '^]'.
password for admin access ? *********
To get to the menus, use the menu command
NAS-ARRAY > unload ftpd
NAS-ARRAY > netserv enable ssh both
ssh is enabled.
NAS-ARRAY > exit

 


The netserv command can be used to configure SSH to allow access only to users with keys included in these files or to those users and users who enter the password with one of the following two settings:

   



netserv enable ssh both
   netserv enable ssh public


If new keys are copied to the Sun StorageTek NAS, the following Console/Telnet CLI command must be executed:




   netserv enable ssh reload




References

 <NOTE:1010933.1> - Sun StorEdge[TM] 5x10 NAS - How to clear the admin password



Attachments

This solution has no attachment


















       

Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.

 Feedback