Avamar: 7.3 SUDO & SSH Security Settings

Summary: In Avamar 7.3 user DPN has been removed. We now have the 'rootid' which will need to be loaded.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

What's NEW in 7.3:
  • Restrict sudo command list
  • De-authorize "dpnid" ssh key
  • De-authorize dpn user from login
  • Create new ssh keys for root and admin (rootid & admin_key)
  • Authorize admin key only for admin account


Additional Information

Restrict SUDO Command list:
  • There is an approved 'sudo' list of commands for Avamar operation and maintenance.
  • No shell execution allowed (no "sudo bash")
NEW SSH Key - "rootid"
  • Password-less login within Avamar server for maintenance
  • Can only be used by root user
  • Can be used for access to root and admin accounts
    • Authorized in
      • ~root/.ssh/authorized_keys
      • ~admin/.ssh/authorized_keys
NEW SSH Key - "admin_key"
  • Password-less login within Avamar server for maintenance
  • Can be used by root and admin users
  • Can be used for access to admin account
    • Authorized in ~admin/.ssh/authorized_keys
DE-Authorized "DPNID" SSH KEY
  • SSH KEY "dpnid" is retained but is de-authorized after Avamar 7.3 installation or upgrade is complete
  • "dpnid" can still be used with new replacement or kick-started nodes until the new node is part of the grid
  • Deprecate .ssh/authorized_keys2 (use .ssh/authorized_keys)
  • Disable dpn user from login (no shell)
    • Changes to utilities 'asktime' and 'change_passwords'


Affected Products

Avamar Server

Products

Avamar Server
Article Properties
Article Number: 000019946
Article Type: How To
Last Modified: 24 Sep 2024
Version:  3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.