This method uses private/public key pairs to allow remote login without entering a password. The private key is generated on the client and the public key will be stored on the Data Domain. Login from the client to the Data Domain is authenticated using the private key.
Use Case: Client side scripting. I would like to check capacity space by script daily on the Data Domain and write the output to a file.
SETUP----
Client name and version: Linux (CentOS), linuxsrv1
Data Domain name and version: DDOS 5.7, dd3
Create private/public key pair on the client
[root@linuxsrv1 ~]# ssh-keygen -t dsaGenerating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa): press enter
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
Enter passphrase (empty for no passphrase): press enter
Enter same passphrase again: press enter
Your identification has been saved in /root/.ssh/id_dsa.
OUTPUT OMITTED
Note. Pressing enter above stores the private key unencrypted on the local filesystem
[root@linuxsrv1 ~]# ls .ssh
id_dsa id_dsa.pub id_rsa id_rsa.pub known_hosts
Display the public key. Copy the public key and you will paste it into the Data Domain
[root@linuxsrv1 ~]# cat .ssh/id_dsa.pub
OUTPUT OMITTED
Add public key to the Data Domain
From your client, SSH into the Data Domain, enter your password, accept the connecting question. Paste the public key and make sure there are no spaces (starting with ssh-dss)sysadmin@dd3# adminaccess add ssh-keys
Enter the key and then press Control-D, or press Control-C to cancel.
OUTPUT OMITTED
SSH key accepted.
Once added you can verify by showing the key with this command
sysadmin@dd3# adminaccess show ssh-keys
OUTPUT OMITTED
sysadmin@dd3# exit
Verify no password login
From Client, verify that the login requires no password[root@linuxsrv1 ~]# ssh sysadmin@dd3.payneb.com
Data Domain OS
Last login: Tue Jul 26 09:08:19 CDT 2016 from linuxsrv1.payneb.com on pts/1
Welcome to Data Domain OS 5.7.0.10-518172
-----------------------------------------
sysadmin@dd3#
From my Linux client I am now able to run DDOS commands and schedule them via cron without a password.
[root@linuxsrv1 ~]# ssh sysadmin@dd3.payneb.com 'filesys show space'
Data Domain OS
Active Tier:
Resource Size GiB Used GiB Avail GiB Use%
Cleanable GiB*
---------------- -------- --------- --------- ---- --------------
/data: pre-comp - 1369449.4 - - -
/data: post-comp 173224.4 98201.9 75022.5 57% 6753.2
/ddvar 29.5 5.9 22.1 21% -
/ddvar/core 31.5 0.2 29.7 1%
-
---------------- -------- --------- --------- ---- ------
-------
* Estimated based on last cleaning of 2016/07/22 20:12:45.