| Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback |
| Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition | ||
|
|
||
 |
||||||||||||||||
Solution Type Technical Instruction Sure Solution 1612695.1 : Sun Storage 7000 Unified Storage System: How to configure SFTP Using SFTP Keys
In this Document
Created from <SR 3-8089503635> Applies to:Sun ZFS Storage 7120 - Version All Versions to All Versions [Release All Releases]Sun ZFS Storage 7420 - Version All Versions to All Versions [Release All Releases] Sun Storage 7110 Unified Storage System - Version All Versions to All Versions [Release All Releases] Sun Storage 7310 Unified Storage System - Version All Versions to All Versions [Release All Releases] Sun Storage 7210 Unified Storage System - Version All Versions to All Versions [Release All Releases] 7000 Appliance OS (Fishworks) GoalHow to configure SFTP on the Sun Storage 7000 Unified Storage System. Solution
PLEASE NOTE : As of Appliance Firmware Release 8.7.0, DSA keys are considered weak and no longer supported per release notes. Recommend using RSA keys instead.
As of the 2011.1 software release, key management for SFTP has changed to increase security. When creating an SFTP key, it is required to include the "user" property with a valid user assignment. SFTP keys are grouped by user and are authenticated via SFTP with the user's name. It is recommended to recreate any existing SFTP keys that do not include the user property, even though they will still authenticate. The current documentation does not clearly explain the procedure though. Please follow these steps to configure SFTP on the appliance. 1. Generate the key on the machine which will remotely connect to the appliance.
#ssh-keygen -t dsa 2. The key will be saved in a /id_dsa.pub file. It will be something like #cat id_dsa.pub ssh-dss AAAAB3NzaC1kc3MAAACBAIXWbfY6ZOOOvoa5G98SCbUs4LYXPqLFFvPM52vQYP7wgh2X8S2nIxuRGO1dy03EyBkWR10dD+l/BjqiPtk4W5kKUHHg95eIlrfGJkSZ/RQMcumrIR9uk1xamddZC5qLT3+vESszY8A8wsmsbQwR7mKcxjeNVrXZ80tOj4eJxV3JAAAAFQD6nyK7k1okSizsTUScF4RqE0M4sQAAAIBPWRkMro+mEyygvaSrOiueTvU09MBKedby+kRAYtiPTVayVGzxa5hYR/Z/Mg35s0jjQdSJxamXRdo27kWcxCo27tV1SkZ6CdGdBbnaDa4SFSba0xXdobax/YCuLbrqHU9cJyBBGhiPiH8Plovvc3DKQGQjdsKLogfZi1fjc+7a4AAAAIBumWFKTVeu569iX10x0ahY5T4VNNGeGEJ7C7/HOQd8eszs5GywJUe9sse++ylZ+3ws/ulfyWqFCs8ujsfyfGl4Y7P1CeCnr5QK1YBJIizT6Yi2m3M6C97z08U4vbBo0HjizL/gm+/RiwjFiUMW8cL6bhjXD54lBf3FMuVASpvEbA== user@xxxxx 3. Added the key (From AAAA to VASpvEbA==) to the sftp protocol under: Configuration> Services> sftp Under sftp keys click the Plus (+) sign to add the key, select dsa, with a comment as a reminder 4. Then create a new filesystem under Shares ie /export/<share name >. And change the mode to (Read/ Write) on the share. This can be set under "Protocols", under SFTP. For existing shares, simply click on "Protocols" after clicking on the edit icon for the share Then set the share as read/write for sftp. 5. Then remotely connect to the appliance #sftp -o "port=218" < user >@ < IP address of the appliance>>:/export/<share name> Connecting to xxxxxxxxx... Changing to: /export/<share name> sftp> or #sftp -v -o "IdentityFile=/< path to the file>/.ssh/id_dsa" -o "port=218" <user >@< IP address of the appliance >:/export/< share name >
References<BUG:15606493> - SUNBT6905238 SFTP SERVICE ONLINE HELP IS LACKING DETAIL ON HOW TO CONFIGURE THEAttachments This solution has no attachment |
||||||||||||||||
|
||||||||||||||||