Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1589246.1
Update Date:2018-05-24
Keywords:
Solution Type  Technical Instruction Sure

Solution  1589246.1 :   Sun Storage 7000 Unified Storage System: How to enable password-less login  

Related Items 
    

  • Sun ZFS Storage 7420
    •  
  • Oracle Exalogic Elastic Cloud Software
    •  
  • Sun Storage 7110 Unified Storage System
    •  
  • Sun Storage 7210 Unified Storage System
    •  
  • Sun Storage 7410 Unified Storage System
    •  
  • Sun Storage 7310 Unified Storage System
    •  
  • Sun ZFS Storage 7120
    •  
  • Sun ZFS Storage 7320
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>DISK>ZFS Storage>SN-DK: 7xxx NAS
    •  






In this Document


Goal


Solution




Applies to:  

Sun ZFS Storage 7120 - Version All Versions and later
Sun Storage 7110 Unified Storage System - Version All Versions and later
Sun Storage 7210 Unified Storage System - Version All Versions and later
Sun Storage 7310 Unified Storage System - Version All Versions and later
Sun Storage 7410 Unified Storage System - Version All Versions and later
7000 Appliance OS (Fishworks)



Goal


To discuss this information further with Oracle experts and industry peers, we encourage you to review, join or start a discussion in the My Oracle Support Community - Disk Storage ZFS Storage Appliance Community


This document describes how to enable password-less login to ZFS Storage Appliance from external hosts.


It may be required to 'continually' login to the ZFS Storage Appliance from a host without supplying a password - for example, to run a script to perform automated task.


 


Solution


 




IMPORTANT NOTE :  DSA/DSS keys no longer supported as of 8.7.0.


From our release notes:


        "In prior releases, both RSA and DSA/DSS public keys were supported for SSH authentication. In line with industry best practices, support for the DSA/DSS public key
         method (now considered weak) has been permanently removed from this and future versions of the product.  Users requiring key-based authentication must use RSA keys."




 


Below are the general steps to perform this activity :


1. Generate RSA/DSA key on the host/client


root@localhost:~# ssh-keygen -t dsa
root@localhost:~# ssh-keygen -t dsa -b 1024    // Currently many ssh-keygen for DSA can generate only upto 1024 bit key

root@localhost:~# ssh-keygen -t rsa
root@localhost:~# ssh-keygen -t rsa -b 2048


 


2. Locate the public key on the host and copy the DSA/RSA public key. They key should not contain any white spaces.


    Copy the text excluding ssh-dss/ssh-rsa keyword at the beginning and user@hostname entry at the end.


    In the below example we will copy we will the underlined text.


root@localhost:~# cd ~/.ssh
root@localhost:~/.ssh# ls
id_dsa       id_dsa.pub   known_hosts
root@localhost:~/.ssh# cat id_dsa.pub
ssh-dss AAAAB3NzaC1kc3MAAACBAKVL2rQA9Lk7jePMtMCDshcoSs/5gMsTGJAdOlUZ78LpBkq6uU3H60k+hC+nKI/dN66jws7mYpWntsw/lRWQUaJGMkqcNn1994Mgciwyg2ibxMeDbLwHmkP9FTBbcJLWlCWzt39ZZS86zfbbK6EpsabOr3de+FWqK1p6Y0IVVkKXAAAAFQDJ5xiQ6XPlQRoD9BN5oUBPSe5f0wAAAIAK9DasjU8F0sSSsl9dyRQlvxJnkK0FW4IZ+u3ZT6PpEAIcjnNV2JZulWXTNT80dlPNfC9BNhJZcsyjXexCEjQ7IyxAC2N1PTAhMzT0so7edNNjNIhyj6pfu4S8Oj70Gu0frpTGb9aqvzF4xvp3n1ZaKWxfUHcC9CT0R+ojuDJReQAAAIBGZ5MEUTfDARhTRSWk7i+rmFnUZd8bEYqUH/rjw3FWkgjpuk7bl54mg8w22gZ/u68uzXt7BMhels+JpL83v+5DoeTYiPzQMyOPbGOTdlq1FHPbfbGOTDlf+0f59aC2G6wzcuG2HRoJDE1U0ubAAnj5GbeA6iG9kg1OeEdw7ylYzA== root@localhost.xyz.com
root@localhost:~/.ssh#


 


NOTE: The generated keys need to have access restricted to owner only.

~$ ls -la .ssh/id*
-rw-------   1 user1 staff       672 Jun 29  2006 .ssh/id_dsa
-rw-------   1 user1 staff       607 Jun 29  2006 .ssh/id_dsa.pub
-rw-------   1 user1 staff       887 Nov 22  2004 .ssh/id_rsa
-rw-------   1 user1 staff       243 Nov 22  2004 .ssh/id_rsa.pub

If this is not the case, you need to use  chmod 600 id_dsa.pub  for example.


 


3. Copy the public key to the ZFS Storage Appliance.


    Open the BUI and locate configuration > Preferences and paste the key as mentioned below :






ssh






 


For CLI method login to CLI and follow the steps below :



7000:> configuration preferences keys
7000:configuration preferences keys> create
7000:configuration preferences key (uncommitted)> set type=DSA
7000:configuration preferences key (uncommitted)> set key="...DSA key text..."
                           key = ...DSA key text...== (uncommitted)
7000:configuration preferences key (uncommitted)> set comment="mylocalhost"
                       comment = mylocalhost (uncommitted)
7000:configuration preferences key (uncommitted)> commit
7000:configuration preferences keys> show
Keys:

NAME     MODIFIED              TYPE   COMMENT                                  
key-000  2/10/2013 14:21:37   DSA    mylocalhost


 
4. Test the setup :


root@localhost:# ssh root@7000.xyz.com
Last login: Thu Oct  3 06:01:35 2013 from 10.186.nn.mm
7000:>


 


 


NOTE: Please ensure that you are logged in as the 'non-root' user in order to import the key for that user.


 


 



Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback