Skip to main content

Change SSH access passwords for Admin Nodes

Contributors netapp-lhalbert

Changing the SSH access passwords for Admin Nodes also updates the unique sets of internal SSH keys for each node in the grid. The primary Admin Node uses these SSH keys to access nodes using secure, passwordless authentication.

Use an SSH key to log in to a node as admin or to the root user on a VM or physical console connection.

Before you begin
About this task

The new access passwords for Admin Nodes and the new internal keys for each node are stored in the Passwords.txt file in the Recovery Package. The keys are listed in the Password column in that file.

There are separate SSH access passwords for the SSH keys used for communication between nodes. Those aren't changed by this procedure.

Access the wizard

Steps
  1. Select CONFIGURATION > Access control > Grid passwords.

  2. Under Change SSH keys, select Make a change.

Download the current recovery package

Before changing SSH access keys, download the current Recovery Package. You can use the keys in this file if the key change process fails for any node.

Steps
  1. Enter the provisioning passphrase for your grid.

  2. Select Download recovery package.

  3. Copy the Recovery Package file (.zip) to two safe, secure, and separate locations.

    Caution The Recovery Package file must be secured because it contains encryption keys and passwords that can be used to obtain data from the StorageGRID system.
  4. Select Continue.

  5. When the confirmation dialog appears, select Yes if you are ready to start changing the SSH access keys.

    Caution You can't cancel this process after it starts.

Change SSH access keys

When the change SSH access keys process starts, a new Recovery Package is generated that includes the new keys. Then, the keys are updated on each node.

Steps
  1. Wait for the new Recovery Package to be generated, which might take a few minutes.

  2. When the Download new Recovery Package button is enabled, select Download new Recovery Package and save the new Recovery Package file (.zip) to two safe, secure, and separate locations.

  3. When the download completes:

    1. Open the .zip file.

    2. Confirm that you can access the contents, including the Passwords.txt file, which contains the new SSH access keys.

    3. Copy the new Recovery Package file (.zip) to two safe, secure, and separate locations.

      Caution Don't overwrite the old Recovery Package.

      The Recovery Package file must be secured because it contains encryption keys and passwords that can be used to obtain data from the StorageGRID system.

  4. Wait for the keys to update on each node, which might take a few minutes.

    If keys are changed for all nodes, a green success banner appears.

    If there is an error during the update process, a banner message lists the number of nodes that failed to have their keys changed. The system will automatically retry the process on any node that failed to have its key changed. If the process ends with some nodes still not having a changed key, the Retry button appears.

    If the key update failed for one or more nodes:

    1. Review the error messages listed in the table.

    2. Resolve the issues.

    3. Select Retry.

      Retrying only changes the SSH access keys on the nodes that failed during previous key change attempts.

  5. After SSH access keys have been changed for all nodes, delete the first Recovery Package you downloaded.

  6. Optionally, select MAINTENANCE > System > Recovery package to download an additional copy of the new Recovery Package.