Dell EMC Unity: How to enable SFTP passwordless login for the Multi-protocol SMB account (Customer Correctable)

Summary: There is the KB 000021201 for the general SFTP passwprdless login (https://www.dell.com/support/kbdoc/en-us/000021201). The example in the KB 000021201 is not for the SMB account. The current KB provides another exmaple for the SMB account. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

1. Enable and configure the home directory for the SMB account. 

There are kinds of methods to configure the home directory. 
In this exampe, the setting is configured in the homedir file as following
cat homedir
# The homedir file contains an entry for each local user and uses the following format:
#   <domain>:<username>:</path>[:regex][:create][:ro][:<umask>][:<restrictedToOwner>]
# where:
# - <domain> = Windows domain name (must be the NetBIOS name not the FQDN), or the '!' keyword for unix users or '*' for any users.
#   Rule with '*' is the last rule that matched for a user that is used.
# - <username> = user’s Windows username.
# - </path> = UNIX path of the parent home directory, related to the NAS server.
# - create = target directory will be created if it does not already exist.
# - regex = domain and/or username are regular expressions.
#   If regexp is specified, <d> and <u> could be added in homedir paths to dynamically defined them relatively to account domain and/or name.
#   <d> and <u> will be expanded by account domain and name.
#   If nothing is specified, a directory corresponding to the account name will be added at the end of the specified path for the user home directory
# - ro = read-only file access (the default is read/write).
# - <umask> = user file-creation <mask> for the umask allowing NFS permissions to be determined for the share.
# - restrictedToOwner = sets an ACL User Full Control on each homedir created using the rule.
#
# Examples:
#   mydomain:*:/fs2/<d>/<u>:regex:create
#   mydomain:usr1:/fs1/usr1
#   !:tom:/fs1/tom
peeps:*:/smbsftp/home/<d>/<u>:regex:create     // When the domain user login the "home" share, the user's home directory would be created automatically.
 

2. Generate key pairs on the SFTP client.

3. Rename the id_rsa.pub to authorized_keys.

The above 2 steps are as same as the KB 000021201. Then details will be skiped here.

--------------------------------------

4. Login the SFTP server by SMB domain account. Create ".ssh" in home directory. Upload the authorized_keys file.

[sftpts@RHEL7 .ssh]$ sftp "peeps\user3@5.6.7.132"
peeps\user3@5.6.7.132's password:
Connected to 5.6.7.132.
sftp> pwd
Remote working directory: /smbsftp/home/peeps/user3
sftp> ls -al
d---rwxrwx   2 0          1                     152 Nov  1 07:37 .
drwxr-xr-x   5 0          1                     152 Nov  1 07:37 ..
sftp> mkdir .ssh
sftp> ls -al
d---rwxrwx   3 0          1                     152 Nov  1 07:39 .
drwxr-xr-x   5 0          1                     152 Nov  1 07:37 ..
drwxrwxrwx   2 2147483657 2147483657            152 Nov  1 07:39 .ssh
sftp> cd .ssh
sftp> ls -al
drwxrwxrwx   2 2147483657 2147483657            152 Nov  1 07:39 .
d---rwxrwx   3 0          1                     152 Nov  1 07:39 ..
sftp> put authorized_keys
Uploading authorized_keys to /smbsftp/home/peeps/user3/.ssh/authorized_keys
authorized_keys                                                                                100%  398     0.4KB/s   00:00
sftp>
sftp> ls -al
drwxrwxrwx   2 2147483657 2147483657            152 Nov  1 07:39 .
d---rwxrwx   3 0          1                     152 Nov  1 07:39 ..
-rw-r--r--   1 2147483657 2147483657            398 Nov  1 07:39 authorized_keys
sftp>

5. Change the permission bit to 755 for "authorized_keys" and ".ssh".

sftp> chmod 755 authorized_keys
Changing mode on /smbsftp/home/peeps/user3/.ssh/authorized_keys
sftp>
sftp> ls -al
drwxrwxrwx   2 2147483657 2147483657            152 Nov  1 07:39 .
d---rwxrwx   3 0          1                     152 Nov  1 07:39 ..
-rwxr-xr-x   1 2147483657 2147483657            398 Nov  1 07:39 authorized_keys
sftp>
sftp> cd ..
sftp> ls -al
d---rwxrwx   3 0          1                     152 Nov  1 07:39 .
drwxr-xr-x   5 0          1                     152 Nov  1 07:37 ..
drwxrwxrwx   2 2147483657 2147483657            152 Nov  1 07:39 .ssh
sftp> chmod 755 .ssh
Changing mode on /smbsftp/home/peeps/user3/.ssh
sftp>
sftp> ls -al
d---rwxrwx   3 0          1                     152 Nov  1 07:39 .
drwxr-xr-x   5 0          1                     152 Nov  1 07:37 ..
drwxr-xr-x   2 2147483657 2147483657            152 Nov  1 07:39 .ssh
sftp>
sftp> pwd
Remote working directory: /smbsftp/home/peeps/user3
sftp>

6. Verify the passwordless login but it would be failed.

sftp> exit
[sftpts@RHEL7 .ssh]$ sftp "peeps\user3@5.6.7.132"
peeps\user3@5.6.7.132's password:
Connected to 5.6.7.132.
sftp>
sftp> ls -al
d---rwxrwx   3 0          1                     152 Nov  1 07:39 .
drwxr-xr-x   5 0          1                     152 Nov  1 07:37 ..
drwxr-xr-x   2 2147483657 2147483657            152 Nov  1 07:39 .ssh

7. Need Change the permission bit to 755 for user's home directory.

sftp> 
sftp> chmod 755 .
Changing mode on /smbsftp/home/peeps/user3/.
sftp>
sftp> ls -al
drwxr-xr-x   3 0          1                     152 Nov  1 07:39 .
drwxr-xr-x   5 0          1                     152 Nov  1 07:37 ..
drwxr-xr-x   2 2147483657 2147483657            152 Nov  1 07:39 .ssh
sftp>

8. Verify the passwordless login again, then it works.

sftp> exit
[sftpts@RHEL7 .ssh]$ sftp "peeps\user3@5.6.7.132"
Connected to 5.6.7.132.
sftp> ls -al
drwxr-xr-x   3 0          1                     152 Nov  1 07:39 .
drwxr-xr-x   5 0          1                     152 Nov  1 07:37 ..
drwxr-xr-x   2 2147483657 2147483657            152 Nov  1 07:39 .ssh
sftp> pwd
Remote working directory: /smbsftp/home/peeps/user3
sftp>

Notes:
The above example is based on the automatic mapping for the account peeps\user3.
semap is as following:
User        2147483657  secmap     Tue Nov  1 07:37:52 2022   PEEPS\user3                S-1-5-15-13a441e3-8c2bf4bb-28a0a9b-1bcb

Additional Information

Here are the examples for other kinds of the user mapping.

SECMAP MAPPING TABLE

Type        UID/GID     Origin     Date of creation           Name                       SID
User        2000        etc        Tue Nov  1 05:55:20 2022   PEEPS\sftpts               S-1-5-15-13a441e3-8c2bf4bb-28a0a9b-1bc0
User        2001        etc        Tue Nov  1 05:52:24 2022   PEEPS\sftpts1              S-1-5-15-13a441e3-8c2bf4bb-28a0a9b-1bc5
User        2002        etc        Tue Nov  1 05:52:24 2022   PEEPS\sftpts2              S-1-5-15-13a441e3-8c2bf4bb-28a0a9b-1bc6
User        2000        ntxmap     Tue Nov  1 06:06:18 2022   peeps\sftpts3              S-1-5-15-13a441e3-8c2bf4bb-28a0a9b-1bc7
User        2000        ntxmap     Tue Nov  1 07:36:55 2022   PEEPS\Administrator        S-1-5-15-13a441e3-8c2bf4bb-28a0a9b-1f4

[sftpts@RHEL7 .ssh]$ sftp "peeps\administrator@5.6.7.132"
Connected to 5.6.7.132.
sftp> pwd
Remote working directory: /smbsftp/home/sftpts
sftp> ls -al
drwxr-xr-x   4 0          0                     152 Nov  1 06:15 .
drwxr-xr-x   7 0          0                     152 Nov  1 06:40 ..
drwxr-xr-x   2 0          0                     152 Nov  1 04:20 .ssh
drwxrwxrwx   2 sftpts     2000                  152 Nov  1 06:15 test
sftp> exit

[sftpts@RHEL7 .ssh]$ sftp "peeps\sftpts@5.6.7.132"
Connected to 5.6.7.132.
sftp> pwd
Remote working directory: /smbsftp/home/sftpts
sftp> ls -al
drwxr-xr-x   4 0          0                     152 Nov  1 06:15 .
drwxr-xr-x   7 0          0                     152 Nov  1 06:40 ..
drwxr-xr-x   2 0          0                     152 Nov  1 04:20 .ssh
drwxrwxrwx   2 sftpts     2000                  152 Nov  1 06:15 test
sftp> exit

[sftpts@RHEL7 .ssh]$ sftp "peeps\sftpts1@5.6.7.132"
Connected to 5.6.7.132.
sftp> pwd
Remote working directory: /smbsftp/home/sftpts1
sftp> ls -al
drwxr-xr-x   3 0          0                     152 Nov  1 08:56 .
drwxr-xr-x   7 0          0                     152 Nov  1 06:40 ..
drwxr-xr-x   2 0          0                     152 Nov  1 08:56 .ssh
sftp> exit

[sftpts@RHEL7 .ssh]$ sftp "peeps\sftpts2@5.6.7.132"
Connected to 5.6.7.132.
sftp> pwd
Remote working directory: /smbsftp/home/sftpts2
sftp> ls -al
drwxr-xr-x   3 0          0                     152 Nov  1 04:06 .
drwxr-xr-x   7 0          0                     152 Nov  1 06:40 ..
drwxr-xr-x   2 0          0                     152 Nov  1 04:08 .ssh
sftp> exit

[sftpts@RHEL7 .ssh]$ sftp "peeps\sftpts3@5.6.7.132"
Connected to 5.6.7.132.
sftp> pwd
Remote working directory: /smbsftp/home/sftpts3
sftp> ls -al
drwxr-xr-x   3 0          0                     152 Nov  1 03:38 .
drwxr-xr-x   7 0          0                     152 Nov  1 06:40 ..
drwxr-xr-x   2 0          0                     152 Nov  1 03:40 .ssh
sftp> exit

The related local files setting are as follow:
passwd:
sftpts::2000:2000:::
sftpts1::2001:2001:::
sftpts2::2002:2002:::

homedir:
peeps:administrator:/smbsftp/home/sftpts
peeps:sftpts3:/smbsftp/home/sftpts3
peeps:sftpts2:/smbsftp/home/sftpts2
peeps:sftpts1:/smbsftp/home/sftpts1
peeps:sftpts:/smbsftp/home/sftpts

ntxmap.conf
peeps:sftpts3:>:sftpts
peeps:administrator:>:sftpts

Affected Products

Dell EMC Unity
Article Properties
Article Number: 000204879
Article Type: How To
Last Modified: 18 Apr 2023
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.