Asset ID: |
1-71-1370994.1 |
Update Date: | 2011-10-27 |
Keywords: | |
Solution Type
Technical Instruction Sure
Solution
1370994.1
:
Sun StorageTek[TM] 5000 Series NAS: Configuring a STK 5000 NAS array for passwordless login using SSH
Related Items |
- Sun Storage 5320 NAS Appliance
- Sun Storage 5320 NAS Gateway
- Sun Storage 5210 NAS Appliance
- Sun Storage 5320 NAS Cluster
- Sun Storage 5220 NAS Appliance
- Sun Storage 5310 NAS Appliance
- Sun Storage 5310 NAS Gateway System
|
Related Categories |
- PLA-Support>Sun Systems>DISK>NAS>SN-DK: SE5xxx NAS
- .Old GCS Categories>Sun Microsystems>Storage - Disk>Network Attached Storage - Other
- .Old GCS Categories>Sun Microsystems>Storage - Disk>Network Attached Storage
|
In this Document
Goal
Solution
References
Created from <SR 3-4693254971>
Applies to:
Sun Storage 5220 NAS Appliance - Version: Not Applicable to Not Applicable [Release: N/A to N/A]
Sun Storage 5210 NAS Appliance - Version: Not Applicable to Not Applicable [Release: N/A to N/A]
Sun Storage 5310 NAS Appliance - Version: Not Applicable to Not Applicable [Release: N/A to N/A]
Sun Storage 5310 NAS Gateway System - Version: Not Applicable to Not Applicable [Release: N/A to N/A]
Information in this document applies to any platform.
NAS head revision : not dependent
JBODs Model : not dependent
CLUSTER related : not dependent
Goal
Configure the Sun StorageTek[TM] 5000 Series NAS array to allow login from a ssh client without providing a password and using public keys instead.
Solution
1. Telnet to the NAS array and enable the FTP service(if not already enabled).
% telnet NAS-ARRAY
Trying NAS-ARRAY...
Connected to NAS-ARRAY.
Escape character is '^]'.
password for admin access ? *********
To get to the menus, use the menu command
NAS-ARRAY > load ftpd
2. Create the ssh key on the client.
% ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
12:23:34:45:56:67:78:89:90:0a:ab:bc:cd:de:ef:ff
3. Add your key to file ssh2auth.key or ssh1auth.key
No existing ssh2auth.key file on NAS
The files ssh2auth.key or ssh1auth.key do not exist per default and you might find you in the situation to create those files from scratch and the easiest way is to copy the SSH public key created to the filename used for the NAS, ssh2auth.key.
% cp /home/user/.ssh/id_rsa.pub ~/ssh2auth.key
Preexisting ssh2auth.key file on NAS
If the file exists on the NAS appliance you do not want to overwrite existing key files by just copying your key-file, so you need to download the key-files first using ftp. So ftp to the Sun StorageTek[TM] 5000 NAS as user admin and download ssh2auth.key file in /dvol/etc to a local folder and append your public ssh-key to the file.
% ftp NAS-ARRAY
Connected to NAS-ARRAY.
220-Local time is now 16:20 and the system load is 0%.
220 You will be disconnected after 900 seconds of inactivity.
Name (NAS-ARRAY:user): admin
331 Admin login OK. Password required.
Password:
230-User admin logged in.
230 Current directory is /
ftp> lcd ~/
Local directory now /home/user
ftp> cd /dvol/etc
250 Changed to /dvol/etc
ftp> get ssh2auth.key
ftp> quit
% cat
/home/user/.ssh/id_rsa.pub >> /home/user/ssh2auth.key
The files /dvol/etc/ssh1auth.key and /dvol/etc/ssh2auth.key, when present on the NAS, each contain a list of public user ssh-keys from clients, for SSH version 1.x and 2.x of ssh respectively. These files are completely user maintained.
The keys are generated on the SSH client, and the plain-text public keys are appended to the one of these files that is appropriate to the version of SSH in use.
The individual keys are separated from one another with a newline character. When editing this file, be careful not to add any extra linefeeds or keystrokes. The Sun StorageTek[TM] 5000 NAS series supports both the OpenSSH and SECSH (ssh.com) key formats.
4. FTP to the NAS as the user "admin" and place the ssh2auth.key file in /dvol/etc
% ftp NAS-ARRAY
Connected to NAS-ARRAY.
220-Local time is now 16:20 and the system load is 0%.
220 You will be disconnected after 900 seconds of inactivity.
Name (NAS-ARRAY:user): admin
331 Admin login OK. Password required.
Password:
230-User admin logged in.
230 Current directory is /
ftp> lcd ~/
Local directory now /home/user
ftp> cd /dvol/etc
250 Changed to /dvol/etc
ftp> put ssh2auth.key
ftp> quit
5. Telnet to the NAS array to unload ftpd(if appropriate) and enable the SSH service.
% telnet NAS-ARRAY
Trying NAS-ARRAY...
Connected to NAS-ARRAY.
Escape character is '^]'.
password for admin access ? *********
To get to the menus, use the menu command
NAS-ARRAY > unload ftpd
NAS-ARRAY > netserv enable ssh both
ssh is enabled.
NAS-ARRAY > exit
The netserv command can be used to configure SSH to allow access only to users with keys included in these files or to those users and users who enter the password with one of the following two settings:
netserv enable ssh both
netserv enable ssh public
If new keys are copied to the Sun StorageTek NAS, the following Console/Telnet CLI command must be executed:
netserv enable ssh reload
References
<NOTE:1010933.1> - Sun StorEdge[TM] 5x10 NAS - How to clear the admin password
Attachments
This solution has no attachment