Saturday 22 August 2020

SSH or SFTP Authentication issue in linux

We normally getting a below error while accessing the destination server via SSH or SFTP protocols.

Error:

root@localhost> sftp  root@XYZ.com

warning: Authentication failed.

FATAL: ssh2 client failed to authenticate. (or you have too old ssh2 installed, check with ssh2 "-V")

To resolve this error first we need to understand what is an issue. In such type of above error, issue is mostly from destination server end which you want to connect from your system. 

In /etc/ssh/sshd_config file, a parameter "MaxAuth Tries" value is very less due to this when we are attempting to access the destination server using SSH or SFTP protocol then we will get such issue if your account will not authenticate in first two attempts. 

So to resolve such issue , you need to increase the value of "MaxAuth Tries" from default value.

edit the /etc/ssh/sshd_config file

search this parameter

increase the value "MaxAuth Tries" to "5" and take a restart of ssh service

systemctl restart sshd

login on source server again and try to access the server, if you are facing this issue again then increase the value again and set to 20.


By at 4 comments:
Labels: , , , , , , ,

Sunday 9 August 2020

Zoning in Brocade FC SAN switch

SAN zoning is a method to manages communication of hosts and storage nodes.

Each device in a Fiber Channel will have a unique Word Wide Name (WWN). Zone contains WWN name of these devices.

There are two types of WWNs:

Word Wide Node Name (WWNN)
Word Wide Port Name (WWPN)

We can identify devices in FC using WWNN or WWPN. The idea is to bind WWPN’s of intended devices (ports) together.


This binding is called zoning and it manages communication of hosts and storage nodes.
 

SAN Zoning Method:
 

Please run the "switchshow" command. This command will help you to identify the HBA address of both the target and initiator ports which will be required for SAN Zoning configuration.

Output of this command will provide below output.

barcode01:admin> switchshow
switchName:     barcode01
switchType:      71.2
switchState:      Online
switchMode:     Native
switchRole:      Subordinate
switchDomain: 101
switchId:          fffc65
switchWwn:     90:XX:XX:99:XX:XX:ef:XX
zoning:             ON (fabric_A)
switchBeacon: OFF

Index Port Address Media Speed State     Proto
==============================================
   0   0   650000   --     N8   No_Module   FC
   1   1   650100   id     N8   Online      FC  F-Port  90:XX:XX:99:XX:XX:cf:XX
   2   2   650200   id     N8   No_Light    FC
   3   3   650300   id     N8   Online      FC  E-Port  90:01:c4:f5:7c:e7:3e:23
   4   4   650400   id     N8   Online      FC  F-Port  90:00:02:e0:db:1e:f6:10
   5   5   650500   id     N8   Online      FC  F-Port  90:00:00:e0:db:1e:f6:10
   6   6   650600   id     N8   Online      FC  F-Port  90:01:43:80:21:df:7a:12
   7   7   650700   id     N8   Online      FC  F-Port  90:01:43:80:21:df:78:16
   8   8   650800   id     N8   Online      FC  F-Port  91:02:00:02:ac:01:eb:11
   9   9   650900   id     N8   Online      FC  E-Port  90:00:50:eb:1a:ed:21:10
 
 
The 90:XX:XX:99:XX:XX:cf:XX is the WWPN of the device connecting in that port. We will use this WWPN of the connecting device to zone with another.

In below step we will create a new alias for above WWPN number as it is very difficult to remember this WWPN number during zoning.

barcode01:admin> alicreate hostname_port1,"90:XX:XX:99:XX:XX:cf:XX"

To verify run command, alishow “hostname_port1”.

Now we are going to create two zones with two aliases.

barcode01:admin> zonecreate zone01,'hostname_port1;storage_port01'

To verify run command, zoneshow “zone01”.

Once zone is created, add it to an active configuration or a new configuration by running either the cfgadd command or cfgcreate.

barcode01:admin> cfgadd fabric_A,zone01

If zone configuration not exist then please run the below command to create a zone configuration which will consist zones that we have created recently.

barcode01:admin> cfgcreate "fabric_A", "zone01"

In my case I have already created this. above is just an example to create a zone configuration if not exist.

Next you have to save the configuration by running the cfgsave And it will prompt for yes / no  you have to hit  yes at the prompt to save the configuration.

barcode01:admin> cfgsave

WARNING!!!
The changes you are attempting to save will render the
Effective configuration and the Defined configuration
inconsistent. The inconsistency will result in different
Effective Zoning configurations for switches in the fabric if
a zone merge or HA failover happens. To avoid inconsistency
it is recommended to commit the configurations using the
'cfgenable' command.

Do you want to proceed with saving the Defined
zoning configuration only?  (yes, y, no, n): [no] y
Updating flash ...

To activate the created zoning, run the cfgenable And it will prompt for yes / no, you have to hit yes at the prompt to activate the configuration.

barcode01:admin> cfgenable fabric_A

You are about to enable a new zoning configuration.
This action will replace the old zoning configuration with the
current configuration selected. If the update includes changes
to one or more traffic isolation zones, the update may result in
localized disruption to traffic on ports associated with
the traffic isolation zone changes
Do you want to enable 'fabric_A' configuration  (yes, y, no, n): [no] y
zone config "fabric_A" is in effect
Updating flash ...

barcode01:admin>

Note: This will put the zone into the Effective Configuration and will be live in production.

Hope reading above article you can perform SAN zoning without any issue. In case of any query, please comment in below section. Thanks!!

By at No comments:
Labels: , , , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)