When working in an environment with lots of filer servers, you might consider enable password less SSH on the filer for easier administration (from some administration host).
The concept stays the same, public keys exchange, but as you know the NetApp OnTapp OS uses slightly different syntax, so I decided to write this small guide that will help you out:
OK, let's get busy , I'll assume that the filer has already has networking configured correctly.
1) The filer does not have SSH enabled by default, so login via telnet:
admin_host> telnet filer01
2) Set up root password:
filer01> passwd
3) Next, you need to enable SSH (preferably version 2 - as it's more secure):
filer01> secureadmin enable ssh2
filer01> secureadmin setup ssh
4) Make sure you exports file is edited correctly and vol0 is exported to admin_host
admin_host> showmount -e filer01
You can edit exports file from the filer with "wrfile" command, if you have modified the file remmember to re-export the new exports with:
filer01 >exportfs -av
5) Next, mount vol0 from the NetApp filer on the amdministration host:
admin_host> mkdir -p /nfs/filer01/vol0
admin_host> mount -t nfs filer01:/vol/vol0 /nfs/filer01/vol0
Check that you see the mounted volume:
If not you're probably having some issue with your firewall, or exports on the filer side.
6) This is the most critical part, here you will create the ssh directory and append your root public key to authorized_keys of the filer:
admin_host> mkdir -p /nfs/filer01/vol0/etc/sshd/root/.ssh/
admin_host> cat /root/.ssh/id_rsa.pub >> /nfs/filer01/vol0/etc/sshd/root/.ssh/authorized_keys
filer01> options rsh.enable off
filer01> options telnet.enable off
4) Make sure you exports file is edited correctly and vol0 is exported to admin_host
admin_host> showmount -e filer01
You can edit exports file from the filer with "wrfile" command, if you have modified the file remmember to re-export the new exports with:
filer01 >exportfs -av
5) Next, mount vol0 from the NetApp filer on the amdministration host:
admin_host> mkdir -p /nfs/filer01/vol0
admin_host> mount -t nfs filer01:/vol/vol0 /nfs/filer01/vol0
Check that you see the mounted volume:
admin_host> ls /nfs/filer01/vol0
If not you're probably having some issue with your firewall, or exports on the filer side.
6) This is the most critical part, here you will create the ssh directory and append your root public key to authorized_keys of the filer:
admin_host> mkdir -p /nfs/filer01/vol0/etc/sshd/root/.ssh/
admin_host> cat /root/.ssh/id_rsa.pub >> /nfs/filer01/vol0/etc/sshd/root/.ssh/authorized_keys
7) Last, you may want to turn down rsh and telnet services (for obvious security reasons):
filer01> options telnet.enable off
No comments:
Post a Comment