3 viewing authorizations, 4 setting up ssh access to the system alias, 3 viewing authorizations -23 – HP StorageWorks Scalable File Share User Manual
Page 55: 4 setting up ssh access to the system alias -23, Viewing authorizations (section 3.12.3)

Managing remote access
3–23
3.12.3 Viewing authorizations
To view a list of all authorizations in the HP SFS system, enter the following command:
sfs> show authorization
Name Id
---------------------- -------------------------------------------------------
root_10@ms ssh-rsa AA...ijoFIU1rf7E= [email protected]
fred@ms ssh-rsa AA...OIU9mjib0hMqr0= [email protected]
sfs>
A short version of the public key (ID) is shown, which includes the start and the end of the ID.
To view more information on an individual authorization, enter the command as shown in the following
example:
sfs> show authorization fred@ms
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAssbXVb7kcVUsVDyXjqPo9y1qak
UP1Zb0GOUfkakb5Oa1qpFiAJWOUO917ibRzHuCSaUlfT09hybth9ll
UdRJK0zKyOhUvSUie6pIPI/+7Eu8TG2fjHXxKyQsllTnDS+stOxrIl
e34eAegXQqAJ/hSs8un756xOIU9mjib0hMqr0= [email protected]
3.12.4 Setting up ssh access to the system alias
When you log in to the HP SFS system using the
ssh
utility, you can log in to the server where the
administration service is running (normally the administration server). Alternatively, you can log in to the HP
SFS system alias; this is convenient because it means that you do not need to know whether the
administration service is running on the administration server or the MDS server—if at least one of these
servers is running, you will be able to log in to the HP SFS system using the system alias. When you log in
to the system alias, the signature of the server that you have logged in to is recorded in the
known_hosts
file on the client node you are connecting from. However, if the administration service fails over to the peer
server, when you next attempt to log in to the system alias the
ssh
utility issues a
man-in-the-middle-
attack
message to warn you that the signatures no longer match.
You can avoid this problem by configuring the
known_hosts
file on the node you are connecting from as
follows:
1.
Using the
ssh
utility, log in to the administration server from the client node. The
ssh
utility asks if
you want to add the administration server (for example,
south1
) to the
known_hosts
file.
2.
Using the
ssh
utility, log in to the MDS server from the client node. The
ssh
utility asks if you want to
add the MDS server (for example,
south2
) to the
known_hosts
file.
3.
Examine the
known_hosts
file on the client node, as shown in the following example, where
...
represents text not shown:
# cat /root/.ssh/known_hosts
south1,16.123.123.101 ...
south2,16.123.123.102 ...
4.
Add the system alias or the system alias IP address (for example,
south
or
16.123.123.100
) to
each of the administration server and MDS server entries, as shown in the following example:
south1,16.123.123.101,south ...
south2,16.123.123.102,south ...
5.
If there is a separate entry for the system alias in the
known_hosts
file, delete the entry.
Having performed these steps, when you next log in to the HP SFS system alias from the client node, the
ssh
utility will not ask you if you want to add the system alias to the
known_hosts
file. If the administration
server is running, you will be logged in to that server. However, if the administration server is shut down and
the administration service is running on the MDS server, you will be logged in to the MDS server.