Configuring SSH for the Applications

After you set up and test SSH on the Master Server, configure the other machines in the N1 Service Provisioning System 5.1 so that the Master Server can connect to them using SSH.

How to Configure SSH for Local Distributors and Remote Agents

The SSH configuration has must be completed by following the N1 Service Provisioning System 5.1 network from the Master Server to the Remote Agents and configuring the intermediate Local Distributors in the order in which you encounter them. Essentially, this is a preorder traversal of the tree network.

For example, you might have a network setup with the following Master Server (MS), Local Distributors (LD1, LD2, and LD3), and Remote Agents (RA1, RA2, RA3, and RA4).

MS
 | \
 |  \
 |   \
 LD1  LD2
 | \     \
 |  \     LD3
 |   \    |\
 |   |    | \ 
 |   |    |  \ 
 |   |    |   \
 RA1 RA2  RA3  RA4

Configure your network in the following order: LD1, RA1, RA2, LD2, LD3, RA3, RA4. Follow this order strictly and complete the configuration of one machine before moving on to the next machine.

Steps

1. Use the Master Server browser interface to view the Host Details page for the machine you want to configure.

2. Add the connection details in the Local Distributor or the Remote Agent section depending on what application you are configuring on that machine.

3. Specify the connection type as ssh.

4. Add the following text in the Advanced Parameters field.

   cprefix=/N1SPS5.1-Home/application

   N1SPS5.1–Home is the home directory of the application. application is agent if you are configuring a Remote Agent or ld if you are configuring a Local Distributor.

   For example, if the N1 Service Provisioning System 5.1 is installed in /opt/SUNWn1sps/N1_Service_Provisioning_System_5.1/ and you are configuring a Remote Agent, the text you add to the Advanced Parameters field is:

   cprefix=/opt/SUNWn1sps/N1_Service_Provisioning_System_5.1/agent

5. Save the Host Details.

6. Ensure that you do not have a Remote Agent or Local Distributor instance running on this machine.

7. Click Test Connection on the Host Details page for this application instance.

8. Repeat this task for each machine in your network.

How to Configure SSH for the CLI Client With the ssh-agent

Complete this task if you want to use SSH connectivity for the CLI Client with the ssh-agent.

Steps

1. Create a new operating system user account on the Master Server and the machine on which the CLI Client is installed.

   This account should be different from the account that you specified during the installation of the Master Server, Local Distributor, or Remote Agent.

2. Log in to the Master Server as the new user that you created in the previous step.

3. Generate public and private keys for the new user by following the instructions in How to Generate Key Pairs.

   Do not reuse the keys that you generated for communication between the Master Server, Local Distributors, and Remote Agents.

4. On the Master Server, copy the private key file to a secure media.

   % cp /User-home/.ssh/id_rsa path-to-file/.ssh/id_rsa

   User-home is the home directory of the currently logged in user on the Master Server machine. path-to-file/ is the path to the secure media where you want to save the private key file.

5. Delete the private key file from the local file system.

   % rm /User-home/.ssh/id_rsa

6. On the Master Server, concatenate the public key to the /.ssh/authorized_keys2 file for that user.

   % cat /User-home/.ssh/id_rsa.pub >> /HOME-MS/.ssh/authorized_keys2

   User-home is the home directory on the Master Server machine.

7. Log in to the CLI Client machine as the new user that you created.

8. Start the ssh-agent.

   % ssh-agent > /User-home/.ssh/agent_vars

   User-home is the home directory of the currently logged in user on the CLI Client machine.

9. Add the following line to the .profile, the .cshrc, or the .bash_profile file.

   . /User-home/.ssh/agent_vars

   User-home is the home directory on the CLI Client machine.

10. Log out of the Master Server and log back in.

11. Upload the private key that you generated.

    % ssh-add path-to-file/

    path-to-file/ is the path to the secure media where you saved the private key file.

    The CLI Client now uses SSH and the ssh-agent for authentication when connecting to the Master Server.

12. Configure the Master Server to accept only connections from localhost. For instructions, see Configuring the JVM Security Policy.

Stopping the ssh-agent

If you want to stop the ssh-agent, on the CLI Client, use the following command:

% eval `ssh-agent –k >User-home/.ssh/agent_vars`

User-home is the home directory of the currently logged in user on the CLI Client machine.

How to Configure SSH for the CLI Client With Empty Passwords

Complete this task if you want to use SSH connectivity for the CLI Client with empty passwords.

Steps

1. Create a new operating system user account on the Master Server and the machine on which the CLI Client is installed.

   This account should be different from the account that you specified during the installation of the Master Server, Local Distributor, or Remote Agent.

2. Log in to the CLI Client machine as the new user that you created in the previous Step.

3. Generate public and private keys for the new user by following the instructions in How to Generate Key Pairs.

   Do not reuse the keys that you generated for communication between the Master Server, Local Distributors, and Remote Agents.

4. On the CLI Client, copy the public key file to the new user's authorized_keys2 file on the Master Server machine.

   % cp User-home-CLI/.ssh/id_rsa.pub User-home-MS/.ssh/id_rsa.pub

   User-home-CLI is the home directory on the CLI Client machine. User-home-MS is the home directory on the Master Server machine.

5. On the Master Server, concatenate the public key to the /.ssh/authorized_keys2 file for that user.

   % cat /User-home/.ssh/id_rsa.pub >> /User-home/.ssh/authorized_keys2

   User-home is the home directory of the currently logged in user on the Master Server machine.

6. Log in to the CLI Client machine as the new user that you created.

7. Test the SSH connection.

   % ssh IP-Address-MS set

   IP-Address-MS is the IP address of the Master Server machine.

   You might be prompted to exchange keys.

8. If you are prompted to exchange keys, answer yes.

9. Verify that the PATH variable is set correctly.

   The PATH variable must contain /bin, /usr/bin, and any other directories that are part of your environment.

10. Configure the Master Server to accept only connections from localhost. For instructions, see Configuring the JVM Security Policy.