video on demandhttps://kb.netapp.com/support/index?page=content&id=1012542
=====
Create a file to be used as the authorized keys file on the cluster.
In the example below, ssh-keygen is used on a Linux box:
monitor@bjacobs-lnx:/$ ssh-keygen -q -f ~/.ssh/id_rsa -t rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
monitor@bjacobs-lnx:/$ ls -lsa ~/.ssh
total 16
4 drwx------ 2 monitor monitor 4096 2008-08-26 11:47 .
4 drwxr-xr-x 3 monitor monitor 4096 2008-08-26 11:47 ..
4 -rw------- 1 monitor monitor 1679 2008-08-26 11:47 id_rsa
4 -rw-r--r-- 1 monitor monitor 401 2008-08-26 11:47 id_rsa.pub
Note:
If an ssh key-pair already exists, there is no need to generate one using ssh-keygen.
Create the user on the cluster with a public key authentication method.
cluster::> security login create -username monitor -application ssh -authmethod publickey -profile admin
Copy the public key contents of the id_rsa.pub to the filer and put it between quotes in the security login publickey create command. (be careful to not add carriage returns or other data that modifies the keystring, leave it one line)
cluster::> security login publickey create -username monitor -index 1 -publickey "ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEA5s4vVbwEO1sOsq7r64V5KYBRXBDb2I5mtGmt0+3p1jjPJrXx4/
IPHFLalXAQkG7LhV5Dyc5jyQiGKVawBYwxxSZ3GqXJNv1aORZHJEuCd0zvSTBGGZ09vra5uCfxkpz8nwaTeiAT232LS2lZ6RJ4dsCz+
GAj2eidpPYMldi2z6RVoxpZ5Zq68MvNzz8b15BS9T7bvdHkC2OpXFXu2jndhgGxPHvfO2zGwgYv4wwv2nQw4tuqMp8e+
z0YP73Jg0T3jV8NYraXO951Rr5/9ZT8KPUqLEgPZxiSNkLnPC5dnmfTyswlofPGud+qmciYYr+cUZIvcFaYRG+Z6DM/HInX7w== monitor@bjacobs-lnx"
(((Alternately, you can use the load-from-uri function to bring the public key from another source.
cluster::> security login publickey load-from-uri -username monitor -uriĀ http://bjacobs-lnx/id_rsa.pub)))
Verify creation.
cluster::> security login publickey show -username monitor
UserName: monitor Index: 1
Public Key:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5s4vVbwEO1sOsq7r64V5KYBRXBDb2I5mtGmt0+3p1jjPJrXx4/
IPHFLalXAQkG7LhV5Dyc5jyQiGKVawBYwxxSZ3GqXJNv1aORZHJEuCd0zvSTBGGZ09vra5uCfxkpz8nwaTeiAT232LS2lZ6RJ4dsCz+
GAj2eidpPYMldi2z6RVoxpZ5Zq68MvNzz8b15BS9T7bvdHkC2OpXFXu2jndhgGxPHvfO2zGwgYv4wwv2nQw4tuqMp8e+
z0YP73Jg0T3jV8NYraXO951Rr5/9ZT8KPUqLEgPZxiSNkLnPC5dnmfTyswlofPGud+qmciYYr+cUZIvcFaYRG+Z6DM/HInX7w== monitor@bjacobs-lnx
Fingerprint:
fd:cf:9e:06:50:4d:8c:19:5a:c6:36:0f:0f:9b:ef:bb
Bubblebabble fingerprint:
xunep-misif-magug-maryp-hikig-hycun-hisob-mymim-riryv-ryvam-toxox
Comment:
Test access from the host.
monitor@bjacobs-lnx:~$ ssh monitor@10.61.64.150
The authenticity of host '10.61.64.150 (10.61.64.150)' can't be established.
DSA key fingerprint is d9:15:cf:4b:d1:7b:a9:67:4d:b0:a9:20:e4:fa:f4:69.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.61.64.150' (DSA) to the list of known hosts.
cluster::>