Sharing SSH keys among cluster nodes
Secure Shell (SSH) keys are used to allow secure connections between hosts in an IBM® Cloud Private cluster.
Before you install an IBM Cloud Private cluster, you configure authentication between configuration nodes. You can generate an SSH key pair on your boot node and share that key with the other cluster nodes. To share the key with the cluster nodes, you must have the access to an account with root access for each node in your cluster.
Note: By default, since the installation of a IBM Cloud Private cluster is performed with the root account, the root account must be enabled for login and for login through ssh. If you want to install IBM Cloud Private with a non-root
user account that has sudo privileges, in the config.yaml file this user has to be specified in the "User settings" section for all ansible parameters, as described in User setting.
To configure authentication without sharing SSH keys, configure password authentication for cluster nodes. See Configuring password authentication for cluster nodes.
- Log in to the boot node with an account with root access.
-
Generate an SSH key.
ssh-keygen -b 4096 -f ~/.ssh/id_rsa -N "" -
Add the key to each cluster node. Cluster nodes are the master, worker, proxy, management, and Vulnerability Advisor (VA) nodes. Complete the following step for each cluster node.
From the boot node, add the SSH public key to the cluster node.
ssh-copy-id -i ~/.ssh/id_rsa.pub <user>@<node_ip_address>Where
<user>is the user name for the node, and<node_ip_address>is the IP address of the cluster node. -
In the
/<installation_directory>/clusterfolder, replace thessh_keyfile with the private key file that is used to communicate with the other cluster nodes. For more information, see Sharing SSH keys among cluster nodes. Run the following command:sudo cp ~/.ssh/id_rsa ./cluster/ssh_keyIn this example,
~/.ssh/id_rsais the location and name of the private key file.