beautypg.com

3 viewing authorizations, 4 setting up ssh access to the system alias, 3 viewing authorizations -23 – HP StorageWorks Scalable File Share User Manual

Page 55: 4 setting up ssh access to the system alias -23, Viewing authorizations (section 3.12.3)

background image

Managing remote access

3–23

3.12.3 Viewing authorizations

To view a list of all authorizations in the HP SFS system, enter the following command:

sfs> show authorization

Name Id
---------------------- -------------------------------------------------------
root_10@ms ssh-rsa AA...ijoFIU1rf7E= [email protected]
fred@ms ssh-rsa AA...OIU9mjib0hMqr0= [email protected]
sfs>

A short version of the public key (ID) is shown, which includes the start and the end of the ID.

To view more information on an individual authorization, enter the command as shown in the following

example:

sfs> show authorization fred@ms
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAssbXVb7kcVUsVDyXjqPo9y1qak
UP1Zb0GOUfkakb5Oa1qpFiAJWOUO917ibRzHuCSaUlfT09hybth9ll
UdRJK0zKyOhUvSUie6pIPI/+7Eu8TG2fjHXxKyQsllTnDS+stOxrIl
e34eAegXQqAJ/hSs8un756xOIU9mjib0hMqr0= [email protected]

3.12.4 Setting up ssh access to the system alias

When you log in to the HP SFS system using the

ssh

utility, you can log in to the server where the

administration service is running (normally the administration server). Alternatively, you can log in to the HP

SFS system alias; this is convenient because it means that you do not need to know whether the

administration service is running on the administration server or the MDS server—if at least one of these

servers is running, you will be able to log in to the HP SFS system using the system alias. When you log in

to the system alias, the signature of the server that you have logged in to is recorded in the

known_hosts

file on the client node you are connecting from. However, if the administration service fails over to the peer

server, when you next attempt to log in to the system alias the

ssh

utility issues a

man-in-the-middle-

attack

message to warn you that the signatures no longer match.

You can avoid this problem by configuring the

known_hosts

file on the node you are connecting from as

follows:

1.

Using the

ssh

utility, log in to the administration server from the client node. The

ssh

utility asks if

you want to add the administration server (for example,

south1

) to the

known_hosts

file.

2.

Using the

ssh

utility, log in to the MDS server from the client node. The

ssh

utility asks if you want to

add the MDS server (for example,

south2

) to the

known_hosts

file.

3.

Examine the

known_hosts

file on the client node, as shown in the following example, where

...

represents text not shown:

# cat /root/.ssh/known_hosts

south1,16.123.123.101 ...
south2,16.123.123.102 ...

4.

Add the system alias or the system alias IP address (for example,

south

or

16.123.123.100

) to

each of the administration server and MDS server entries, as shown in the following example:

south1,16.123.123.101,south ...
south2,16.123.123.102,south ...

5.

If there is a separate entry for the system alias in the

known_hosts

file, delete the entry.

Having performed these steps, when you next log in to the HP SFS system alias from the client node, the

ssh

utility will not ask you if you want to add the system alias to the

known_hosts

file. If the administration

server is running, you will be logged in to that server. However, if the administration server is shut down and

the administration service is running on the MDS server, you will be logged in to the MDS server.