9.5.7 ahf security
Use the ahf security command to manage AHF users.
AHF 25.1
Secure SSH Key Storage
SSH Keys are often required for secure access to resources automatically. However, storing these keys on systems can pose potential security risks.
AHF can now generate and securely store SSH keys for remote components used by Oracle Orachk and Oracle Exachk. These keys are encrypted and stored within the AHF wallet, ensuring they are protected from unauthorized access. AHF automatically detects the configured SSH keys for a remote system and uses them to login.
- To create and add SSH key with password:
ahf security add-credentials --node NODE --user-name USER --type ssh-key --generate-ssh-key --password - To add SSH key from a file path with password:
ahf security add-credentials --node NODE --user-name USER --type ssh-key --ssh-key-file <FILEPATH> --password - To add an already added SSH key with password:
ahf security add-credentials --node NODE --user-name USER --type ssh-key --ssh-key-file <FILEPATH> --passwordahf security add-credentials --node NODE --user-name USER --type ssh-key --generate-ssh-key --password - To create and add SSH key for passwordless setup:
ahf security add-credentials --node NODE --user-name USER --type ssh-key --generate-ssh-key - To add SSH key from a file path for passwordless setup:
ahf security add-credentials --node NODE --user-name USER --type ssh-key --ssh-key-file <FILEPATH> - To add SSH key from a file path where the key is already added to remote host:
ahf security add-credentials --node NODE --user-name USER --type ssh-key --ssh-key-file <FILEPATH> - To remove SSH key:
ahf security remove-credentials --node NODE --user-name USER --type ssh-key - To check SSH key:
ahf security check-credentials --node NODE --user-name USER --type ssh-key - To get stored SSH key:
ahf security get-credentials --node NODE --user-name USER --type ssh-key
Credential Management
This release introduces improvements to the ahf security command category, streamlining the management of credentials used to log in to remote machines or nodes.
ahf security add-credentials --type password [--node NODE] [--nodes NODES-LIST] [--user-name USER] [--exacli]ahf security remove-credentials --type password [--node NODE] [--nodes NODES-LIST] [--user-name USER] [--exacli]ahf security get-credentials --type password [--node NODE] [--nodes NODES-LIST][--user-name USER] [--exacli]ahf security check-credentials --type password [--node NODE] [--nodes NODES-LIST] [--user-name USER] [--exacli]Syntax: ahf security
ahf security action [options]
Action: add-user,remove-user,promote-user,demote-user,grant-role,revoke-role,list-users,reset-users,block-user,unblock-user, add-credentials, remove-credentials, get-credentials, check-credentials| Action | Description |
|---|---|
|
|
Adds a user to the AHF access list. Usage: |
|
|
Removes a user from the AHF access list. Usage: |
|
|
Promotes a user to have admin access to AHF. Usage: |
|
|
Demotes a user from having admin access to AHF. Usage: |
|
|
Grants a role to a non-root user. Usage: |
|
|
Revokes the role granted to a non-root user. Usage: |
|
|
Prints the list of users. Usage: |
|
|
Resets the AHF access list to default AHF users. Usage: |
|
|
Blocks the specified user's access to AHF. Usage: |
|
|
Unblocks the specified blocked user's access to AHF. Usage: |
|
|
Adds and stores the password or SSH key for a specified node or a list of nodes. Usage: |
|
|
Removes the stored password or SSH key for a specified node or a list of nodes. Usage: |
|
|
Gets the stored password or SSH key for a specified node or a list of nodes. Usage: |
|
|
Checks the password or SSH key for a specified node or a list of nodes. Usage: |
Table 9-131 ahf security add-user
| Option | Description |
|---|---|
|
|
Prints the output in JSON format. |
|
|
Specifies the user to add. |
Table 9-132 ahf security remove-user
| Option | Description |
|---|---|
|
|
Prints the output in JSON format. |
|
|
Specifies the user to remove. |
|
|
Specifies to remove all users. |
Table 9-133 ahf security promote-user
| Option | Description |
|---|---|
|
|
Prints the output in JSON format. |
|
|
Specifies the user to promote. |
Table 9-134 ahf security demote-user
| Option | Description |
|---|---|
|
|
Prints the output in JSON format. |
|
|
Specifies the user to demote. |
Table 9-135 ahf security grant-role
| Option | Description |
|---|---|
|
|
Prints the output in JSON format. |
|
|
Specifies the user required to run this command. |
|
|
Specifies the role to grant to the user. |
Table 9-136 ahf security revoke-role
| Option | Description |
|---|---|
|
|
Prints the output in JSON format. |
|
|
Specifies the user required to run this command. |
|
|
Specifies the role to revoke from the user. |
Table 9-137 ahf security list-users
| Option | Description |
|---|---|
|
|
Prints the output in JSON format. |
Table 9-138 ahf security reset-users
| Option | Description |
|---|---|
|
|
Prints the output in JSON format. The default users are the DB/CRS owner and the installer user. |
Table 9-139 ahf security block-user
| Option | Description |
|---|---|
|
|
Prints the output in JSON format. |
|
|
Specifies the user to block. |
Table 9-140 ahf security unblock-user
| Option | Description |
|---|---|
|
|
Prints the output in JSON format. |
|
|
Specifies the user to unblock. |
Table 9-141 ahf security add-credentials
| Option | Description |
|---|---|
|
|
Prints the output in JSON format. |
|
|
Specifies the type of security: Options for
--type password:
Options for
--type ssh-key:
|
|
|
Specifies the node. |
|
|
Specifies the comma-delimited list of nodes |
|
|
Specifies the user for whom you want to set password. |
|
|
Specifies to set password for |
|
|
Specifies to generate the SSH key pair. |
|
|
Specifies the path to the existing SSH key file. |
|
|
Prompts for password to log in to the remote system. |
Table 9-142 ahf security remove-credentials
| Option | Description |
|---|---|
|
|
Prints the output in JSON format. |
|
|
Specifies the type of security: Options for
--type password:
Options for
--type ssh-key:
|
|
|
Specifies the node. |
|
|
Specifies the comma-delimited list of nodes |
|
|
Specifies the user for whom you want to remove password. |
|
|
Specifies to remove password for |
|
|
Specifies to generate the SSH key pair. |
|
|
Specifies the path to the existing SSH key file. |
|
|
Prompts for password to log in to the remote system. |
Table 9-143 ahf security get-credentials
| Option | Description |
|---|---|
|
|
Prints the output in JSON format. |
|
|
Specifies the type of security: Options for
--type password:
Options for
--type ssh-key:
|
|
|
Specifies the node. |
|
|
Specifies the comma-delimited list of nodes |
|
|
Specifies the user for whom you want to fetch password. |
|
|
Specifies to fetch password for |
|
|
Specifies to generate the SSH key pair. |
|
|
Specifies the path to the existing SSH key file. |
|
|
Prompts for password to log in to the remote system. |
Table 9-144 ahf security check-credentials
| Option | Description |
|---|---|
|
|
Prints the output in JSON format. |
|
|
Specifies the type of security: Options for
--type password:
Options for
--type ssh-key:
|
|
|
Specifies the node. |
|
|
Specifies the comma-delimited list of nodes |
|
|
Specifies to check if password is set for the specified. |
|
|
Specifies to check if password is set for |
|
|
Specifies to generate the SSH key pair. |
|
|
Specifies the path to the existing SSH key file. |
|
|
Prompts for password to log in to the remote system. |
Parent topic: Running Unified AHF CLI Administration Commands