Secure Shell (SSH) is a cryptographic network protocol
for secure data communication between different computers. You set
up key-based authentication between the IBM® Operations Analytics - Log Analysis servers and the remote computers to which it connects.
About this task
Benefits of using key-based authentication:
- Data is transferred across a secure channel.
- The administrator is no longer concerned about the password changes
for the remote servers.
- The passphrase is independent of the individual server password
policy.
- One passphrase is used for multiple servers. Only the public key
file must be copied to the client server.
For more information you can view the man pages for
ssh-keygen by
running this command:
man ssh-keygen
Procedure
- To generate public and private keys, enter the following
command:
ssh-keygen -t rsa
or
either of the following commands:
ssh-keygen
(This command generates the same results as ssh-keygen -t rsa.)
ssh-keygen -t dsa
(If you specify dsa, the generated keys include _dsa in their file names.)
The following example shows what a valid output might
look like:
bash-3.2$
bash-3.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which you want to save the key (/home/unity/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/unity/.ssh/id_rsa.
Your public key has been saved in /home/unity/.ssh/id_rsa.pub.
The key fingerprint is:
4a:ef:d5:7a:d8:55:b3:98:a1:1f:62:be:dd:c4:60:6e unity@<variable>.example.com
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| |
| . ..|
| . S .o+.o|
| . o =o++. |
| . . +o+E.o |
| . ..o=.o |
| . .o.. . |
+-----------------+
bash-3.2$
Enter the passphrase. (The Enter passphrase field
can remain blank to specify an empty passphrase.)
- To view the contents of the public key file, run the following
commands:
cd ~/.ssh
ls -l id_rsa*
cat id_rsa.pub
The command output is:
bash-3.2$
bash-3.2$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDg0/GGoxGzyC7Awjbwnp0hCaeztIRt6yhAgGKdwM7nb7Iiv0RgwT4/48E26K1Ur9HrI1W/j0K0JHQw
vaAFibqeLmqLdK9ctCE901ywTOPFcYeBYPUF9vp/MgaypgGxVwDbW/e0SNPb7YAtZpjRoqeUqoYoKzFXXspQkxdhcQfpx0RYMbQdGGg03hDCM2wr2KP
VuTVniF2IvDu1C4fcRkUPr8aQNMiuEcJgV3VHhlau/0Uo0YpH53NXKhn/sx8xdyTVsKQ1rhW8g07HIVc2Tf9ZF2gYXn/HbjE509xK/APu2nztt0h+Air
JyT5jYMi/IvSI0zbPyc0p9WijPeG8r/v unity@<variable>.in.ibm.com
bash-3.2$
- Create a directory called .ssh on
the remote server. Use this to store the public key.
- Copy the public key file (id_rsa.pub)
to the .ssh directory on the remote client:
scp /home/unity/.ssh/id_rsa.pub <username>@<remotehostname>:/
<HOME>/.ssh/id_rsa.pub
where <hostname>
is
the system host name and <username>
is
the system user name.
- Add the content of the public key to the authorized_keys file
on the remote host.
bash-3.2$ ssh <username>@<remotehostname>
bash-3.2$ cd ~/.ssh
bash-3.2$ cat id_rsa.pub >> authorized_keys
bash-3.2$ rm id_rsa.pub
bash-3.2$ exit
- Ensure that there are no duplicate keys for the same client
in the authorized_keys file.
- Log in to the remote computer to ensure that key-based
SSH is working:
ssh <username>@<hostname>
Enter
the passphrase, if prompted.
bash-3.2$ bash-3.2$ ssh <username>@<remotehostname>
Enter passphrase for key '/home/unity/.ssh/id_rsa':
Last unsuccessful login: Mon Jul 15 14:22:37 2013 on ssh from <variable>.example.com
Last login: Mon Jul 15 14:26:54 2013 on ssh from <variable>.example.com
$
Configuration of key-based authentication is complete.
Results
The steps may not work because different versions of SSH
are supported by the operating systems that are used by the remote
servers. For more information about how to solve this issue, see the Secure
Shell (SSH) configuration does not work topic in the Troubleshooting IBM Operations Analytics - Log Analysis guide.