Creating an SSH connection

An SSH connection provides a connection to the system where scripts and command can be run. The connection is agentless and connects directly to the target machine. It authenticates by using SSH public key authentication.

Note: You can only create one SSH connection. Also, you must have an account with administrator role to create, edit, view, or delete an SSH connection.

Before configuring you need to provide the following information:

  • General connection information

If you are using a jump server (optional), you must configure it. Depending on your environment, you might require a jump server to access your target endpoints. A jump server is an SSH endpoint that is used to connect to the nested SSH endpoints. This is a common approach that is used to communicate between different network zones. To use a jump server with RBA, it must have an SSH server that is running and the nc command must be available. This is used to connect to nested SSH target endpoints.

Jump server configuration information:

  • Host name/IP Address: The hostname or IP address of the jump server.
  • Port Number: The SSH port of the jump server.
  • Username: The username for authentication on the jump server.
  • Password: The password for authentication on the jump server.

Any connections to SSH target endpoints use the specified jump server.

For more information about HTTP headers for the various credential types, see HTTP headers for credential types.

Creating an SSH connection

To create an SSH connection, complete the following steps:

  1. Log in to IBM Cloud Pak Automation console.

  2. Expand the navigation menu (four horizontal bars), then click Define > Data and tool connections.

  3. On the Data and tool connections page, click Add connection.

  4. From the list of available connections, find and click the SSH tile.

    Note: If you do not immediately see the connection that you want to create, you can filter the tiles by type of connection. Click the type of connection that you want in the Category section.

  5. On the side-panel, review the instructions and when ready to continue, click Connect.

  6. On your target machine, register the default public key to enable access to the target endpoints through SSH for all users.

    Configuring SSH public key authentication for the UNIX root user

    The displayed public key must be added to all target machines that you plan to run scripts on through the SSH Provider. This key enables any RBA user to run script automations on the given target endpoint. The key must be added to the authorized_keys file that is usually found in the /root/.ssh/authorized_keys folder.

    Configuring SSH public key authentication for a specific UNIX user

    If you want to enforce that only a specific UNIX user can run the script on this target endpoint you should copy the key to the authorized_keys file in the home directory of the specific user, for example /home/john/.ssh/authorized_keys.

    You can regenerate the public key by clicking the refresh button in the upper right corner of the public key.

    Note: Regenerating the public key deletes the old key pair. If you choose to regenerate the key pair, you must exchange the public key in each target machine that you plan to access through the SSH Provider.

  7. On the Manage SSH Keys tab that opens, you will see the SSH field default public key for SSH. You need to click the Copy SSH key symbol to copy this key to each target system, and append it to the authorized_keys file, for example ~/.ssh/authorized_keys.

    An example of an SSH key is:

    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDuZkPxIyYH9NrfLEBkIGdwc6frF7WgR9vKZavE97GlTfAAZVhqoTsXO2jLo28sNC7+8wkOYnFEdfBff9tcQPx/lc3d1df35/hJIT0a3jeHxw8YrU3/y6QIzynVvSgcQfKzB33wdN7n8xC5ZPWKXEWM7FbP58kOdzHw7f8fbBIKlPRc9SOUrC0JGvndVvpHOU7x8S3q9EJlD2nKaozA6yu2mcH38CLTNCBRRwbPZ+rxBxWdvJ4mMWvWtJe4lt50W2zAGCIscLKLbyyMGp/DCcJFsMhkOetBDuxAfL1ZkO7rXPT5vK5Fp6549OPDXjqfHKEJ+9WASZD2ui1qmCdeQpUN

    Note: Every time that you generate a new key that you must register the new key again on all target systems.

  8. Click Next.

  9. The Define a jumpserver (Optional) tab opens. Set the Enable jumpserver toggle to 'On' if you want to provide this information. The following fields show:

    • Host name or IP address: The hostname or IP address of the jump server.
    • Port Number: The SSH port of the jump server.
    • User ID: The username for authentication on the jump server.
    • Password: The Password for authentication on the jump server.

  10. Click Done.

Editing an SSH connection

After you create your connection, your can edit the connection. To edit a connection, complete the following steps:

  1. Log in to IBM Cloud Pak Automation console.

  2. Expand the navigation menu (four horizontal bars), then click Define > Data and tool connections.

  3. Click the SSH connection type on the Manage connections tab of the Data and tool connections page.

  4. On the SSH connections page, click the name of the connection that you want to edit. Alternatively, you can click the options menu (three vertical dots) for the connection and click Edit. The connection configuration opens.

  5. Edit your connection. Click Next to go through the connection configurationn pages. Click Save when you are done editing.

Deleting an SSH connection

If you no longer need your SSH connection and want to delete it entirely, you can delete the connection from the console.

To delete a connection, complete the following steps:

  1. Log in to IBM Cloud Pak Automation console.

  2. Expand the navigation menu (four horizontal bars), then click Define > Data and tool connections.

  3. Click the SSH connection type on the Manage connections tab of the Data and tool connections page.

  4. On the SSH connections page, click the options menu (three vertical dots) for the connection that you want to delete and click Delete.

  5. Enter the name of the connection to confirm that you want to delete your connection. Then, click Delete.

Your connection is deleted.