Configure SSH Key Authentication on Dell Isilon / PowerScale OneFS

What This Guide Covers

This guide explains how to enable SSH key–based authentication on a Dell Isilon (PowerScale) cluster running OneFS, including requirements for domain (Active Directory) accounts.

Quick Fix Summary

• Create an SSH key pair and place the public key in the user’s authorized_keys file.
• Ensure the user’s role in OneFS includes the SSH privilege. Domain accounts must be assigned to a role with SSH access.

---

Overview

SSH key authentication provides password‑less access to a Dell Isilon/PowerScale cluster. While local users can typically use SSH keys immediately after placing their public key in the correct directory, domain accounts require proper role-based access configuration within OneFS to enable SSH login via keys.

---

Error Indicators

Users may encounter issues such as:

• Ability to log in with a password but not with SSH keys.
• SSH key not being recognized for domain (Active Directory) accounts.

---

Possible Causes

• The target OneFS user account lacks the SSH privilege within its assigned role.
• The public key is not placed in the correct path under the user’s home directory.
• Domain accounts require RBAC configuration to enable SSH access.

---

Troubleshooting Steps

1. Confirm the User Has SSH Privileges (Required for Domain Accounts)

Domain accounts must belong to an RBAC role that includes the SSH privilege.
OneFS allows assigning AD users or AD groups to roles with SSH access.

Steps:

1. Log in to the OneFS WebUI.
2. Navigate to Access > Roles.
3. Select an existing role that includes the SSH privilege, or create a new one.
4. Add the domain account or its AD security group to that role.

---

2. Add the Public Key to the User’s authorized_keys File

Local and domain users require an authorized_keys file to enable key‑based SSH login.

Steps:

1. Generate an SSH key pair if you haven’t already.
2. Place the public key in: /ifs/home/ /.ssh/authorized_keys
3. Ensure correct permissions: chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
4. Test SSH login: ssh @

---

3. Verify the User’s Home Directory Exists

Ensure the OneFS environment has a valid home directory configured for the user, especially for AD accounts. Incorrect home directory paths can prevent successful key authentication.

---

4. Review OneFS Authentication Behavior for Domain Users

OneFS uses AD to authenticate domain accounts and applies RBAC roles to determine access levels. SSH access requires the correct role privileges. This behavior is consistent with OneFS identity and authorization design.

---

Additional Notes

• SSH access is not automatically enabled for domain users unless RBAC roles explicitly allow it.
• Use caution when modifying role privileges—grant only the minimum access required.
• For general guidance on SSH connections, refer to OneFS SSH documentation.
• Related discussion: Adding SSH key to Isilon (Dell Community).

---

References

• Dell Community Set up SSH Key authentication on Isilon Cluster
• Dell PowerScale OneFS Authentication & Authorization White Paper
• OneFS SSH Access Documentation (Isilon 7.1 Admin Guide)
• Dell Community: Adding SSH Key to Isilon

---

Affected Systems

• Dell Isilon / Dell PowerScale clusters
• OneFS versions referenced in discussions:
  • OneFS 7.2 (original user scenario)
  • OneFS 8.0.1.x (UI example referenced)