Administrator Guide

ManualsBrandsDell ManualsCompellent (SCStorage SCv2000

351

352

353

354

355

356

357

358

359

360

Connect to the FluidFS Cluster CLI Using SSH Key Authentication

You can grant trust to a specic machine and user by performing an SSH key exchange.

1 Generate an RSA SSH key.

NOTE: The following example uses the ssh-keygen utility. The steps to generate an RSA SSH key can vary by operating

system. See the documentation for the respective operating system for more information.

a Log in to a UNIX/Linux workstation for which you want to use SSH key authentication.

b From the command line, enter the following command:

ssh-keygen -t rsa

c Press Enter at the Enter le in which to save the key (/home/

user_name

/.ssh/id_rsa) prompt.

d Press Enter at the Enter passphrase (empty for no passphrase) prompt and again at the Enter same passphrase again

prompt. An SSH key is generated at /home/user_name/.ssh/id_rsa.pub.

2 Copy the SSH key to your clipboard.

3 Log in to the FluidFS cluster CLI through SSH using a password.

4 Enter the following command, pasting in the copied SSH key:

system administrators passwordless-access add-ssh-keys Administrator add-ssh-keys ssh_key

Now you can use the following command to log in to the FluidFS cluster from the workstation without needing a password:

ssh fluidfs_administrator_user_name@client_vip_or_name

You can also use the following format to run commands from the workstation without needing a password:

ssh fluidfs_administrator_user_name@client_vip_or_name cli_command

Managing Secured Management

By default, all FluidFS cluster management ports are open on all subnets, along with the other ports needed for client access (SMB/NFS/

FTP), replication, and NDMP. Secured management, when enabled, exclusively limits all management trac to one specic subnet. The

subnet on which secured management is enabled also has the necessary ports open for client access, replication, FTP, and NDMP trac.

Other subnets will not have any of the management ports listening on them, making them available only for client access, replication, and

NDMP trac. This setup prevents users on client (data) access subnets from accessing any FluidFS cluster management functions.

In FluidFS, the management ports listed in the following table do not participate in SMB/NFS communication, but are exposed on the client

network by default. When you enable secured management, you can expose the management ports on a management subnet only.

Service

Port

Web Services 80

Secure Web Services 443

FTP 44421

FTP (Passive) 44430–44439

SSH 22

Storage Manager communication 35451

Secured management can be enabled only after the system is deployed. To make a subnet secure:

• It must exist prior to enabling the secured management feature.

360

FluidFS Administration