Topic
7 replies Latest Post - ‏2011-05-21T05:25:14Z by SystemAdmin
djole_k
djole_k
41 Posts
ACCEPTED ANSWER

Pinned topic SVC V. 6 - Creating a user for CLI and GUI managment

‏2011-03-07T13:13:55Z |
Hi all,

are there some undocumented rules for the creation of a user which can be used for the CLI and the GUI?

I tried different ways and the only "good" combination of user and ssh-key was username "admin" and a key-pair called "icat". I tried to configure some users for a PoC, but no chance.

In the Information Center is described, that a user (local) can access the SVC via GUI, SSH or both. An example:

Customer wants a user for his UC4-Application. I called the Username "uc4-user", the password was "password" and I generated a ssh-key and named it "uc4" and "uc4.ppk". Uploading and creating the user was successfull. Logging into the GUI with the password, no problem. Starting putty, configuruing a session for the uc4-user, no problem. Trying to log into the SVC, big problem "SSH Key Refused". Trying the same procedure with the "admin" user and the key-pair called "icat" and "icat.ppk", success.

Has any one else the same problem?

Can somebody help me or tell me what's the problem?

Thank you!
Updated on 2011-05-21T05:25:14Z at 2011-05-21T05:25:14Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    4779 Posts
    ACCEPTED ANSWER

    Re: SVC V. 6 - Creating a user for CLI and GUI managment

    ‏2011-03-07T13:59:36Z  in response to djole_k
    Hi,

    The key to this is that the SSH username always needs to be "admin" no matter what the user name is in the SVC. The specific SSH key you use to login is then used to lookup which SVC user you are.

    Cheers

    Andrew
    • djole_k
      djole_k
      41 Posts
      ACCEPTED ANSWER

      Re: SVC V. 6 - Creating a user for CLI and GUI managment

      ‏2011-03-07T15:21:28Z  in response to SystemAdmin
      I agree, but that's what I tried:

      1. username "admin", group "Administrator", password "password", ssh public key "icat", ssh private key "icat.ppk"

      2. username "secondadmin, group "Administrator", password "password", ssh public key "secondadmin", ssh private key "secondadmin.ppk"

      Number 1 no Problems

      Number 2 at ssh login: "SSH Key refused"

      There was no problem creating the user, no error message and or anything else. The both key-pairs were createt new with the same parameters in "puttygen"
      • DMB_CA
        DMB_CA
        29 Posts
        ACCEPTED ANSWER

        Re: SVC V. 6 - Creating a user for CLI and GUI managment

        ‏2011-03-07T18:27:48Z  in response to djole_k
        At the SSH prompt, you still have to log in as "admin", even with the secondadmin userid.

        Basically, at the SSH level, you are adding an additional key under the "admin" account on the SVC cluster. You're just giving it another username in the SVC software. The username you create in the GUI is not an SVC operating system userid. That will always be "admin".

        Bottom line, you have to use "admin" to log into the cluster via SSH.

        Hope that makes sense.

        --db
        • djole_k
          djole_k
          41 Posts
          ACCEPTED ANSWER

          Re: SVC V. 6 - Creating a user for CLI and GUI managment

          ‏2011-03-08T09:16:48Z  in response to DMB_CA
          Thanks, it works!

          For my understandig its makes no sense, but it works.

          So the default and ONLY CLI-username is admin. Your rights ar defined and bound to the ssh-key pair, not to a user-name.

          And the GUI works with the defined username and password.

          Its confusing and sounds more like a work-around, but it works.

          Thanks again!
          • DMB_CA
            DMB_CA
            29 Posts
            ACCEPTED ANSWER

            Re: SVC V. 6 - Creating a user for CLI and GUI managment

            ‏2011-03-08T15:56:22Z  in response to djole_k
            Yeah, it took me a while to wrap my head around the process.

            Once I figured out that the CLI/SSH is authenticating against the operating system and the GUI authenticates against the SVC software running on top of the operating system, it started to make more sense to me.

            --db
            • jtyberg
              jtyberg
              1 Post
              ACCEPTED ANSWER

              Re: SVC V. 6 - Creating a user for CLI and GUI managment

              ‏2011-05-21T00:09:18Z  in response to DMB_CA
              This solved my problem.

              I could not login to a Storwize V7000 using ssh, even after setting up the CLI environment by following the procedure (for Linux and UNIX) in the SVC & V7000 CLI User's Guide,

              http://www-01.ibm.com/support/docview.wss?uid=ssg1S7003572

              The procedure says to upload the public key to the user account, then ssh using the account userid:

              $ ssh myuser@v7000cluster
              Permission denied (publickey)

              which does not work. But this does work:

              $ ssh admin@v7000cluster
              IBM_2076:v7000cluster:admin>
              • SystemAdmin
                SystemAdmin
                4779 Posts
                ACCEPTED ANSWER

                Re: SVC V. 6 - Creating a user for CLI and GUI managment

                ‏2011-05-21T05:25:14Z  in response to jtyberg
                Some good news is that v6.2 of the SVC/V7000 code will change this behaviour.
                Read more here:

                https://aussiestorageblog.wordpress.com/2011/05/12/gui-vs-cli-sharing-the-love/

                The relevant part:

                "This weeks announcement of release 6.2 of the SVC and Storwize V7000 firmware, has brought in two more important usability improvements:

                Now when logging onto the CLI using individual user-ids, you can logon using the actual user-id itself, rather than admin. This change has been a long time coming and removes the confusion generated by logging onto the GUI as say anthony, but then logging into a matching CLI session as admin. Now you would logon to either interface as anthony."

                Regards, Anthony https://aussiestorageblog.wordpress.com/