English en
2022E (11.28)

Strengthening SSH Communication Between HyperScale Nodes

Updated

On this page

Strengthen secure shell (SSH) protocol / security / communication between the nodes.

Note: SSH communication is secured by default when you upgrade the nodes to Platform Release 2022E and higher.

Before You Begin

Enable root access on the nodes if root access is disabled.

Procedure

  1. Log on to any one of the nodes in the storage pool as root user.

  2. Navigate to the following folder:

    # cd /opt/commvault/MediaAgent

  3. Run the following script:

    # ./cvavahi.py secure_hs

    Output similar to the following will be displayed:

    INFO: Processing SSH configurations...

    INFO: Setting SSH cipher configurations...

    Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

    INFO: Completed setting SSH cipher configurations successfully...

    INFO: Setting SSH MAC configurations...

    MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com

    INFO: Completed setting SSH MAC configurations successfully...

    INFO: Setting SSH KexAlgorithms configurations...

    INFO: Completed setting SSH Kex Algorithms configurations successfully...

    Removed symlink /etc/systemd/system/multi-user.target.wants/avahi-daemon.service.

    Removed symlink /etc/systemd/system/sockets.target.wants/avahi-daemon.socket.

    Removed symlink /etc/systemd/system/dbus-org.freedesktop.Avahi.service.

    Warning: Stopping avahi-daemon.service, but it can still be activated by:

      avahi-daemon.socket

    Removed symlink /etc/systemd/system/multi-user.target.wants/httpd.service.

    WARNING: Unable to update sysctl file.

    INFO: /etc/sysctl file updated successfully

    INFO: File permissions updated successfully

    Unable to find home directory for user[gluster]

    Unable to find home directory for user[insights]

    INFO: user home directories permission set successfully.

    INFO: umask set to 077 successfully...

    INFO: user umask set successfully to 077.

    INFO: Anonymous root login disabled.

    INFO: All security changes completed successfully

  4. Repeat the above steps from all the nodes in the storage pool.

What to Do Next

Disable root access, if root access was previously disabled.

Securing HyperScale X Nodes

Creating your PDF

Your PDF is being created and will be ready soon.

We can send you a link when your PDF is ready to download.