Generating RSA SSH Key for Admin User

This section describes the procedure to generate a passphrase protected RSA SSH key for 'admusr' User Account.

Run the following procedure on each server in the topology. The order of execution in the topology must be from level 'A' servers to level 'C' servers:

login: admusr
Password: <current admin user password>

Run the following command to stop the apwSoapServer process:
```
$ sudo pm.set off apwSoapServer
```
Run the following command to go to .ssh directory and remove the old DSA keys if they exist:
```
$ cd /home/admusr/.ssh
$ sudo rm –rf id_dsa id_dsa.pub
```
Run the following command to generate a new RSA key:
```
$ ssh-keygen -t rsa -b 4096
```
Provide the desired location to save the key or it can be left blank. On leaving it blank, the default location /home/admusr/.ssh/id_rsa is used:
```
$ Enter file in which to save the key (/home/admusr/.ssh/id_rsa):
```
Enter the passphrase:
```
$ Enter passphrase (empty for no passphrase):
```
Confirm the passphrase again:
```
$ Enter same passphrase again:
```
A password protected RSA key is generated successfully.
Run the following command to start the apwSoapServer process:
```
$ sudo pm.set on apwSoapServer
```

After 60 seconds, the server will use the generated RSA key.

After running the procedure, any key-based SSH login for the 'admusr' account prompts for a passphrase. Setting a passphrase on the key affects the execution of procedures that require SSH access using the ‘admusr’ account. The admin user is prompted to enter the passphrase for each SSH access. For more information on how to run the procedures that require SSH access, see the Changing the TPD Web Services Password and Changing the Configuration Web Services Password sections.