How Do I Configure an SSH Key for Logging In to a Managed Host?
A CBH system allows you to configure SSH keys for logging in to managed hosts. After an SSH key is configured for a host, the SSH keys are verified preferentially.
Generating an SSH Key
- Generate an SSH authentication key.
Log in to the host and run the following command to generate an SSH key:
ssh-keygen –t rsa
The command output is as follows:
[root@Server ~]# ssh-keygen -t rsa Generating public/private rsa key pair.
You can configure the SSH key file name and password as required. The following is an example of the command output:Enter file in which to save the key (/root/.ssh/id_rsa): Leave this parameter blank or enter the name of the file to be generated. The file is saved in the /root/.ssh directory. Enter passphrase (empty for no passphrase): Leave this parameter blank or enter a password as required. Enter same passphrase again: Confirm the password. Your identification has been saved in /home/fdipzone/.ssh/id_rsa. Your public key has been saved in /home/fdipzone/.ssh/id_rsa.pub. The key fingerprint is: f2:76:c3:6b:26:10:14:fc:43:e0:0c:4d:51:c9:a4:b2 root@Server The key's randomart image is: +--[ RSA 2048]----+ | .+=* | | . += + | | o + | | E . . o | | .S. | | .o . | | . + | | .. | | . +. | +-----------------+
-t rsa indicates that the RSA algorithm is used for encryption. DSA algorithm can also be used, and the command is as follows:
ssh-keygen -t dsa
- Run the following command to view the SSH key file:
cd /root/.ssh (directory for storing files)/
In the directory where the SSH key file of the current user is stored, view the generated private key file id_rsa and public key file id_rsa.pub. After the password is configured, you can also view the private key password key and public key password key.pub.
Information similar to the following is displayed:
[root@Server ~]# cd /root/.ssh/ [root@Server ~]# ll total 16 -rw------- 1 root root 0 Oct 14 15:47 authorized_keys -rw------- 1 root root 1679 Nov 15 09:45 id_rsa -rw------- 1 root root 430 Nov 15 09:45 id_rsa.pub -rw------- 1 root root 1766 Nov 15 09:48 key -rw------- 1 root root 430 Nov 15 09:48 key.pub
- In the /.ssh directory of the current user, run the following command to copy the public key content to the authorized_keys file:
cat id_rsa.pub >>authorized_keys
- Enable the SSH key login authentication.
- Run the following command and modify the sshd_config configuration file for RSAAuthentication and PubkeyAuthentication to take effect and authorize SSH key authentication:
vim /etc/ssh/sshd_config
- Press Esc, enter :wq!, and press Enter to save the modification and exit.
- Run the following command to restart the SSHD service:
The process is successfully restarted if the following command output is displayed.
Redirecting to /bin/systemctl restart sshd.service
- Run the following command and modify the sshd_config configuration file for RSAAuthentication and PubkeyAuthentication to take effect and authorize SSH key authentication:
Configuring SSH Key Information
- Log in to the CBH system.
- Choose Resource > Host. On the displayed page, create a host resource for which an SSH key has been generated.
You can click Manage to add an account for the managed host on the host details page.
- Click New to create the SSH host resource, and configure the host Account and Password on the Add Account page.
- Copy the content of the id_rsa private key file and the private key password, and configure SSH Key and passphrase.
passphrase is optional. If passphrase is not configured:
- You do not need to enter the password for logging in to the host when no private key password is generated.
- You need to enter the private key password each time you log in to the host when the private key password is generated.
- Click OK to add an account with the SSH key configured to the host resource.
- When importing host resources in batches, enter the correct SSH key private key and passphrase. Do not enter unnecessary characters or spaces.
- You are advised to configure only the host account and password for host resources to be imported in batches. After the host resources are imported to the CBH system, change the account and add the private key and password.
- Configure ACL rules.
Grant the host account configured with the SSH key to users.
- Log in to the host as an authorized user.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot