Dell EMC PowerProtect DDVE on Google Cloud Platform 7.9 Installation and Administration Guide

Enabling or updating SSH keys after deployment

DDVE supports assigning SSH keys during deployment from the Google Cloud console, but you cannot use the Google Cloud console to update SSH keys after deployment. DDVE adds both project-wide and instance-level SSH keys only during the first boot. Use this procedure to enable or update SSH keys.

1. Generate SSH key pairs in any Linux client if you do not have SSH keys ready.

   $ ssh-keygen –t rsa
   Generating public/private rsa key pair.
   Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):
   Enter passphrase (empty for no passphrase):
   Enter same passphrase again:
   Your identification has been saved in /home/ yourusername /.ssh/id_rsa.
   Your public key has been saved in /home/ yourusername /.ssh/id_rsa.pub.
   The key fingerprint is:
   SHA256:QcPMwxTVRMpDZ3SrnmZKm4mLpmdhmSHAt4hpjTf6FD4  yourusername@yourlinuxclient
   The key's randomart image is:
   +---[RSA 2048]----+
   | .     *=oo=* .  |
   |  o .  .*+ +.. . |
   | oo+ .  ..+   .  |
   |oo.=o .  . . .   |
   |. + o. +S   .    |
   | . E  =    . .   |
   |  o .. .  . =    |
   |   .  +. o B     |
   |    .=. o.=      |
   +----[SHA256]-----+
   

   Default options create a pair of SSH keys in the $HOME/.ssh/ directory. The private key file is id_rsa, and the public key file is id_rsa.pub.
2. Run the following command to add the public key content to DDVE: adminaccess add ssh-keys user sysadmin

   sysadmin@myddve1# adminaccess add ssh-keys user sysadmin
   Enter the key and then press Control-D, or press Control-C to cancel.
   ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyYNyPI1QjpmWbDjbTqkqe7qi3wc97K5JpygX9EeLNEY3VQqzAJsfHwvxkPnyOqKiYXOV3johwQKiZct2/1MUEpd8MvMCaDhlzyf7OrJ7DNgI5P8Ilh/dhCxe6W0crlWcG6UE+ldHzbRrphhMzdt2CNJ3nh/gLGMpQGASHtCJZrXzUHCqu/vivfdm6Zy2bbsNYeCdbJ6MJwaQ2FnKUhGAyeDi7SdsXb+kizokL6J5dJHKDhIJY2lNfF5jclpkoM694wvfSupe+Zz4tx7EVlxDi2BtLrwRSiRWtTIsXYGiyz2Wx3AWzxPGSkLLqBEk0AacWsGba4hElLiAa31NZI5mt
   SSH key accepted.
   
   

   NOTE

   • You can disable some key pair access by deleting the corresponding key from DDVE with the following command: adminaccess del ssh-keys <lineno> user sysadmin.
   • You can list keys and get the <lineno> by running the following command: adminaccess show ssh-keys user sysadmin.

   sysadmin@<DDVE-name># adminaccess show ssh-keys user sysadmin
   
   User "sysadmin" :
    1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGKQpC6UL9B4Nd5yGj4GsdKbdPnBTc1D7hsY1GXZ/WeZzdDZDDRUplKaKV8dLJLJ/S9fOpxA3FlroLQxha77cy8= google-ssh {"userName":"cloudboost
   .blr@gmail.com","expireOn":"2018-08-28T09:07:10+0000"}
   
    2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPfRza+rT93vmT9XqMRHWjpjInAxG3HzX0g4pGzY5J5vu1VmLNKYodmESCXxuSjKD8hJko+6emdnVl2OlzFIv5k= google-ssh {"userName":"cloudboost
   .blr@gmail.com","expireOn":"2018-08-28T09:06:51+0000"}
   
    3 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAGt7Gbl1IR70bO/Yj9RD8iOLbhhTuvXTJPf62lbZk6GUFLLbVzYgg7fgMm+YOAqNiiNpx+fC26zkwKNRHl6o1HG3xHj6tOviG6Y8EVM8pXOvkI4n0beMkk8MhohkoiFO7YZECcfqysVdjcQf4CEl8ivs4bOTco6
   qAG11cYzG2Xg8wDchwgAklI2+TPzk8oGpfBoDkrEbUN5lQshWy5i0k50eLcMVPoiAwJEfsenD1X6k9xC3qeBRs+ck6gPUmyIJXfjAU2gdfQDcwIrEIzLjKS7nChrJ+705EkFX3IhbaStosTS9WmrxhDZUBMQejXXk9DSqyj7kn5u2VPP9eDRwGlc= google-ssh {
   "userName":"cloudboost.blr@gmail.com","expireOn":"2018-08-28T09:06:50+0000"}
   
    4 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCQ1HwgGdLjpHZ7XZYEfq2nV2YFBJxecoFMVjewDhLSKW6XG1jmySpgsyZNmze/NcXwcZmzxN6Rxkj5ObQ3nBOo= google-ssh {"userName":"cloudboost
   .blr@gmail.com","expireOn":"2018-08-28T09:06:46+0000"}
   
    5 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBkkwQaZpErCrAuuaDI1MysqnC+xBM9LVGJaFriEmvcwoXG8/8k66r+Y6t1Qw/JWJVSCA15+MNdD9uDGqFaLve3CdOwVIiYXT3CH0YR6V+cIZjQ2iLVXKoFT1Ch3XVAG6N88h8VuhiM/6mPm/sGC3Jhrl4pkC
   wUCD3xTywGt2SCMbumXtNs/QCOX50rog6/i7iyyyQ2SAWT1C3cXo5ImC5S/TophAma532J9dPZl0kGoFYubh2h9D9zPdQJr8VkjFiBRazH4pp6yIZoNy3xgjmz5RJPYITurOK9hPyiHWMtj0lZyrbviq4a57KYfSWcbAd1eIGyqdlwooP/OYPLNRD google-ssh {
   "userName":"cloudboost.blr@gmail.com","expireOn":"2018-08-28T09:06:45+0000"} 
   

3. Run the following command to disable password login for additional security: adminaccess option set password-auth disabled

   sysadmin@myddve1# adminaccess option set password-auth disabled
   **   Disabling password based authentication will disallow users to login using password.
        Ensure users have other login option(s) configured to access the system.
           Do you want to continue? (yes|no) [no]: yes
   
   **   Import CA certificate for "login-auth" application to enable GUI/Web-services access.
   Adminaccess option "password-auth" set to "disabled".