Secure Shell (SSH) is a client-server network application. It is a communication vehicle between the host system and the SAN Volume Controller command-line interface (CLI).
The SAN Volume Controller cluster acts as the SSH server in this relationship. The SSH client provides a secure environment in which to connect to a remote machine. It uses the principles of public and private keys for authentication.
SSH keys are generated by the SSH software. This includes a public key, which is uploaded and maintained by the cluster, and a private key that is kept private to the host that is running the SSH client. These keys authorize specific users to access the administration and service functions on the cluster. Each key is associated with a user on the cluster. Up to 400 users can be defined on the cluster. You can also create new users and assign keys to them.
With this scheme (as in similar OpenSSH systems on other host types), the encryption and decryption is done using separate keys. This means that it is not possible to derive the decryption key from the encryption key.
Because physical possession of the private key allows access to the cluster, the private key must be kept in a protected place, such as the .ssh directory on the AIX host, with restricted access permissions.
When SSH client (A) attempts to connect to SSH server (B), the key pair authenticates the connection. The key consists of two halves: the public keys and private keys. The SSH client public key is put onto SSH Server (B) using some means outside of the SSH session. When SSH client (A) tries to connect, the private key on SSH client (A) is able to authenticate with its public half on SSH server (B).
To connect to the cluster, the SSH client requires a user login name and a key pair. When using an SSH client to access a SAN Volume Controller cluster, you must always specify a user login name of admin. The SAN Volume Controller cluster uses the key pair to identify the user accessing the cluster.