Mike_pl
1 Nickel

Data Domain adminaccess ssh

I am trying to add a public rsa key generated on a Linux client to a Data Domain running 5.7.1.

It successfully imports, but the key gets broken up in multiple separate line.

I import it with the command:

$ cat id_rsa.pub | ssh -l sysadmin <dd hostname>  adminaccess add ssh-key

It fails to be referenced at a login attempt because for some reason it gets parsed into 7 separate lines when it is piped into adminaccess.

Does this problem look familiar to anyone?

When I log onto the Data Domain, it should look like this:

# adminaccess show ssh-keys

User "sysadmin" :

1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC67V1jgwpKJwLIdJ77iuaOSqmKFLmBvXaNcfGD2PUvloaPH6eoHJA8jbGtwLAqjXdlSxGJkh3sfyXszROtspJgGDnHC1M2xfzU6OWubyY37o0c2TdkshPDTtRIiC7pCVPDInKVx3RETRiEqrEIpQIfcPKJDwCvx65AFgS40z9nZSeqeh1ny5KtIXTO7gm6gdsPnLdLKLiYwkqlwlbesCPMEnfGLAZCvft6k331s9QM746zRIbTSb0bv1f60uqCD2HFinmrDGotS5NVDZJZPby6ckkvBuPbHDRXjnQyMk17m7zaEEgT2enlEwmlkmQtutM4Bei0jaR7YWUiS1jYEHQv walkerm@USCSWALKERML1C

But instead it looks something like this:

# adminaccess show ssh-keys

User "sysadmin" :

1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC67V1jgwpKJwLI

2 dJ77iuaOSqmKFLmBvXaNcfGD2PUvloaPH6eoHJA8jbGtwLAqjXdlSx

3 GJkh3sfyXszROtspJgGDnHC1M2xfzU6OWubyY37o0c2TdkshPDTtRIi

4 C7pCVPDInKVx3RETRiEqrEIpQIfcPKJDwCvx65AFgS40z9nZSeqeh1

5 ny5KtIXTO7gm6gdsPnLdLKLiYwkqlwlbesCPMEnfGLAZCvft6k331s9Q

6 M746zRIbTSb0bv1f60uqCD2HFinmrDGotS5NVDZJZPby6ckkvBuPbHD

7 RXjnQyMk17m7zaEEgT2enlEwmlkmQtutM4Bei0jaR7YWUiS1jYEHQv wergem@USCSWERGEML1C

Tags (1)
0 Kudos
5 Replies
Sacto_NSR_Guru
1 Nickel

Re: Data Domain adminaccess ssh

I've seen a similar issue and have used this syntax to import the keys with success:

ssh <dd_user>@<dd_host> adminaccess add ssh-keys  < ~/.ssh/id_ecdsa.pub

That should do the same as your cat pipe method but you might try it anyway. Also before you insert the new key delete the multi-line key that was inserted before.

One last thought is around how the current key file looks. If you edited it with a Windows box it may have some Windows style carriage returns in it that cause the Data Domain to break up the key. Make sure that it is in a Linux format and doesn't have any carriage returns in it.

Mike_pl
1 Nickel

Re: Data Domain adminaccess ssh

I actually used the append-from-the-end method first, before I had tried the cat-pipe method I posted above.  It had produced the same result.

The key files were generated on Linux, and never left the server.  I examined them in vi with ":set lines" and did not see and EOL's.

I asked the customer to forward me the pub key so that I can experiment with it on a lab DD.  I'l see what I can determine on Monday. 

0 Kudos
Mike_pl
1 Nickel

Re: Data Domain adminaccess ssh

The problem may be that is an SSH2 key pair.  Going to try an SSH1 key pair . . .

0 Kudos
Sacto_NSR_Guru
1 Nickel

Re: Data Domain adminaccess ssh

I have found that DCA encryption doesn't work anymore. I used ECDSA encryption and that is working. I'm not sure if this will affect importing the actual key though.

0 Kudos
Mike_pl
1 Nickel

Re: Data Domain adminaccess ssh

Not going to post a resolution for this one.  The key pairs were intended as an authentication mechanism for a Java executable.  Instead, we're just going to use Java to generate an encrypted binary to add to the config file.  Similar to /etc/passwd and /etc/shadow.

0 Kudos