vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/umn/admin_guide_000285.html
Yang, Tong 2195db241c MRS UMN 20231220 version update 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Reviewed-by: Rechenburg, Matthias <matthias.rechenburg@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2024-05-16 09:40:21 +00:00

36 lines
8.1 KiB
HTML
Raw Blame History

<a name="admin_guide_000285"></a><a name="admin_guide_000285"></a>
<h1 class="topictitle1">Updating SSH Keys for User omm</h1>
<div id="body1530067732209"><div class="section" id="admin_guide_000285__sf62891bac17a4dd785446d1aef7f7476"><h4 class="sectiontitle">Scenario</h4><p id="admin_guide_000285__en-us_topic_0046736717_p65381771">During cluster installation, the system automatically generate the SSH public key and private key for user <strong id="admin_guide_000285__b55756154115">omm</strong> to establish the trust relationship between nodes. After the cluster is installed, if the original keys are accidentally disclosed or new keys are used, the system administrator can perform the following operations to manually change the keys.</p>
</div>
<div class="section" id="admin_guide_000285__scf3c6e2c94eb46c6a60fdc315ec05d94"><h4 class="sectiontitle">Prerequisites</h4><ul id="admin_guide_000285__en-us_topic_0046736717_ul9945879"><li id="admin_guide_000285__en-us_topic_0046736717_li22404047">The cluster has been stopped.</li><li id="admin_guide_000285__en-us_topic_0046736717_li309837">No other management operations are being performed.</li></ul>
</div>
<div class="section" id="admin_guide_000285__s9df9c34615cb4efe868908100ab20071"><h4 class="sectiontitle">Procedure</h4><ol id="admin_guide_000285__en-us_topic_0046736717_ol25096836"><li id="admin_guide_000285__en-us_topic_0046736717_li24544935"><span>Log in as user <strong id="admin_guide_000285__b5601162914319">omm</strong> to the node whose SSH keys need to be replaced.</span><p><p id="admin_guide_000285__en-us_topic_0046736717_p41982722">If the node is a Manager management node, run the following command on the active management node.</p>
</p></li><li id="admin_guide_000285__en-us_topic_0046736717_li42300179"><span>Run the following command to disable logout upon timeout:</span><p><p id="admin_guide_000285__en-us_topic_0046736717_p45157297"><strong id="admin_guide_000285__en-us_topic_0046736717_b3762492">TMOUT=0</strong></p>
<div class="note" id="admin_guide_000285__note12497171716409"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="admin_guide_000285__p1614684417440">After the operations in this section are complete, run the <strong id="admin_guide_000285__b1450621510444">TMOUT=</strong><em id="admin_guide_000285__i7508161514419">Timeout interval</em> command to restore the timeout interval in a timely manner. For example, <strong id="admin_guide_000285__b646615171441">TMOUT=600</strong> indicates that a user is logged out if the user does not perform any operation within 600 seconds.</p>
</div></div>
</p></li><li id="admin_guide_000285__en-us_topic_0046736717_li33862429"><span>Run the following command to generate a key for the node:</span><p><ul id="admin_guide_000285__ul17715916141317"><li id="admin_guide_000285__li20715191620132">If the node is a Manager management node, run the following command:<p id="admin_guide_000285__en-us_topic_0046736717_p58502189"><a name="admin_guide_000285__li20715191620132"></a><a name="li20715191620132"></a><strong id="admin_guide_000285__en-us_topic_0046736717_b56757654">sh ${CONTROLLER_HOME}/sbin/update-ssh-key.sh</strong></p>
</li><li id="admin_guide_000285__li143482214134">If the node is a non-Manager management node, run the following command:<p id="admin_guide_000285__en-us_topic_0046736717_p33967256"><a name="admin_guide_000285__li143482214134"></a><a name="li143482214134"></a><strong id="admin_guide_000285__en-us_topic_0046736717_b37269850">sh ${NODE_AGENT_HOME}/bin/update-ssh-key.sh</strong></p>
</li></ul>
<p id="admin_guide_000285__en-us_topic_0046736717_p66993202">If "Succeed to update ssh private key." is displayed when the preceding command is executed, the SSH key is generated successfully.</p>
</p></li></ol><ol start="4" id="admin_guide_000285__ol6214340994042"><li id="admin_guide_000285__en-us_topic_0046736717_li57740301"><span>Run the following command to copy the public key of the node to the active management node:</span><p><p id="admin_guide_000285__en-us_topic_0046736717_p49900666"><strong id="admin_guide_000285__b1134744561314">scp ${HOME}/.ssh/id_rsa.pub </strong><em id="admin_guide_000285__i17348345111312">oms_ip</em><strong id="admin_guide_000285__b1634712458134">:${HOME}/.ssh/id_rsa.pub_bak</strong></p>
<p id="admin_guide_000285__en-us_topic_0046736717_p4581796"><em id="admin_guide_000285__i141615108462">oms_ip</em>: indicates the IP address of the active management node.</p>
<p id="admin_guide_000285__en-us_topic_0046736717_p41236172">Enter the password of user <strong id="admin_guide_000285__b481531794713">omm</strong> to copy the files.</p>
</p></li><li id="admin_guide_000285__en-us_topic_0046736717_li51795644"><span>Log in to the active management node as user <strong id="admin_guide_000285__b750732394719">omm</strong>.</span></li><li id="admin_guide_000285__en-us_topic_0046736717_li63507614"><span>Run the following command to disable logout on system timeout:</span><p><p id="admin_guide_000285__en-us_topic_0046736717_p34697616"><strong id="admin_guide_000285__en-us_topic_0046736717_b43843091">TMOUT=0</strong></p>
</p></li><li id="admin_guide_000285__en-us_topic_0046736717_li59043505"><span>Run the following command to go to the related directory:</span><p><p id="admin_guide_000285__en-us_topic_0046736717_p61629497"><strong id="admin_guide_000285__en-us_topic_0046736717_b17794566">cd ${HOME}/.ssh</strong></p>
</p></li><li id="admin_guide_000285__en-us_topic_0046736717_li47834478"><span>Run the following command to add new public keys:</span><p><p id="admin_guide_000285__en-us_topic_0046736717_p27857118"><strong id="admin_guide_000285__en-us_topic_0046736717_b49387472">cat id_rsa.pub_bak &gt;&gt; authorized_keys</strong></p>
</p></li><li id="admin_guide_000285__en-us_topic_0046736717_li41834070"><span>Run the following command to move the temporary public key file, for example, <strong id="admin_guide_000285__b85319823114454">/tmp</strong>.</span><p><p id="admin_guide_000285__en-us_topic_0046736717_p40962311"><strong id="admin_guide_000285__en-us_topic_0046736717_b33116486">mv -f id_rsa.pub_bak</strong> <strong id="admin_guide_000285__b121801816291">/tmp</strong></p>
</p></li><li id="admin_guide_000285__en-us_topic_0046736717_li29612923"><span>Copy the <strong id="admin_guide_000285__b14623194855110">authorized_keys</strong> file of the active management node to the other nodes in the cluster:</span><p><p id="admin_guide_000285__en-us_topic_0046736717_p65189719"><strong id="admin_guide_000285__en-us_topic_0046736717_b49836563">scp authorized_keys </strong><em id="admin_guide_000285__en-us_topic_0046736717_i45875888">node_ip</em><strong id="admin_guide_000285__en-us_topic_0046736717_b10229816">:/${HOME}/.ssh/authorized_keys</strong></p>
<p id="admin_guide_000285__en-us_topic_0046736717_p24959482"><em id="admin_guide_000285__i1581210115213">node_ip</em>: indicates the IP address of another node in the cluster. Multiple IP addresses are not supported.</p>
</p></li><li id="admin_guide_000285__en-us_topic_0046736717_li23308753"><span>Run the following command to confirm private key replacement without entering the password:</span><p><p id="admin_guide_000285__en-us_topic_0046736717_p8452189"><strong id="admin_guide_000285__en-us_topic_0046736717_b8960839">ssh </strong><em id="admin_guide_000285__en-us_topic_0046736717_i13538688">node_ip</em></p>
<p id="admin_guide_000285__en-us_topic_0046736717_p54739329"><em id="admin_guide_000285__i546317415524">node_ip</em>: indicates the IP address of another node in the cluster. Multiple IP addresses are not supported.</p>
</p></li><li id="admin_guide_000285__li207749141586"><span>Log in to <span id="admin_guide_000285__text67509419010">MRS</span> Manager. On <strong id="admin_guide_000285__b9421152405517">Homepage</strong>, locate the desired cluster and choose <span><img id="admin_guide_000285__image74630192913" src="en-us_image_0000001442773649.png"></span> &gt; <strong id="admin_guide_000285__b13786204275619">Start</strong> to start the cluster.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="admin_guide_000271.html">Security Hardening</a></div>
</div>
</div>
View Git Blame Copy Permalink