Enabling SSH key pairs for data archive, data export, data mart
You can use SSH key pairs for authentication, instead of passwords, for archiving and exporting results, archiving data, and exporting data marts.
About this task
The Guardium system generates SSH keys specific to the type of transfer (archive, export, data mart), and propagates them to remote hosts that support SCP connections. At the central manager level, you can generate SSH keys across the deployment and propagate them to remote hosts. The remote host gets a copy of the public-transfer-key, and the Guardium appliance retains the private part of the SSH key pair, allowing the data transfer without a password.
The two directories that contain the SSH key details (/opt/IBM/Guardium/etc/ssh/ssh-keys/tomcat/ and /opt/IBM/Guardium/etc/ssh/ssh-keys/transfer/) are backed up into the CONFIG backup file when you run the CLI command backup system. When you restore with the CLI command restore backup, the files from these two directories are restored into the current appliance. The restore process does not overwrite any existing files in the current appliance that are newer (last modified timestamp).
Procedure
What to do next
- In the CLI, run the command system public-transfer-key regenerate to refresh the keys.
- Delete the old keys from one or more remote hosts by entering system public-transfer-key delete.
- Import the new keys into the host as described in step 6.
To archive and export results, archive data, and export data marts, see Transferring data to a remote host by using SSH key pairs for authentication.