NetBackup™ 10.3.0.1 Application Guide
- Product overview
- Release notes
- Geting started
- Creating NetBackup application instances
- Managing NetBackup application instances
- Managing application instances from Flex Appliance and NetBackup
- Accessing NetBackup primary and media server instances for management tasks
- Managing users on a primary or a media server instance
- Adding and removing local users on a primary or a media server instance
- Connecting an Active Directory user domain to a primary or a media server instance
- Connecting an LDAP user domain to a primary or a media server instance
- Changing a user password on a primary or a media server instance
- Using SSH keys for authentication on a primary or a media server instance
- Configuring the multi-factor authentication on NetBackup primary and media server instance
- Running NetBackup commands on a primary or a media server application instance
- Monitoring NetBackup services on a NetBackup primary server instance
- Mounting an NFS share on a NetBackup primary server instance
- Setting environment variables on primary and media server instances
- Storing custom data on a primary or a media server instance
- Modifying or disabling the nbdeployutil utility on a primary server instance
- Disabling SMB server signing on a media server instance
- Enabling extra OS STIG hardening on a primary or a media server instance
- Using a login banner on a primary or a media server instance
- Using a primary server instance for disaster recovery
- Authorizing a primary or a media server instance for deletion
- Managing users on a primary or a media server instance
- Accessing NetBackup WORM storage server instances for management tasks
- Managing users from the deduplication shell
- Adding and removing local users from the deduplication shell
- Adding MSDP users from the deduplication shell
- Connecting an Active Directory domain to a WORM storage server for Universal Shares and Instant Access
- Disconnecting an Active Directory domain from the deduplication shell
- Changing a user password from the deduplication shell
- Configuring the multi-factor authentication on NetBackup WORM storage server instance
- Managing VLAN interfaces from the deduplication shell
- Viewing the lockdown mode on a WORM storage server
- Managing the retention policy on a WORM storage server
- Managing images with a retention lock on a WORM storage server
- Auditing WORM retention changes
- Protecting the NetBackup catalog on a WORM storage server
- Managing certificates from the deduplication shell
- Managing FIPS mode from the deduplication shell
- Encrypting backups from the deduplication shell
- Configuring an isolated recovery environment using the web UI
- Tuning the MSDP configuration from the deduplication shell
- Setting the MSDP log level from the deduplication shell
- Managing NetBackup services from the deduplication shell
- Managing the cyclic redundancy checking (CRC) service
- Managing the content router queue processing (CRQP) service
- Managing the online checking service
- Managing the compaction service
- Managing the deduplication (MSDP) services
- Managing the Storage Platform Web Service (SPWS)
- Managing the Veritas provisioning file system (VPFS) configuration parameters
- Managing the Veritas provisioning file system (VPFS) mounts
- Managing the NGINX service
- Managing the SMB service
- Monitoring and troubleshooting NetBackup services from the deduplication shell
- Managing S3 service from the deduplication shell
- Authorizing a WORM storage server for deletion
- Managing users from the deduplication shell
Using SSH keys for authentication on a primary or a media server instance
You can configure a primary or a media server application instance to allow users to log in with SSH keys instead of passwords. You must already have a public and private key pair for each user. You can generate the keys with the ssh-keygen utility.
The user who wants to log in with SSH keys must work together with the appadmin user to configure authentication.
The appadmin user must create an sshkeys directory for the other user. Use the following steps.
To create an sshkeys directory
- Open an SSH session to the instance as the appadmin user.
- Run the following command to create the new directory:
sudo mkdir -p /var/sshkeys/<user>
Where <user> is the username of the user to provide access to.
- Run the following command to change the ownership of the directory to the other user:
sudo chown <user> /var/sshkeys/<user>
- Run the following command and check the output:
sudo grep AuthenticationMethods /etc/ssh/sshd_config
Then do one of the following:
If the output does not have any entries, or if any entries begin with a #, no action is required.
If publickey is present in the list before keyboard-interactive, no action is required.
If publickey is not present, run the following command to edit the file:
sudo vi /etc/ssh/sshd_config
Add publickey before keyboard-interactive.
The other user must copy their public SSH key to the instance. Use the following steps.
To copy the key to the instance
- From the host that you want to connect from, run the following command:
ssh-copy-id <user>@<instance>
Where <user> is your username, and <instance> is the hostname or the IP address of the instance.
- Open an SSH session to the instance and log in with your username and password.
- Run the following command:
mv ~/.ssh/authorized_keys /var/sshkeys/<user>
- Log out of the instance. You should now be able to log back in without a password.