Configuring a different SSH user

As a storage administrator, you can configure a non-root SSH user who can log in to all the Ceph cluster nodes. Configure users with enough privileges to download container images, start containers, and run commands without prompting for a password.

Before you begin

Before you begin, make sure that you have the following prerequisites in place:
  • A running IBM Storage Ceph cluster.
  • An Ansible administration node.
  • Root-level access to the Ansible administration node.
  • The cephadm-ansible package is installed on the node.
  • Add the cluster SSH keys to the user's authorized_keys.
  • Enable passwordless sudo access for the non-root users.

About this task

Important: Before configuring a non-root SSH user, the cluster SSH key needs to be added to the user's authorized_keys file and non-root users must have passwordless sudo access.

Procedure

  1. Navigate to the /usr/share/cephadm-ansible directory.
  2. Provide the cephadm the name of the user who is going to perform all the cephadm operations.
    ceph cephadm set-user USER
    For example,
    ceph cephadm set-user USER
  3. Retrieve the SSH public key.
    ceph cephadm get-pub-key > ~/ceph.pub
    For example,
    [ceph-admin@admin cephadm-ansible]$ ceph cephadm get-pub-key > ~/ceph.pub
  4. Copy the SSH keys to all the hosts.
    ssh-copy-id -f -i ~/ceph.pub USER@HOST
    For example,
    [ceph-admin@admin cephadm-ansible]$ ssh-copy-id ceph-admin@host01