N1 Service Provisioning System 4.1 Installation Guide

ProcedureHow to Configure SSH for the CLI Client With the ssh-agent

Complete this task if you want to use SSH connectivity for the CLI Client with the ssh-agent.

  1. Create a new operating system user account on the Master Server and the machine on which the CLI Client is installed.

    This account should be different from the account that you specified during the installation of the Master Server, Local Distributor, or Remote Agent.

  2. Log in to the Master Server as the new user that you created in the previous step.

  3. Generate public and private keys for the new user by following the instructions in How to Generate Key Pairs.

    Do not reuse the keys you generated for communication between the Master Server, Local Distributors, and Remote Agents.

  4. On the Master Server, copy the private key file to a secure media.

    % cp /User-home/.ssh/id_rsa path-to-file/.ssh/id_rsa

    User-home is the home directory of the currently logged in user on the Master Server machine. path-to-file/ is the path to the secure media where you want to save the private key file.

  5. Delete the private key file from the local file system.

    % rm /User-home/.ssh/id_rsa
  6. On the Master Server, concatenate the public key to the /.ssh/authorized_keys2 file for that user.

    % cat /User-home/.ssh/id_rsa.pub >> /HOME-MS/.ssh/authorized_keys2 

    User-home is the home directory on the Master Server machine.

  7. Log in to the CLI Client machine as the new user that you created.

  8. Start the ssh-agent.

    % ssh-agent > /User-home/.ssh/agent_vars

    User-home is the home directory of the currently logged in user on the CLI Client machine.

  9. Add the following line to the .profile or the .cshrc file.

    . /User-home/.ssh/agent_vars

    User-home is the home directory on the CLI Client machine.

  10. Log out of the Master Server and log back in.

  11. Upload the private key that you generated.

    % ssh-add path-to-file/

    path-to-file/ is the path to the secure media where you saved the private key file.

    The CLI Client now uses SSH and the ssh-agent for authentication when connecting to the Master Server.

  12. Configure the Master Server to accept only connections from localhost. For instructions, see Configuring the JVM Security Policy.

Stopping the ssh-agent

Note –

If you want to stop the ssh-agent, on the CLI Client, use the following command.

% eval `ssh-agent –k >User-home/.ssh/agent_vars`

User-home is the home directory of the currently logged in user on the CLI Client machine.