Topic
  • 7 replies
  • Latest Post - ‏2011-05-21T05:25:14Z by SystemAdmin
djole_k
djole_k
41 Posts

Pinned topic SVC V. 6 - Creating a user for CLI and GUI managment

‏2011-03-07T13:13:55Z |
Hi all,

are there some undocumented rules for the creation of a user which can be used for the CLI and the GUI?

I tried different ways and the only "good" combination of user and ssh-key was username "admin" and a key-pair called "icat". I tried to configure some users for a PoC, but no chance.

In the Information Center is described, that a user (local) can access the SVC via GUI, SSH or both. An example:

Customer wants a user for his UC4-Application. I called the Username "uc4-user", the password was "password" and I generated a ssh-key and named it "uc4" and "uc4.ppk". Uploading and creating the user was successfull. Logging into the GUI with the password, no problem. Starting putty, configuruing a session for the uc4-user, no problem. Trying to log into the SVC, big problem "SSH Key Refused". Trying the same procedure with the "admin" user and the key-pair called "icat" and "icat.ppk", success.

Has any one else the same problem?

Can somebody help me or tell me what's the problem?

Thank you!
Updated on 2011-05-21T05:25:14Z at 2011-05-21T05:25:14Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    4779 Posts

    Re: SVC V. 6 - Creating a user for CLI and GUI managment

    ‏2011-03-07T13:59:36Z  
    Hi,

    The key to this is that the SSH username always needs to be "admin" no matter what the user name is in the SVC. The specific SSH key you use to login is then used to lookup which SVC user you are.

    Cheers

    Andrew
  • djole_k
    djole_k
    41 Posts

    Re: SVC V. 6 - Creating a user for CLI and GUI managment

    ‏2011-03-07T15:21:28Z  
    Hi,

    The key to this is that the SSH username always needs to be "admin" no matter what the user name is in the SVC. The specific SSH key you use to login is then used to lookup which SVC user you are.

    Cheers

    Andrew
    I agree, but that's what I tried:

    1. username "admin", group "Administrator", password "password", ssh public key "icat", ssh private key "icat.ppk"

    2. username "secondadmin, group "Administrator", password "password", ssh public key "secondadmin", ssh private key "secondadmin.ppk"

    Number 1 no Problems

    Number 2 at ssh login: "SSH Key refused"

    There was no problem creating the user, no error message and or anything else. The both key-pairs were createt new with the same parameters in "puttygen"
  • DMB_CA
    DMB_CA
    29 Posts

    Re: SVC V. 6 - Creating a user for CLI and GUI managment

    ‏2011-03-07T18:27:48Z  
    • djole_k
    • ‏2011-03-07T15:21:28Z
    I agree, but that's what I tried:

    1. username "admin", group "Administrator", password "password", ssh public key "icat", ssh private key "icat.ppk"

    2. username "secondadmin, group "Administrator", password "password", ssh public key "secondadmin", ssh private key "secondadmin.ppk"

    Number 1 no Problems

    Number 2 at ssh login: "SSH Key refused"

    There was no problem creating the user, no error message and or anything else. The both key-pairs were createt new with the same parameters in "puttygen"
    At the SSH prompt, you still have to log in as "admin", even with the secondadmin userid.

    Basically, at the SSH level, you are adding an additional key under the "admin" account on the SVC cluster. You're just giving it another username in the SVC software. The username you create in the GUI is not an SVC operating system userid. That will always be "admin".

    Bottom line, you have to use "admin" to log into the cluster via SSH.

    Hope that makes sense.

    --db
  • djole_k
    djole_k
    41 Posts

    Re: SVC V. 6 - Creating a user for CLI and GUI managment

    ‏2011-03-08T09:16:48Z  
    • DMB_CA
    • ‏2011-03-07T18:27:48Z
    At the SSH prompt, you still have to log in as "admin", even with the secondadmin userid.

    Basically, at the SSH level, you are adding an additional key under the "admin" account on the SVC cluster. You're just giving it another username in the SVC software. The username you create in the GUI is not an SVC operating system userid. That will always be "admin".

    Bottom line, you have to use "admin" to log into the cluster via SSH.

    Hope that makes sense.

    --db
    Thanks, it works!

    For my understandig its makes no sense, but it works.

    So the default and ONLY CLI-username is admin. Your rights ar defined and bound to the ssh-key pair, not to a user-name.

    And the GUI works with the defined username and password.

    Its confusing and sounds more like a work-around, but it works.

    Thanks again!
  • DMB_CA
    DMB_CA
    29 Posts

    Re: SVC V. 6 - Creating a user for CLI and GUI managment

    ‏2011-03-08T15:56:22Z  
    • djole_k
    • ‏2011-03-08T09:16:48Z
    Thanks, it works!

    For my understandig its makes no sense, but it works.

    So the default and ONLY CLI-username is admin. Your rights ar defined and bound to the ssh-key pair, not to a user-name.

    And the GUI works with the defined username and password.

    Its confusing and sounds more like a work-around, but it works.

    Thanks again!
    Yeah, it took me a while to wrap my head around the process.

    Once I figured out that the CLI/SSH is authenticating against the operating system and the GUI authenticates against the SVC software running on top of the operating system, it started to make more sense to me.

    --db
  • jtyberg
    jtyberg
    1 Post

    Re: SVC V. 6 - Creating a user for CLI and GUI managment

    ‏2011-05-21T00:09:18Z  
    • DMB_CA
    • ‏2011-03-08T15:56:22Z
    Yeah, it took me a while to wrap my head around the process.

    Once I figured out that the CLI/SSH is authenticating against the operating system and the GUI authenticates against the SVC software running on top of the operating system, it started to make more sense to me.

    --db
    This solved my problem.

    I could not login to a Storwize V7000 using ssh, even after setting up the CLI environment by following the procedure (for Linux and UNIX) in the SVC & V7000 CLI User's Guide,

    http://www-01.ibm.com/support/docview.wss?uid=ssg1S7003572

    The procedure says to upload the public key to the user account, then ssh using the account userid:

    $ ssh myuser@v7000cluster
    Permission denied (publickey)

    which does not work. But this does work:

    $ ssh admin@v7000cluster
    IBM_2076:v7000cluster:admin>
  • SystemAdmin
    SystemAdmin
    4779 Posts

    Re: SVC V. 6 - Creating a user for CLI and GUI managment

    ‏2011-05-21T05:25:14Z  
    • jtyberg
    • ‏2011-05-21T00:09:18Z
    This solved my problem.

    I could not login to a Storwize V7000 using ssh, even after setting up the CLI environment by following the procedure (for Linux and UNIX) in the SVC & V7000 CLI User's Guide,

    http://www-01.ibm.com/support/docview.wss?uid=ssg1S7003572

    The procedure says to upload the public key to the user account, then ssh using the account userid:

    $ ssh myuser@v7000cluster
    Permission denied (publickey)

    which does not work. But this does work:

    $ ssh admin@v7000cluster
    IBM_2076:v7000cluster:admin>
    Some good news is that v6.2 of the SVC/V7000 code will change this behaviour.
    Read more here:

    https://aussiestorageblog.wordpress.com/2011/05/12/gui-vs-cli-sharing-the-love/

    The relevant part:

    "This weeks announcement of release 6.2 of the SVC and Storwize V7000 firmware, has brought in two more important usability improvements:

    Now when logging onto the CLI using individual user-ids, you can logon using the actual user-id itself, rather than admin. This change has been a long time coming and removes the confusion generated by logging onto the GUI as say anthony, but then logging into a matching CLI session as admin. Now you would logon to either interface as anthony."

    Regards, Anthony https://aussiestorageblog.wordpress.com/