Connecting to the CLI using PuTTY

Ensure that you are familiar with how to run the PuTTY and plink utilities.

Note: Windows users can download PuTTY from the following website: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.

The Secure Shell (SSH) protocol specifies that the first access to a new host server sends a challenge to the SSH user to accept the SSH server public key or user password. Because this is the first time that you connect to an SSH server, the server is not included in the SSH client list of known hosts. Therefore, there is a fingerprint challenge, which asks if you accept the responsibility of connecting with this host. If you type y, the host fingerprint and IP address are saved by the SSH client.

When you use PuTTY, you must also type y to accept this host fingerprint. However, the host fingerprint and IP address are stored in the registry for the user name that is logged onto Windows.

The SSH protocol also specifies that once the SSH server public key is accepted, another challenge is presented if the fingerprint of an SSH server changes from the one previously accepted. In this case, you must decide if you want to accept this changed host fingerprint.

Note: The SSH server keys on the Lenovo Storage V series are regenerated when a microcode load is performed on the clustered system. As a result, a challenge is sent because the fingerprint of the SSH server has changed.

All command-line interface (CLI) commands are run in an SSH session. You can run the commands in one of the following modes:

An interactive prompt mode
A single line command mode, which is entered one time to include all parameters

Interactive mode

For interactive mode, you can use the PuTTY executable to open the SSH restricted shell.

The system supports up to 32 interactive SSH sessions on the management IP address simultaneously.

Note: After one hour, a fixed SSH interactive session times out, which means the SSH session is automatically closed. This session timeout limit is not configurable.

The following is an example of the command that you can issue to start interactive mode:

C:\support utils\putty<username>@svcconsoleip

where support utils\putty is the location of your putty.exe file, <username> is the IP address of your management GUI, and <username> is the user name that you want to use.

If you were to issue the lsuser command, which lists the SSH client public keys that are stored on the system, the following output is displayed when ssh_key=yes:

IBM_2145:cluster0:superuser>lsuser 
id name      password ssh_key remote usergrp_id usergrp_name 
0  superuser yes      yes     no     0          SecurityAdmin 
1  smith     no       yes     no     4          Monitor 
2  jones     no       yes     no     2          CopyOperator

You can type exit and press Enter to escape the interactive mode command.

The following is an example of the host fingerprint challenge when using plink in interactive mode:

C:\Program Files\IBM\svcconsole\cimom>plink superuser@9.43.225.208
The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's key fingerprint is:
ssh-rsa 1024 e4:c9:51:50:61:63:e9:cd:73:2a:60:6b:f0:be:25:bf
If you trust this host, enter "y" to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the
connection.
Store key in cache? (y/n) y
Using user name "superuser".
Authenticating with public key "imported-openssh-key"
IBM_2145:your_cluster_name:superuser>

Single line command

For single line command mode, you can type the following all on one command line:

C:\Program Files\IBM\svcconsole\cimom>
	plink superuser@9.43.225.208 lsuserAuthenticating with public key "imported-openssh-key"
id name      password ssh_key remote usergrp_id usergrp_name 
0  superuser yes      yes     no     0          SecurityAdmin 
1  smith     no       yes     no     4          Monitor 
2  jones     no       yes     no     2          CopyOperator

Note: If you are submitting a CLI command with all parameters in single line command mode, you are challenged upon first appearance of the SSH server host fingerprint. Ensure that the SSH server host fingerprint is accepted before you submit a batch script file.

The following is an example of the host fingerprint challenge when using plink in single line command mode:

C:\Program Files\IBM\svcconsole\cimom>
 plink superuser@9.43.225.208 lsuser
 The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's key fingerprint is:
ssh-rsa 1024 e4:c9:51:50:61:63:e9:cd:73:2a:60:6b:f0:be:25:bf
If you trust this host, enter "y" to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the
connection.
Store key in cache? (y/n) y
Authenticating with public key "imported-openssh-key"
id name      password ssh_key remote usergrp_id usergrp_name 
0  superuser yes      yes     no     0          SecurityAdmin 
1  smith     no       yes     no     4          Monitor 
2  jones     no       yes     no     2          CopyOperator