Topic
  • 4 replies
  • Latest Post - ‏2011-03-28T14:39:40Z by MaheshKharvi
MaheshKharvi
MaheshKharvi
43 Posts

Pinned topic Unable to add target to CIM using "Public-private key authentication "

‏2011-03-28T10:29:28Z |
I am using CIM on AIX installed with March Beta refresh.

I am trying to add a Linux server where RSA keys setup and it fails with following error.

CWMRI1024E: Could not connect to host vlbos588 using the specified login information.
An error occurred creating the host.
If I select Operating System as "Linux", it throws below error and changes OS to Solaris. (Actually It won't allow to select specific OS).

com.ibm.ws.cimplus.controller.CIMPlusCommandException: CWMRI1028E: An error occurred while connecting to host vlbos588, the error is CTGRI0000E Could not establish a connection to the target machine with the authorization credentials that were provided..
An error occurred creating the host.

I am able to add this target by specifying the actual password.
Updated on 2011-03-28T14:39:40Z at 2011-03-28T14:39:40Z by MaheshKharvi
  • SystemAdmin
    SystemAdmin
    462 Posts

    Re: Unable to add target to CIM using "Public-private key authentication "

    ‏2011-03-28T14:12:16Z  
    Hi Mahesh,

    In order to use the ssh private/public key authentication, you will need to add the public key to the authorized_keys file of the account you are trying to connect with on the Linux host. You can manually transfer the public key file to Linux host and append the public key file to the authorized_keys file.

    You can also register the Linux host with username and password first and run the Install SSH public key job from the job manager. Unregister the host after the job successfully completed.

    Now, you should be able to register the Linux host with public/private key authentication. Specify the fully qualified path of the private key file on the AIX host in the Full path to keystore field. Specify the passphrase if required. Check the save security information checkbox and click OK.

    Felix Wong
    Centralized Installation Manager Development Team
  • MaheshKharvi
    MaheshKharvi
    43 Posts

    Re: Unable to add target to CIM using "Public-private key authentication "

    ‏2011-03-28T14:17:36Z  
    Hi Mahesh,

    In order to use the ssh private/public key authentication, you will need to add the public key to the authorized_keys file of the account you are trying to connect with on the Linux host. You can manually transfer the public key file to Linux host and append the public key file to the authorized_keys file.

    You can also register the Linux host with username and password first and run the Install SSH public key job from the job manager. Unregister the host after the job successfully completed.

    Now, you should be able to register the Linux host with public/private key authentication. Specify the fully qualified path of the private key file on the AIX host in the Full path to keystore field. Specify the passphrase if required. Check the save security information checkbox and click OK.

    Felix Wong
    Centralized Installation Manager Development Team
    Felix,

    I did samething, I can do passwordless ssh to Linux server.
    I have not used any passphrase while creating ssh-rsa.
    I provided the fully qualified path of authorized_keys on AIX server, that is ~/.ssh/authorized_keys.

    Let me know if I missed anything.

    Thanks,
    Mahesh
  • SystemAdmin
    SystemAdmin
    462 Posts

    Re: Unable to add target to CIM using "Public-private key authentication "

    ‏2011-03-28T14:32:20Z  
    Felix,

    I did samething, I can do passwordless ssh to Linux server.
    I have not used any passphrase while creating ssh-rsa.
    I provided the fully qualified path of authorized_keys on AIX server, that is ~/.ssh/authorized_keys.

    Let me know if I missed anything.

    Thanks,
    Mahesh
    Hi Mahesh,

    Since you can ssh to the Linux server without password, the public key should be in the authorized_keys file in the Linux server. When you register a new host, make sure you have specified the following.

    Host name: <Your Linux server>
    Operating system: Linux or Any
    Administrative user with installation authority: <Linux account which has the public key installed>
    Select Public-private key authentication radio button
    Full path to keystore: <Fully qualified path of the private key file on AIX, e.g. /home/user/.ssh/id_rsa>
    Passphrase: <not required>
    Confirm passphrase: <not required>
    Check save security information checkbox
    Click OK

    Hope this helps
    Felix Wong
    Centralized Installation Manager Development Team
  • MaheshKharvi
    MaheshKharvi
    43 Posts

    Re: Unable to add target to CIM using "Public-private key authentication "

    ‏2011-03-28T14:39:40Z  
    Hi Mahesh,

    Since you can ssh to the Linux server without password, the public key should be in the authorized_keys file in the Linux server. When you register a new host, make sure you have specified the following.

    Host name: <Your Linux server>
    Operating system: Linux or Any
    Administrative user with installation authority: <Linux account which has the public key installed>
    Select Public-private key authentication radio button
    Full path to keystore: <Fully qualified path of the private key file on AIX, e.g. /home/user/.ssh/id_rsa>
    Passphrase: <not required>
    Confirm passphrase: <not required>
    Check save security information checkbox
    Click OK

    Hope this helps
    Felix Wong
    Centralized Installation Manager Development Team
    It worked when I provided the id_rsa path instead of authorized_keys.

    Thanks,
    Mahesh