Connectrix MDS: How to create passwordless access from SAN switch to UNIX server

Summary: Passwordless access from the switch to the UNIX server can be obtained by generating a public/private keypair on the MDS switch and adding the public key to a user account authorized_keys file on the SSH server. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

Setting up the public/private key pair for the user account on the MDS

Step 1:From MDS 9000 switch, create the username "test" with a password and role as network-admin. Create the user and network-admin role user for keypair generation to work.
 

sw1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
sw1(config)# username test password <password> role network-admin
sw1(config)# cop run start
[########################################] 100%
sw1(config)#



Step 2: SSH into the switch from the Linux host with the username created in the previous step:
 

sj-lnx[]:~$ ssh testuser@A.X.Y.Z
User Access Verification
Password:
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
sw1#



Step3:Generate the keypair for user test using RSA with a length of 1024 bits
 

sw1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
sw1(config)# username test keypair generate rsa 1024
generating rsa key(1024 bits)......
generated rsa key
sw1(config)# show username test keypair
**************************************

rsa Keys generated:<Date>
ssh-rsa AAAA...........................................................
...........<truncated>.........................................
bitcount:1024
fingerprint:
.<truncated>
**************************************
could not retrieve dsa key information
**************************************
sw1(config)# cop run start
[########################################] 100%
sw1(config)#



Step 4:Export the keypair to bootflash: provide the Passphrase (It can be anything, just make a note of it somewhere.)
 

sw1(config)# username test keypair export bootflash:test_rsa rsa
Enter Passphrase:
sw1(config)# dir bootflash:
16384 Apr 15 15:21:31  lost+found/
18693120 Apr 15 15:22:55  m9100-s3ek9-kickstart-mz.5.0.1a.bin
73579433 Apr 15 15:23:53  m9100-s3ek9-mz.5.0.1a.bin
5778 Apr 15 15:24:48  mts.log
951 Apr 16 15:07:01  test_rsa
219 Apr 16 15:07:02  test_rsa.pub
Usage for bootflash://sup-local
143622144 bytes used
533487616 bytes free
677109760 bytes total
sw1(config)#


Setting up the public/private key pair for the user account on the Linux host

Step 1:Copy the RSA public key for user testuser from the switch onto the Linux host with username "test" already present.

Note: One must provide the password for the username test which may or may not be the same as what was previously created on the switch.

These instructions use an example where the test account path is /users/test. Depending on the  Linux version this path may be different.
 

sw1(config)# copy bootflash:testuser_rsa.pub scp://test@192.X.Y.Z/users/test/.ssh
The authenticity of host 'A.X.Y.Z (A.X.Y.Z)' can't be established.
RSA key fingerprint is .........<truncated>.................
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'A.X.Y.Z' (RSA) to the list of known hosts.


test@A.X.Y.Z's password:
testuser_rsa.pub 100% 219 0.2KB/s 00:00

sw1(config)# dir bootflash:
16384 Apr 15 15:21:31  lost+found/
18693120 Apr 15 15:22:55 m9100-s3ek9-kickstart-mz.5.0.1a.bin
73579433 Apr 15 15:23:53  m9100-s3ek9-mz.5.0.1a.bin
5778 Apr 15 15:24:48  mts.log
951 Apr 16 15:07:01 test_rsa
219 Apr 16 15:07:02  test_rsa.pub

Usage for bootflash://sup-local
143622144 bytes used
533487616 bytes free
677109760 bytes total

sw1(config)#



Step 2 :On the Linux server you must add the contents of the test_rsa.pub file to the authorized_keys file (or authorized_keys2 file depending on your version of SSH):
 

sj-lnx[]:~/$ cd .ssh
sj-lnx[]:~/.ssh$ chmod 644 authorized_keys2
sj-lnx[]:~/.ssh$ ls -lrt

lrwxrwxrwx 1 test eng 16 Apr 7  authorized_keys -> authorized_keys2
-rw-r--r-- 1 test eng 1327 Apr 16 15:04 authorized_keys2
-rw-r--r-- 1 test eng 219 Apr 16 15:13 test_rsa.pub

sj-lnx[94]:~/.ssh$ cat test_rsa.pub

ssh-rsa
...................<truncated>................................

sj-lnx[]:~/.ssh$ cat test_ras.pub >> authorized_keys2
sj-lnx[]:~/.ssh$ cat authorized_keys2
ssh-rsa
.........................<truncated>...........................




Test SCP from the switch to the Linux host.

Test SCP from the switch to Linux server and verify the copy from switch to the server without providing the password. (Note that "No password is prompted for…”)
 

sw1(config)# dir bootflash:
16384 Apr 15 15:21:31  lost+found/
18693120 Apr 15 15:22:55  m9100-s3ek9-kickstart-mz.5.0.1a.bin
73579433 Apr 15 15:23:53  m9100-s3ek9-mz.5.0.1a.bin
5778 Apr 15 15:24:48  mts.log
951 Apr 16 15:07:01  test_rsa
219 Apr 16 15:07:02  test_rsa.pub

Usage for bootflash://sup-local
143622144 bytes used
533487616 bytes free
677109760 bytes total

sw1(config)# copy bootflash:mts.log scp://test@A.X.Y.Z/users/test


mts.log 100% 5778 5.6KB/s 00:00
sw1(config)#

Affected Products

Connectrix MDS-Series Hardware
Article Properties
Article Number: 000184888
Article Type: How To
Last Modified: 18 Jul 2025
Version:  2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.