Walkthrough
1) Download plink.exe, pscp.exe, putty.exe, puttygen.exe from:
Image: plink.exe
and associated downloads
2) Place the
files in your C:\Windows folder
Image: plink.exe
and associated files in C:\Windows
Note: This allows
us to run the binaries from any path in DOS or PowerShell. Any path that’s
specified in System Properties > Advanced
> Environment Variables > System variables > Path would do. If
corporate restrictions on you system prevent you using C:\Windows, or modifying
the System Path, you will need to make adjustments to the content in this post.
3) A quick
test from DOS (or PowerShell) :\>
plink -ssh -x -a -l admin -pw PASSWORD CLUSTER_NAME_IP
"version"
{Replace PASSWORD
and CLUSTER_NAME_IP}
Note: If you have
not connected over SSH from the workstation to CLUSTER before, this connection
will fail because the clusters RSA2 key has not been cached on the
workstation. Make an initial connection with PuTTY and then try again.
4) Run puttygen to generate a public/private
key pair.
i) Ensure ‘Type of key to generate’ is set to SSH-2 RSA and ‘number of bits in a generated key’ is 1024.
ii) Click Generate
Image: PuTTY Key
Generator
Note: If you don’t
set bits to 1024, you could get “Failed to generate Fingerprint for the
publickey.”
iii) Leave the
passphrase blank and save the private
key to C:\Windows as something
like puttygen_20150618_priv_key.ppk
iv) Leave
PuTTY Key Generator open for now (or you can save the public key), since we’ll
need to copy and paste that into (clustered) ONTAP
5) Create a login in (c.) ONTAP ::>
security login create
-username USERNAME -application ssh -authmethod publickey -role admin
{Replace USERNAME}
6) Create a login publickey in (c.) ONTAP ::>
security login publickey
create -username USERNAME -index 1 -publickey "<-copy-and-paste-here-the-public-key-from-earlier->-copy-and-paste-here-the-public-key-from-earlier->"
Example:
CLU01::> security login
publickey create -username ADMINPK -index 1 -publickey "ssh-rsa
AAAAB3NzaC1yc2EAAAABJQAAAIEAs6xBkTG/zukvKrPMqdC5JW7KWiw46vlOBZYOQiJDqqOa7T6YYGnqzUsKjOrLLp5O3X5H0BkTHv5C2LEvcb49y3o3IYDvs/g361tXvRNl18FI9T5sIQFd8NEcebei9UK0NTi7wzRbpYGSQYvqgYv9Yzs+mKP/ibxZUJcEqC1iRl8=
rsa-key-20150618"
7) Test it
works :\>
plink -ssh -x -a -l USERNAME CLUSTER_NAME_IP -I c:\windows\puttygen_20150618_priv_key.ppk
"version"
Example:
C:\>plink -ssh -x -a -l
ADMINPK 192.168.168.100 -i c:\windows\puttygen_20150618_priv_k
ey.ppk
"version"
NetApp Release 8.2.2P1
Cluster-Mode: Wed Oct 08 05:09:35 PDT 2014
Now you can make batch files - or something else ;-) -
and run your Clustershell commands non-interactively over SSH!
Note: I use the -x and -a switches above, but it will work fine without them.
APPENDIX: Plink
Switches (Plink Help Output)
Plink:
command-line connection utility
Release
0.64
Usage:
plink [options]
[user@]host [command]
("host" can also be a PuTTY
saved session name)
Options:
-V print version information and exit
-pgpfp print PGP key fingerprints and exit
-v show verbose messages
-load sessname Load
settings from saved session
-ssh -telnet -rlogin -raw -serial
force use of a particular protocol
-P port connect to specified port
-l user connect with specified username
-batch disable all interactive prompts
-sercfg configuration-string (e.g. 19200,8,n,1,X)
Specify the serial configuration (serial
only)
The
following options only apply to SSH connections:
-pw passw login with specified password
-D
[listen-IP:]listen-port
Dynamic SOCKS-based port forwarding
-L
[listen-IP:]listen-port:host:port
Forward local port to remote address
-R
[listen-IP:]listen-port:host:port
Forward remote port to local address
-X -x enable / disable X11 forwarding
-A -a enable / disable agent forwarding
-t -T enable / disable pty allocation
-1 -2 force use of particular protocol version
-4 -6 force use of IPv4 or IPv6
-C enable compression
-i key private key file for user authentication
-noagent disable use of Pageant
-agent enable use of Pageant
-hostkey aa:bb:cc:...
manually specify a host key (may be
repeated)
-m file read remote command(s) from file
-s remote command is an SSH subsystem (SSH-2
only)
-N don't start a shell/command (SSH-2
only)
-nc host:port
open tunnel in place of session (SSH-2
only)
Comments
Post a Comment