chnaskey

The chnaskey command provides an interface to set or reset the Secure Shell (SSH) private and public key credential pair used by communications between the Storwize® V7000 file modi and the control enclosure over the site 1 Gbps Ethernet LAN. This is required during the USB initialization of the system.

Syntax

Read syntax diagramSkip visual syntax diagram
>>- chnaskey -- --+- -pubkeyfile --filename--+-----------------><
                  +- ------------------------+   
                  +- -privkeyfile --filename-+   
                  +- ------------------------+   
                  '- -reset -----------------'   

Parameters

 -pubkeyfile filename |  -privkeyfile filename |  -reset 
During the Universal Serial Bus (USB) initialization of the SAN Volume Controller system, one of the node canisters in the control enclosure creates a public/private key pair to use for Secure Shell (SSH). The node canister stores the public key and writes the private key to the USB flash drive memory.

One of the file modules then takes the private key from the USB flash drive memory to use for SSH. The file module passes it to the other file module over the direct connect Ethernet link and then deletes the private key from the USB flash drive memory so that it cannot be used on the wrong system.

Note:
  • The pubkeyfile parameter must be an alphanumeric string up to 255 characters in length, and the file must be less then 2048 bytes.
  • The privkeyfile must be an alphanumeric string up to 251 characters in length.

pubkeyfile provides an existing public keyfile in use. This does not generate anything, but replaces the currently used public key with another public key. The private key file on the file modules is use it to generate the original public key file when it is set on the system.

privkeyfile generates the public and private key pair, and sets the public key on the system. It also provides the private key for installation on the file modules (in the /dumps directory or on the USB stick depending on what was used).

 -reset 
(Optional) Specifies that the public and private key pair should be cleared, and the system should be reset.

Description

It might be necessary to reset the Network Attached Storage (NAS) SSH key in the following circumstances:
  • When communications between the Storwize V7000 file module and the Storwize V7000 control enclosure is not authorized because of a bad key.
  • When both Storwize V7000 file modules have lost the original NAS SSH key.
  • When the Storwize V7000 control enclosure has lost the NAS SSH key.

Resetting the NAS SSH key

Reset the NAS SSH key so that communications between the file modules and the Storwize V7000 control enclosure resume:
  1. Log on to the Storwize V7000 control enclosure management command-line interface (CLI) as superuser:
    satask chnaskey -privkeyfile NAS.ppk

    The private key is left in the /dumps directory.

  2. Use SCP to copy the private key file to the Storwize V7000 file module : 
    scp -P 1602 /dumps/NAS.ppk root@<file module management IP>:/files

    You are prompted for the file module root password.

  3. Log on to the management Command-Line Interface (CLI) as admin:
    chstoragesystem --sonasprivkey/files
Parent topic: User management commands
Related reference:
chauthservice
chcurrentuser
chldap
chldapserver
chuser
chusergrp
lscurrentuser
lsldap
lsldapserver
lsuser
lsusergrp
mkldapserver
mkuser
mkusergrp
rmldapserver
rmuser
rmusergrp
testldapserver