Symptoms
- The Unity system was upgraded from OE 4.5 to 5.0.
- Due to security policy, only HMAC SHA2 is allowed on Linux client side.
Storage administrator configured a password-less SSH login (SSH public key file login) from their Linux client (RHEL7) to Unity management interface, which worked fine before. After upgrade of Unity from OE 4.5 to 5.0, it does not work.
Cause
- The extra ACL that was added in 5.0 to /cores/service as part of the change of user that ECOM service is running under, is the cause of this issue. In 4.5, ECOM was running as root, and in 5.0, it was changed to a new user ECOM. ACLs were added for user ECOM to /cores/service. This extra ACL causes SSH to fail passwordless login.
- The issue caused because Unity does not enable hmac-sha2 by default. Unity would restrict SSH to SHA2 HMACs only in next release (5.1).
Resolution
Contact Dell EMC Technical Support or your Authorized Service Representative, and quote this Knowledgebase article ID.