test

N1 Service Provisioning System 4.1 Installation Guide

Preparing the Keys

Generate the public-private key pair that will be used to authenticate communication from the Master Server to the Local Distributors and the Remote Agents.

If you are using ssh-agent, you only need to generate one key pair. If you are using empty passwords, you may generate a key pair for each SSH connection that the software makes between two machines. Or, you may generate one single key pair for use by all the connections. Complete this task for each key pair that you want to generate.

ProcedureHow to Generate Key Pairs

Steps

  1. On the Master Server, or, if you are using empty passwords and generating key pairs for each connection, on the machine that is upstream, generate the keys.


    % ssh-keygen –t rsa

    The system prompts you for a password.

  2. Determine whether you need to supply a password.

    • If you are using empty password keys, do not supply a password. Press Return to continue.

    • If you are using the ssh-agent, supply a password for the keys.

    The system prompts you to save the keys.

  3. Save the keys in the default locations by pressing Return.

    The private key is saved in /User-home/.ssh/id_rsa. The public key is saved in /HOME/.ssh/id_rsa.pub.

    User-home is the home directory of the currently logged in user on the Master Server machine.

ProcedureHow to Set Up Keys for Empty Password Files When Using One Key Pair

Steps

  1. From the Master Server, copy the private key to each machine that is upstream. Save the key in the home directory.


    % cp /User-home/.ssh/id_rsa /User-home-upstream/.ssh/id_rsa

    User-home is the home directory of the currently logged in user on the Master Server machine and User-home-upstream is the home directory on the machine that is upstream. The upstream machine is the machine that initiates the SSH connection with the machine that is downstream.

    Each Local Distributor can have a unique private key, or you can use the same private key for all Local Distributors.

  2. Copy the public key to each machine that is downstream. Save the key in the /.ssh/authorized_keys2 file.


    % cp /HOME-MS/.ssh/id_rsa.pub /HOME-downstream/.ssh/authorized_keys2

    User-home is the home directory on the Master Server machine and User-home-downstream is the home directory on the Local Distributor or the Remote Agent machine to which the machine you set up in the previous step will connect. Copy the public key to all Local Distributors and Remote Agents that connect using SSH.

  3. Ensure that the .ssh/ directory and any parent directories are not world writable.

  4. Ensure that the private key file, .ssh/id_rsa, is not accessible by other users or groups.

  5. Change the permissions for the .ssh/authorized_keys2 file to 600.

ProcedureHow to Set Up Keys for Empty Password Files When Using Multiple Key Pairs

Before You Begin

Complete this task for every SSH connection, therefore every key pair, that is made on the network.

Steps

  1. From the machine that is upstream, copy the public key to each machine that is downstream. Save the key in the User-home/.ssh/authorized_keys2 file.


    % cp /User-home-upstream/.ssh/id_rsa.pub /User-home-downstream/.ssh/authorized_keys2

    User-home-upstream is the home directory on the machine that is upstream and Use-home-downstream is the home directory on the Local Distributor or the Remote Agent machine to which the upstream machine will connect.

  2. Ensure that the .ssh/ directory and any parent directories are not world writable.

  3. Ensure that the private key file, .ssh/id_rsa, is not accessible by other users or groups.

  4. Change the permissions for the .ssh/authorized_keys2 file to 600.

ProcedureHow to Set Up Keys for the ssh-agent

Steps

  1. On the Master Server, copy the private key file, ~/.ssh/id_rsa, to a secure media.


    % cp /User-hone/.ssh/id_rsa path_to_file/

    User-home is the home directory of the currently logged in user on the Master Server machine and path_to_file/ is the path to the secure media where you want to save the private key file.

  2. Delete the private key file from the local file system.


    % rm /User-home/.ssh/id_rsa

  3. Copy the public key to each Local Distributor and Remote Agent that you want to set up to use SSH. Save the key in the ~/.ssh/authorized_keys2 file.


    % cp /User-home.ssh/id_rsa.pub /User-home-APP/.ssh/authorized_keys2

    User-home is the home directory on the Master Server machine and User-home-APP is the home directory of the currently logged in user on the Local Distributor or the Remote Agent machine.

  4. Ensure that the .ssh/ directory and any parent directories are not world writable.

  5. Change the permissions for the .ssh/authorized_keys2 file to 600.

  6. Add the following line to the config.properties files on the Master Server and the Local Distributors to enable ssh-agent forwarding.


    net.ssh.args=-o|BatchMode yes|-A