The basic technique is to use ssh private/public key pairs to allow login and remote execution of commands without performing an interactive login. A private key is generated on the client, and the corresponding public key is stored on the Data Domain Restorer (DDR) using the adminaccess set ssh-keys command. After adding this public key to the DDR, subsequent logins are authenticated using the private key presented by the client. If the private key presented by the client matches the public key stored on the DDR, the login is permitted (without requiring a password).
The basis for this mechanism is ssh. There are a number of ssh implementations available for many different platforms, including open ssh, putty, etc. This document is written with openssh running on a linux client. A similar setup is possible on a Windows client using openssh with cygwin, or using putty.
Note: Data Domain devices con ONLY handle 10 concurrent ssh client sessions at once. Take this into consideratios when scheduling your scripted tasks.
Creating a public/private key pair
The first step to enabling “passwordless” login is to create a private/public key pair. Using openssh, the process is as shown in figure 1. The user is “fred” on a linux host named “cotton”. This example assumes that Fred’s .ssh directory starts completely empty (please move or rename any existing .sshdirectory before following this example).
Figure 1: Generating a private/public key (user input in red)
fred@cotton ~ $
ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/auto/home/fred/.ssh/id_dsa):
Created directory '/auto/home/fred/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /auto/home/fred/.ssh/id_dsa.
Your public key has been saved in /auto/home/fred/.ssh/
The key fingerprint is:
fred@cotton ~ $
ls .ssh
Note that this example uses an empty passphrase. The return key was pressed at the “Enter passphrase (empty for no passphrase):” prompt (as indicated in blue in figure 1). Please note that this means the private key will be stored unencrypted on the local filesystem (in the file id_dsa). After completing the following steps, anyone with read access to /auto/home/fred/.ssh/id_dsa will be able run any command on the DDR without providing a password.
If the security of the local filesystem cannot be guaranteed, we recommend using a passphrase to encrypt the private key. In order to allow passwordless login, however, a passphrase encrypted private key will require the use of ssh-agent and ssh-add. These commands allow you to enter the passphrase once interactively, with subsequent commands using process memory to store the unencrypted password (hopefully more secure than the filesystem). The usage of these commands is beyond the scope of this document, however. The remainder of this document assumes the private key was stored without a passphrase.
Adding the public key to the DDR
Once the key pair has been created, the next step is to store the public key on the DDR. Note that the private key must be kept secret — anyone possessing this key will be able to run any command they wish on the DDR without providing a password. The public key, however, may be distributed freely (the public key is stored in It is not possible to determine a private key from a public key. It is possible, however, to tell if a given private key matches a given public key.
The easiest way to enter the public key on the DDR is to use “cut and paste” with a mouse. First display the text using the following command:
Figure 2: Display the public key
fred@cotton ~ $
cat .ssh/
Select and copy all of the lines of text using your mouse (the text beginning “ssh-dss” and ending “”).
Storing the public key on the DDR
Next you will login to the DDR and store this public key. You must, of course, login to the DDR in order to enter these commands. Because the public key has not yet been added, you will need to provide the password for this login. This example will use the DDR named and the sysadmin user.
Figure 3: Add the public key to the DDR
fred@cotton ~ $
The authenticity of host ' (' can't be established.
RSA key fingerprint is 08:1d:ff:cf:2b:00:53:c8:10:e3:01:82:af:df:9f:2e.
Are you sure you want to continue connecting (yes/no)?
Warning: Permanently added ',' (RSA) to the list of known hosts.
Last login: Sat Feb 17 16:18:50 2007 from
Welcome to Data Domain OS
adminaccess show ssh-keys
adminaccess add ssh-keys
Enter the key and then press Control-D, or press Control-C to cancel.
Trying to add this much text without some form of “cut and paste” is far too difficult and error prone, but with sufficient effort, manual entry is possible (it’s also possible to generate a shorter key using the -b 512 option when generating the keys with the ssh-keygen command).
Figure 4: Verify only one key is stored and quit
sysadmin@dd410-1# adminaccess show ssh-keys
1 ssh-dss
Connection to closed.
After adding the key, verify that the paste was performed correctly and that there are no extraneous characters orlinebreaks. The end result should be a single line returned by adminaccess show ssh-keys. If, instead ofoutput similar to figure 4 you see multiple lines, use the adminaccess del ssh-keys 1 command multiple timesuntil there are no more lines remaining, then repeat the process (using a different form of “cut and paste” or manually typing in the key if necessary).
Running commands remotely without a password
Now, if everything has gone correctly it should be possible to login to the DDR from the client without providing a password:
Figure 5: Verify that ssh from the client no longer requires a password
fred@cotton ~ $ssh
Last login: Mon Feb 19 09:35:59 2007 from
Welcome to Data Domain OS
Connection to closed.
Note that in addition to starting an interactive ddsh login without providing a password, it is also possible to run individual , non-interactive DD OS CLI commands by adding the command to the ssh command line (see figure 6).
Figure 6: Running non-interactive commands
fred@cotton ~ $ssh system show uptime
09:37:41 up 10 days, 2:19, 2 users, load average: 0.01, 0.03, 0.04
Filesystem has been up 0 days, 23:21.
fred@cotton ~ $ssh system show version
Data Domain OS
fred@cotton ~ $ssh autosupport show report
========== GENERAL INFO ==========
GENERATED_ON=Mon Feb 19 09:45:34 PST 2007
VERSION=Data Domain OS
[remaining text deleted]
Particularly useful commands for monitoring the status of a DDR include, but are obviously not limited to:
system show performance
replication status all
replication show stats all
filesys show space
filesys show compression last 24 hours
Sample Script
This technique can be used to write arbitrary scripts. An example of such a script is shown in figure 7. This script is intended to log the status of a replication context at ten minute intervals.
Figure 7: Replication status logger
This script emits a single line every ten minutes containing a timestamp, the “destination remaining”, “source remaining, and “compressed remaining” fields from replication show stats; and the “state” and “connection” fields from replication status(refer to the Restorer User’s Guide for explanations for these fields). Sample output is shown in figure 8. Any non-zero values for any of the “remaining” fields indicates replication work remains to be done (the two DDRs aren’t in synch), while any value for “state” other than “normal” indicates a problem of some sort (a connection disruption for example).
Figure 8: Sample output from script
fred@cotton ~ $ ./
Mon Feb 19 16:19:01 2007 0 0 0 normal connected since Sun Feb 18 11:18:26
Mon Feb 19 16:29:01 2007 0 0 0 normal connected since Sun Feb 18 11:18:26
Mon Feb 19 16:39:01 2007 0 0 0 normal connected since Sun Feb 18 11:18:26
Mon Feb 19 16:49:01 2007 0 0 0 normal connected since Sun Feb 18 11:18:26
As written, this script is not terribly robust. A number of improvements should be considered before using this script in production:
No error checking is performed. If the ssh command fails for any reason (another administrator removing the key, for example) the problem will almost certainly not be caught. If the DDR being monitored cannot be reached, a meaningful log entry should be generated.
The program runs in an endless loop, sleeping 10 seconds between each iteration. If the process were to be killed for any reason, however, the script would not be restarted. This script is a “daemon” and should be run under some form of daemon control that restarts the process if it dies for any reason (while simultaneously ensuring that there is never more than one process running at a time). The daemon should also be restarted at boot time.
The output is written directly to stdout. To make this more useful, the output should be redirected to a file, syslog, or some other logging system.There may be other fields of interest from the replication show stats or replication status commands that might be useful. If desired, other statistics could also be monitored and logged (network interface statistics, system load, etc.).
The configuration for this script is contained in hard-coded variables at the top of the script. To make the script more generally applicable, it might be worth passing in the configuration information via command-line arguments, a config file, or some other mechanism. Some form of error checking should also be performed on these configuration arguments: the INTERVAL variable, for example, should not normally be less than about 5 or 10 seconds to prevent undue load on the DDR being monitored (just the act of logging into the system via ssh or otherwise causes work unrelated to backup and restore).