The chnaskey command provides an interface
to set or reset the Secure Shell (SSH) private and public key credential
pair used by communications between the Lenovo Storage® V7000file modules and
the control enclosure over the site 1 Gbps Ethernet LAN. This is required
during the USB initialization of the system.
Syntax
chnaskey { -pubkeyfilefilename | | -privkeyfilefilename | | -reset }
Parameters
- -pubkeyfilefilename | -privkeyfilefilename | -reset
- During the Universal Serial Bus (USB) initialization of the Lenovo Storage V7000 system,
one of the node canisters in the control enclosure creates a public/private
key pair to use for Secure Shell (SSH). The node canister stores the
public key and writes the private key to the USB flash drive memory.
One
of the file modules then
takes the private key from the USB flash drive memory
to use for SSH. The file module passes
it to the other file module over
the direct connect Ethernet link and then deletes the private key
from the USB flash drive memory
so that it cannot be used on the wrong system.
Note: - The pubkeyfile parameter must be an alphanumeric
string up to 255 characters in length, and the file must be less then
2048 bytes.
- The privkeyfile must be an alphanumeric string
up to 251 characters in length.
pubkeyfile provides an existing
public keyfile in use. This does not generate anything, but replaces
the currently used public key with another public key. The private
key file on the file modules is
use it to generate the original public key file when it is set on
the system.
privkeyfile generates the public
and private key pair, and sets the public key on the system. It also
provides the private key for installation on the file modules (in
the /dumps directory or on the USB stick
depending on what was used).
- -reset
- (Optional) Specifies that the public and private key pair should
be cleared, and the system should be reset.
Description
It
might be necessary to reset the Network Attached Storage (NAS) SSH
key in the following circumstances:
- When communications between the Lenovo Storage V7000file module and
the Lenovo Storage V7000 control
enclosure is not authorized because of a bad key.
- When both Lenovo Storage V7000file modules have
lost the original NAS SSH key.
- When the Lenovo Storage V7000 control
enclosure has lost the NAS SSH key.
Resetting the NAS SSH key
Reset the NAS
SSH key so that communications between the
file modules and
the
Lenovo Storage V7000 control
enclosure resume:
- Log on to the Lenovo Storage V7000 control
enclosure management command-line interface (CLI) as superuser:
satask chnaskey -privkeyfile NAS.ppk
The
private key is left in the /dumps directory.
- Use SCP to copy the private key file to the Lenovo Storage V7000file module :
scp -P 1602 /dumps/NAS.ppk root@<file module management IP>:/files
You
are prompted for the file module root
password.
- Log on to the management Command-Line Interface (CLI) as admin:
chstoragesystem --sonasprivkey/files