Disabling encryption with USB flash drives
Encryption with USB flash drives can be disabled using the management GUI or the command-line interface.
Note: For security, encryption methods (including the recovery key) can only be disabled when
physically connected to the technician port on the configuration node.
Using the management GUI
When disabling encryption using the management GUI, encryption using USB flash drives is automatically disabled in the process. See Decommissioning encryption for instructions on disabling encryption using the management GUI.
To disable only USB flash drives, refer to the instructions described in "Using the command-line interface".
Using the command-line interface
Follow these steps to disable encryption using USB flash drives:
- Identify the configuration node of the system. For more information, see Configuration node.
- Connect your computer to the technician port of the configuration node. For more information, see Node canisters
- In a terminal window, use Secure Shell (SSH) software to connect to the cluster IP address of
the system and authenticate using the credentials of any user with the SecurityAdmin
role:
ssh username@cluster_ip
For more information, see Connecting to the CLI with OpenSSH.
- To disable the encryption using USB flash drives, enter the following
command:
For more information, see chencryption command.chencryption -usb disable
Encryption using USB flash drives has been disabled successfully when the usb_key_filename field is blank and the status field is licensed. For more information, see lsencryption command.
- The encryption key files remain on the USB flash drives but are not used again. The security administrator of the system is responsible for removing unused or expired encryption key files from the USB flash drives.