Strengthen secure shell (SSH) protocol / security / communication between the nodes.
Note: SSH communication is secured by default when you upgrade the nodes to Platform Release 2022E and higher.
Before You Begin
Enable root access on the nodes if root access is disabled.
Log on to any one of the nodes in the storage pool as root user.
Navigate to the following folder:
# cd /opt/commvault/MediaAgent
Run the following script:
# ./cvavahi.py secure_hs
Output similar to the following will be displayed:
INFO: Processing SSH configurations...
INFO: Setting SSH cipher configurations...
INFO: Completed setting SSH cipher configurations successfully...
INFO: Setting SSH MAC configurations...
INFO: Completed setting SSH MAC configurations successfully...
INFO: Setting SSH KexAlgorithms configurations...
INFO: Completed setting SSH Kex Algorithms configurations successfully...
Removed symlink /etc/systemd/system/multi-user.target.wants/avahi-daemon.service.
Removed symlink /etc/systemd/system/sockets.target.wants/avahi-daemon.socket.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.Avahi.service.
Warning: Stopping avahi-daemon.service, but it can still be activated by:
Removed symlink /etc/systemd/system/multi-user.target.wants/httpd.service.
WARNING: Unable to update sysctl file.
INFO: /etc/sysctl file updated successfully
INFO: File permissions updated successfully
Unable to find home directory for user[gluster]
Unable to find home directory for user[insights]
INFO: user home directories permission set successfully.
INFO: umask set to 077 successfully...
INFO: user umask set successfully to 077.
INFO: Anonymous root login disabled.
INFO: All security changes completed successfully
Repeat the above steps from all the nodes in the storage pool.
What to Do Next
Disable root access, if root access was previously disabled.