You canmanageSSHkeysfromtheSANVolumeControllerConsole.
Relatedtasks
“AddingSSHkeysforhostsotherthanthemasterconsole”
Usethesestep-by-stepinstructionsforaddingSSHkeysonhostsotherthanthe masterconsole.
“Addingsubsequent SSHpublickeysto theSANVolumeController”onpage 160
Duringtheclustercreationwizard,youwillhave addedanSSHkey tothe clusterthatallowsthemasterconsole(wheretheSANVolumeControlleris running)toaccessthecluster. Ifyouwishto addmoreSSHkeys,thatis,grant SSHaccesstoother serversyouneedtofollow theprocedure below.
“ReplacetheclientSSHprivatekeyknownto theSANVolumeController software”onpage161
Toreplace theclientSSHprivatekeyknownto theSANVolumeController software,completethesesteps.
“ResettingtheSSHfingerprint”onpage164
YoucanresettheSSHfingerprintfor aclusterthatismanagedbytheSAN VolumeControllerConsolefor yourconfigurationbyusingtheResettingthe SSHFingerprintpanel.
Relatedreference
“Advancedfunction clusteroverview”onpage 152
Ensurethatyouarefamiliarwiththeadvancedfunction clusteroverviewusing theSANVolumeControllerConsole.
“ReplacingtheSSHkeypair”onpage162
YoucanreplacetheSSHkeypairusingtheSANVolumeControllerConsole.
Relatedinformation
“ResettingarefusedSSHkey”onpage163
Youcanreseta refusedSSHkey relationshipbetweentheSANVolume ControllerConsoleandtheSANVolumeControllercluster.
AddingSSHkeysforhostsotherthanthemasterconsole:
Usethesestep-by-stepinstructionsforaddingSSHkeysonhostsotherthanthe masterconsole.
1. Generate thepublicprivatekeypaironeach hostthatyouwanttousetheSAN VolumeControllercommandlineinterface.Seetheinformationthatcamewith your SSHclientfor specificdetailsaboutusingthekeygenerationprogramthat comeswithyourSSHclient.
2. Copythepublickeysfromeachof thesehoststo themasterconsole.
3. Secure copythesepublickeysfromthemasterconsoletothecluster.
Repeat foreach publickeycopiedontothemasterconsolein2.
Relatedinformation
“ManagingSSHkeys”onpage159
YoucanmanageSSHkeysfromtheSANVolumeControllerConsole.
AddingsubsequentSSHpublickeystothe SANVolumeController:
During theclustercreation wizard,youwillhaveaddedanSSHkey tothecluster thatallowsthemasterconsole(wheretheSANVolumeControllerisrunning)to accessthecluster.If youwishtoaddmoreSSHkeys,thatis,grantSSHaccessto other serversyouneedtofollow theprocedure below.
1. Click ClustersinthePortfolio.
2. Click theclusterwhoseSSHkeysyou wantto maintain.
3. SelectMaintainSSHKeys inthedrop-downlistandclickGo.TheSSHKey Maintenancepanelisdisplayed.
4. Click theMaintainSSHKeysoption.Thewindowappearsto enableyouto enter theclientSSHpublickeyinformationto bestoredonthecluster.Atthe SSHkeymaintenancewindow,performthefollowingsteps:
a. If youareaddingtheSSHclientkeyforthemasterconsole,clickBrowse andlocatethepublickeyyougenerated earlier.IfyouareaddinganSSH clientkey foranothersystem,either clickBrowseandlocatethepublic key or cutandpastethepublickeyintothedirectinputfield.
b. Click Administrator.
c. Type aname ofyourchoiceintheIDfieldthatuniquelyidentifiesthekeyto thecluster.
d. Click AddKey.
e. Click MaintainSSHKeys.
f. Click theShowIDs buttonto seeallkeyIDsloadedontheSANVolume Controller.
Aftertheinitialconfigurationof theclusterhasbeenperformedusingtheSAN VolumeControllerandat leastoneSSHclientkeyhasbeenaddedthe
remainder oftheconfigurationmayeitherbeperformedusingtheSANVolume Controlleror theCommandLine Interface(CLI).
Relatedinformation
“ManagingSSHkeys”onpage159
YoucanmanageSSHkeysfromtheSANVolumeControllerConsole.
“SecureShell(SSH)”onpage78
SecureShell(SSH)isaclient-server networkapplication.
Replace theclientSSHprivatekeyknownto theSANVolumeController software:
ToreplacetheclientSSHprivatekeyknownto theSANVolumeController software,completethesesteps.
Attention: Ifyouhave successfullycontactedotherSANVolumeController clusters,youwillbreakthatconnectivity ifyoureplacetheclientSSHprivatekey known totheSANVolumeControllersoftware.
Perform thefollowing stepsto replacetheclientSSHprivatekey:
1. Signoff theSANVolumeControllerConsole.
2. Using theWindowsServicesfacility,stoptheIBMCIMObjectManager. Perform thefollowing:
a. Click Start->Settings->ControlPanel.
b. Double-click AdministrativeTools.
c. Double-clickServices.
d. SelectIBMCIM ObjectManagerinthelist ofservices,rightclick,and selectStop.
e. LeavetheServicespanelopen.
3. CopytheclientSSHprivatekeyintotheappropriateSANVolumeController Consoledirectory. Performthefollowing:
a. OpenacommandpromptwindowbyclickingStart->Run.
b. Type cmd.exeintheOpenfield.
c. ClickOK.
4. Type thefollowingcommand:
copy <filename> C:\program files\IBM\svcconsole\cimom\icat.ppk where<filename>isthepathandfilenameof theclientSSHprivatekey.
5. Restart theIBMCIMObject Manager.SelectIBMCIMObjectManagerinthe list ofservices,rightclickandselectStart.
6. LogontotheSANVolumeControllerConsole.
7. Click Clustersintheportfolio.
8. Check thestatusofthecluster.
Relatedinformation
“ManagingSSHkeys”onpage159
YoucanmanageSSHkeysfromtheSANVolumeControllerConsole.
ReplacingtheSSHkeypair:
You canreplacetheSSHkey pairusingtheSANVolumeControllerConsole.
v IfyouchangetheSSHkeysthatwillbeusedbythemasterconsoleto
communicatewiththeSANVolumeControllerConsole,youwillhaveto storethe clientSSHprivatekey intheSANVolumeControllerConsolesoftwareandthen storetheclientSSHpublickeyontheSANVolumeControllercluster.
v IfyouchangetheIPaddressof yourSANVolumeControllerclusterafteryou haveaddedtheclustertoSANVolumeControllerConsole,theSANVolume ControllerConsolewillnotbeawareoftheexistenceofthecluster.
Theprocedure tocorrectthisistoremovetheclusterfromtheSANVolume ControllerConsoleandaddit backagain.Tocorrectthesescenarios,performthe following steps:
1. StarttheSANVolumeControllerConsolebyclickingonthedesktopicon orby usingyour Webbrowserto goto
http://<IPAddress>:9080/ica
where<IPAddress> istheIPaddress ofthemasterconsole.TheSignon windowisdisplayed.This mighttake afewmomentstoopen.
2. EntertheuserIDsuperuser andthepasswordpassw0rd.TheWelcome windowisdisplayed.
3. ClickClustersfromtheportfolio.
4. ChecktheSelectboxfor theclusterfor whichyouwishto replacethekey.
5. ClickRemovea clusterintheselectionbox.
6. ClickGo.
7. ClickClustersfromtheportfolio.
8. SelectAdda clusterfromthedropdownbox.
9. ClickGo.
10. InputtheIPaddressofthecluster.
11. Donotcheck theCreate(InitializeCluster)box.
12. ClickOK.
13. Entertheusername andpassword.Whenyouseethepop-upwindow,enter thenetwork passwordandclickOK.
14. AddtheSSHclientpublickeyto theSANVolumeControllercluster:
a. ClickBrowse...forthekeyfileto uploadandlocatethepublickey orinput thekey intheKey (directinput)field.
b. TypeanIDintheIDfield,whichuniquelyidentifiesthekey tothecluster.
c. Selecttheadministratorradiobutton.
d. ClickAddKey.
e. ClickClustersfromtheportfoliotocheckthestatusof thecluster. Ifthe clusterstatusremainsSSHKeyRefused,youdonothaveagood key pair.YoucanresettheSANVolumeControllerConsoleprivateSSHkey.
However,ifyou havesuccessfullycontactedotherclusters,youwillbreak thatconnectivity.
Relatedinformation
“ManagingSSHkeys”onpage159
YoucanmanageSSHkeysfromtheSANVolumeControllerConsole.
Resetting arefusedSSHkey:
You canresetarefusedSSHkeyrelationshipbetweentheSANVolumeController ConsoleandtheSANVolumeControllercluster.
Overview
ThecommunicationbetweentheSANVolumeControllerConsolesoftwareandthe SANVolumeControllerclusteristhroughtheSecure Shell(SSH)protocol.In this protocol, theSANVolumeControllerConsolesoftwareactsastheSSHclientand theSANVolumeControllerclusteractsastheSSHhostserver.
As anSSHclient,theSANVolumeControllerConsolemust useanSSH2RSAkey paircomposedof apublickeyanda privatekeywhicharecoordinatedatkey generationtime.TheSSHclientpublickeyisstoredoneachSANVolume ControllerclusterwithwhichtheSANVolumeControllerConsolecommunicates.
TheSSHclientprivatekeyisknownto theSANVolumeControllerConsole softwarebybeingstoredinaspecificdirectorywithaspecificname.If theSSH protocol detectsthekeypairismismatched,theSSHcommunicationfail.
TheSANVolumeControllerConsoleexternalizesthestatusof amismatchedor invalid SANVolumeControllerConsoleclientkeypairintheAvailabilityStatus column oftheClusterpanel.
Because theclientSSHkeypairmust becoordinated acrosstwosystems,you mighthaveto takeoneormoreactions toreset thepairof keys.Performoneor more ofthefollowingstepstoresettherefusedclientSSHkeypair:
v ReplacetheclientSSHpublickey ontheSANVolumeControllercluster
v ReplacetheclientSSHprivatekeyknown totheSANVolumeControllersoftware
Relatedinformation
“ManagingSSHkeys”onpage159
YoucanmanageSSHkeysfromtheSANVolumeControllerConsole.
Resetting theSSHfingerprint:
You canresettheSSHfingerprintfor aclusterthatismanagedbytheSANVolume ControllerConsolefor yourconfigurationbyusingtheResettingtheSSHFingerprint panel.
You musthave superuseradministrator authoritytoperformthefollowingprocedure.
If youhavechanged thename ofthemasterconsole,youmustalso changethe masterconsolehostnameintheIBMWebSphereApplication Serverfiles.
ThecommunicationbetweentheSANVolumeControllerConsoleandtheclusteris throughtheSecureShell (SSH)protocol. Inthisprotocol, theSANVolume
ControllerConsoleacts astheSSHclientandtheclusteractsastheSSHhost server.TheSSHprotocolrequiresthatcredentialsareexchangedwhen
communicationbetweentheSSHclientandserverbegins.TheSSHclientplaces theacceptedSSHhostserverfingerprintincache.AnychangetotheSSHserver fingerprintinfutureexchangesresultsinachallengeto theenduser toacceptthe new fingerprint.Whenanewcode loadisperformedonthecluster, newSSH serverkeyscanbeproducedwhichresultintheSSHclientflaggingtheSSHhost fingerprintaschangedand,therefore,nolongervalid.
TheSANVolumeControllerConsoledisplaysthestatusof theclusterSSHserver key intheAvailability Statuscolumn oftheViewingClusterspanel.
Perform thefollowing stepsto resettheSSHfingerprint:
1. Click Clustersintheportfolio.TheViewClusterspanelisdisplayed.
Attention: Selectaclusterthat hasanavailabilitystatusof Invalid SSH Fingerprint.Insomecasesthisavailabilitystatusresultsfromasoftware upgradethatdisrupts normaluseroperations.In thecaseof adisruptive softwareupgrade,followtheprocedurefor Recoveringfroma Disruptive SoftwareUpgrade.
2. Selecttheclusterthatyouwantto resettheSSHfingerprintfor andselect ResetSSHFingerprintfromthelist.ClickGo.TheResettingtheSSH Fingerprintpanelisdisplayed.
3. SelectOKwhenpromptedwiththemessage,CMMVC3201W.
Availability statusischangedtoOK.
Relatedconcepts
“Clusters”onpage11
Allconfigurationandserviceisperformedat theclusterlevel.
Relatedtasks
“Configuringthemasterconsolehost name”onpage84
Ifyouhave changedthehostnameof themasterconsole,youmust modify someof theIBMWebSphereApplicationServerfilesthatareused bytheSAN VolumeControllerConsoleandTivoliSANManager.
Relatedinformation
“ManagingSSHkeys”onpage159
YoucanmanageSSHkeysfromtheSANVolumeControllerConsole.