Updating SSH Keys for User omm
Scenario
During cluster installation, the system automatically generates the SSH public key and private key for user omm to establish the trust relationship between nodes. After the cluster is installed, if the original keys are accidentally disclosed or new keys are used, the system administrator can perform the following operations to manually change the keys.
Prerequisites
- The cluster has been stopped.
- No other management operations are being performed.
Procedure
- Log in as user omm to the node whose SSH keys need to be replaced.
If the node is a Manager management node, run the following command on the active management node.
- Run the following command to disable logout upon timeout:
TMOUT=0
After the operations in this section are complete, run the TMOUT=Timeout interval command to restore the timeout interval in a timely manner. For example, TMOUT=600 indicates that a user is logged out if the user does not perform any operation within 600 seconds.
- Run the following command to generate a key for the node:
- If the node is a Manager management node, run the following command:
- If the node is a non-Manager management node, run the following command:
If "Succeed to update ssh private key." is displayed when the preceding command is executed, the SSH key is generated successfully.
- Run the following command to transfer the node's public key to the primary management node. Note that this step is necessary even if the current node is the primary management node.
scp ${HOME}/.ssh/id_rsa.pub oms_ip:${HOME}/.ssh/id_rsa.pub_bak
oms_ip: indicates the IP address of the active management node.
Enter the password of user omm to copy the files.
- Log in to the active management node as user omm.
- Run the following command to disable logout on system timeout:
TMOUT=0
- Run the following command to go to the related directory:
cd ${HOME}/.ssh
- Run the following command to add new public keys:
cat id_rsa.pub_bak >> authorized_keys
- Run the following command to move the temporary public key file, for example, /tmp.
mv -f id_rsa.pub_bak /tmp
- Copy the authorized_keys file of the active management node to the other nodes in the cluster:
scp authorized_keys node_ip:/${HOME}/.ssh/authorized_keys
node_ip: indicates the IP address of another node in the cluster. Multiple IP addresses are not supported.
- Run the following command to confirm private key replacement without entering the password:
ssh node_ip
node_ip: indicates the IP address of another node in the cluster. Multiple IP addresses are not supported.
- Log in to FusionInsight Manager and click Start in the upper right corner of Homepage to start the cluster.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot