• SAP HANA

saphana
  1. Help Center
  2. SAP HANA
  3. User Guide (Single Node)
  4. Deployment
  5. Creating ECSs
  6. Configuring SSH Switching Permissions

Configuring SSH Switching Permissions

To allow SSH switchovers between HANA ECSs and NAT servers, you must configure the ECSs and HANA ECSs to be trusty.

Procedure

  1. Upload the key file to the NAT server.

    1. On the local computer, generate the key file for logging in to the NAT server.

      When creating the NAT server, you specify the certificate key file (.pem file) for the NAT server.

      The .pem file is used to generate the .ppk file. For details, see section Logging In to a Linux ECS Using an SSH Key.

    2. On the local computer, install the WinSCP software.
    3. Upload the certificate private key file (.pem file) to the NFS server.

      Use WinSCP to upload the certificate private key file (.pem file) to the /usr directory on the NAT server using an elastic IP address. Ensure that user root and the key file (.ppk file) are used for authentication.

    4. Use PuTTY to log in to the NAT server. Ensure that user root and the key file (.ppk file) are used for authentication.
    5. Copy the certificate private key file (.pem file) to the /root/.ssh directory and rename the file id_rsa.

      For example, if the original file name is private.pem, run the following commands to rename it:

      cp /usr/private.pem /root/.ssh/id_rsa

      cd /root/.ssh/

      chmod 600 id_rsa

  2. Use the server/client plane IP address to allocate the private key file and authorized_keys file on the local host to all nodes excepting the SAP HANA Studio node.

    The command is in the following format:

    scp /root/.ssh/id_rsa Peer IP address:/root/.ssh/id_rsa

    scp /root/.ssh/authorized_keys Peer IP address:/root/.ssh/

    For example, if the peer IP address is 10.0.3.102, run the following commands:

    scp /root/.ssh/id_rsa 10.0.3.102:/root/.ssh/id_rsa

    scp /root/.ssh/authorized_keys 10.0.3.102:/root/.ssh/

  3. Verify the switching.

    Use SSH to switch from the NAT server to all nodes excepting the SAP HANA Studio node for verification.

    Switch to an SAP HANA node. Assume that the IP address of the server/client plane of the SAP HANA node is 10.0.3.2.

    ssh 10.0.3.2

    NOTE:

    After the switching, you must switch back to the NAT server. Then, verify the switching from the NAT server to other nodes.

    During the first switching, the system displays the fingerprint as well as the message "Are you sure you want to continue connecting (yes/no)?". In such a case, enter yes and continue the switching.