We didn't purchase Secure Admin, but I got around that by writing a little client/server app that's bound to a no-password DSA keypair. The server portion limits what actions can be requested by the clients. This way our DB servers can still initiate snapmirror requests, etc -- without using insecure rsh.
I guess this is as good as a time as any to express my dissapointment with NetApp's policy of charging extra money to be able to use ssh. I think that providing a secure remote management capability (ssh) by default should be part of the core offering.
On Wed, 27 Oct 2004, Brian Parent wrote:
Can anyone on this list confirm whether ssh can be used in place of rsh (after purchasing SecureAdmin ofcourse), without requiring the use of a password? It appears to be the case, based on the existence of the options "ssh.pubkey_auth.enable" as well as "ssh.passwd_auth.enable" on my DOT 6.4.5 systems. I'd just like to make sure before buying the SecureAdmin software because I'd rather not bother if I have to stuff the password into an expect script somewhere.
Re:
Date: Wed, 27 Oct 2004 21:07:52 +0200 From: Stefan Funke bundy@arcor-ip.de To: Robert Borowicz rbaus@swbell.net Cc: Netapp toasters@mathworks.com Subject: Re: ssh scripts
Quoting message received from Robert Borowicz:
I want to work with our DBA's to put our Oracle instances in Hot Standby to grab snapshots. Anybody got a script they use that utilizes SSH to run the snap command on a filer?
http://www.netapp.com/tech_library/3130.html
show it to your dba's and replace rsh with ssh.