Connectrix MDS: Como criar acesso sem senha do switch SAN para o servidor UNIX
Summary: O acesso sem senha do switch ao servidor UNIX pode ser obtido gerando um par de chaves pública/privada no switch MDS e adicionando a chave pública a um arquivo de authorized_keys de conta de usuário no servidor SSH. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
Configurando o par de chaves pública/privada para a conta de usuário no MDS
Etapa 1: no switch MDS 9000, crie o nome de usuário "test" com uma senha e a função network-admin. Crie o usuário e o usuário com função network-admin para que a geração do par de chaves funcione.
sw1# conf t Enter configuration commands, one per line. End with CNTL/Z. sw1(config)# username test password <password> role network-admin sw1(config)# cop run start [########################################] 100% sw1(config)#
Etapa 2: Faça SSH no switch a partir do host Linux com o nome de usuário criado na etapa anterior:
sj-lnx[]:~$ ssh testuser@A.X.Y.Z User Access Verification Password: Cisco Nexus Operating System (NX-OS) Software TAC support: http://www.cisco.com/tac Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained in this software are owned by other third parties and used and distributed under license. Certain components of this software are licensed under the GNU General Public License (GPL) version 2.0 or the GNU Lesser General Public License (LGPL) Version 2.1. A copy of each such license is available at http://www.opensource.org/licenses/gpl-2.0.php and http://www.opensource.org/licenses/lgpl-2.1.php sw1#
Passo 3:Gere o par de chaves para o teste do usuário usando RSA com um comprimento de 1024 bits
sw1# conf t Enter configuration commands, one per line. End with CNTL/Z. sw1(config)# username test keypair generate rsa 1024 generating rsa key(1024 bits)...... generated rsa key sw1(config)# show username test keypair ************************************** rsa Keys generated:<Date> ssh-rsa AAAA........................................................... ...........<truncated>......................................... bitcount:1024 fingerprint: .<truncated> ************************************** could not retrieve dsa key information ************************************** sw1(config)# cop run start [########################################] 100% sw1(config)#
Passo 4:Exporte o par de chaves para bootflash: forneça a Passphrase (Pode ser qualquer coisa, basta anotá-la em algum lugar.)
sw1(config)# username test keypair export bootflash:test_rsa rsa Enter Passphrase: sw1(config)# dir bootflash: 16384 Apr 15 15:21:31 lost+found/ 18693120 Apr 15 15:22:55 m9100-s3ek9-kickstart-mz.5.0.1a.bin 73579433 Apr 15 15:23:53 m9100-s3ek9-mz.5.0.1a.bin 5778 Apr 15 15:24:48 mts.log 951 Apr 16 15:07:01 test_rsa 219 Apr 16 15:07:02 test_rsa.pub Usage for bootflash://sup-local 143622144 bytes used 533487616 bytes free 677109760 bytes total sw1(config)#
Configurando o par de chaves pública/privada para a conta de usuário no host
LinuxPasso 1:Copie a chave pública RSA do usuário testuser do switch para o host Linux com o nome de usuário "test" já presente.
Observação: É preciso informar a senha para o teste de nome de usuário, que pode ou não ser igual à que foi criada anteriormente no switch.
Estas instruções usam um exemplo em que o caminho da conta de teste é /users/test. Dependendo da versão do Linux, esse caminho pode ser diferente.
sw1(config)# copy bootflash:testuser_rsa.pub scp://test@192.X.Y.Z/users/test/.ssh The authenticity of host 'A.X.Y.Z (A.X.Y.Z)' can't be established. RSA key fingerprint is .........<truncated>................. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'A.X.Y.Z' (RSA) to the list of known hosts. test@A.X.Y.Z's password: testuser_rsa.pub 100% 219 0.2KB/s 00:00 sw1(config)# dir bootflash: 16384 Apr 15 15:21:31 lost+found/ 18693120 Apr 15 15:22:55 m9100-s3ek9-kickstart-mz.5.0.1a.bin 73579433 Apr 15 15:23:53 m9100-s3ek9-mz.5.0.1a.bin 5778 Apr 15 15:24:48 mts.log 951 Apr 16 15:07:01 test_rsa 219 Apr 16 15:07:02 test_rsa.pub Usage for bootflash://sup-local 143622144 bytes used 533487616 bytes free 677109760 bytes total sw1(config)#
Passo 2 :No servidor Linux, você deve adicionar o conteúdo do arquivo test_rsa.pub ao arquivo authorized_keys (ou arquivo authorized_keys2, dependendo da sua versão do SSH):
sj-lnx[]:~/$ cd .ssh sj-lnx[]:~/.ssh$ chmod 644 authorized_keys2 sj-lnx[]:~/.ssh$ ls -lrt lrwxrwxrwx 1 test eng 16 Apr 7 authorized_keys -> authorized_keys2 -rw-r--r-- 1 test eng 1327 Apr 16 15:04 authorized_keys2 -rw-r--r-- 1 test eng 219 Apr 16 15:13 test_rsa.pub sj-lnx[94]:~/.ssh$ cat test_rsa.pub ssh-rsa ...................<truncated>................................ sj-lnx[]:~/.ssh$ cat test_ras.pub >> authorized_keys2 sj-lnx[]:~/.ssh$ cat authorized_keys2 ssh-rsa .........................<truncated>...........................
Teste o SCP do switch para o host Linux.
Teste o SCP do switch para o servidor Linux e verifique a cópia do switch para o servidor sem fornecer a senha. (Observe que "Nenhuma senha é solicitada...")
sw1(config)# dir bootflash: 16384 Apr 15 15:21:31 lost+found/ 18693120 Apr 15 15:22:55 m9100-s3ek9-kickstart-mz.5.0.1a.bin 73579433 Apr 15 15:23:53 m9100-s3ek9-mz.5.0.1a.bin 5778 Apr 15 15:24:48 mts.log 951 Apr 16 15:07:01 test_rsa 219 Apr 16 15:07:02 test_rsa.pub Usage for bootflash://sup-local 143622144 bytes used 533487616 bytes free 677109760 bytes total sw1(config)# copy bootflash:mts.log scp://test@A.X.Y.Z/users/test mts.log 100% 5778 5.6KB/s 00:00 sw1(config)#
Affected Products
Connectrix MDS-Series HardwareArticle Properties
Article Number: 000184888
Article Type: How To
Last Modified: 18 Jul 2025
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.