Sharing SSH keys among cluster nodes

Secure Shell (SSH) keys are used to allow secure connections between hosts in an IBM® Cloud Private cluster.

Before you install an IBM Cloud Private cluster, you configure authentication between configuration nodes. You can generate an SSH key pair on your boot node and share that key with the other cluster nodes. To share the key with the cluster nodes, you must have the access to an account with root access for each node in your cluster.

To configure authentication without sharing SSH keys, configure password authentication for cluster nodes. See Configuring password authentication for cluster nodes.

  1. Log in to the boot node with an account with root access.
  2. Generate an SSH key:
    ssh-keygen -b 4096 -f ~/.ssh/id_rsa -N ""
    
  3. Add the key to a master, worker, proxy, management or Vulnerability Advisor (VA) node in the cluster.

    1. From the boot node, add the SSH public key to the node.

      ssh-copy-id -i ~/.ssh/id_rsa.pub <user>@<node_ip_address>
      

      Where <user> is the user name for the node, and <node_ip_address> is the IP address of that node.

    2. Log in to the master, worker, proxy, management, or VA node.
    3. Restart the SSH service:
      sudo systemctl restart sshd
      
  4. Repeat the previous step for each remaining node in the cluster.