Configuring SSH Switching Permissions

Scenarios

To switch to an SAP node from the NAT server and to allow SSH switchovers between SAP nodes, you must configure the nodes to be trusty.

Procedure

Upload the key file to the NAT server.
1. Use WinSCP to log in to the NAT server as user root using the key file. Upload the certificate private key file (.pem file) to the directory /usr on the NAT server.
2. Copy the certificate private key file to the /root/.ssh directory and rename the file to id_rsa.
  For example, if the original file name is private.pem, run the following commands to rename it:
  
  cp /usr/private.pem /root/.ssh/id_rsa
  
  cd /root/.ssh/
  
  chmod 600 id_rsa
3. Run the following command to generate a public key file:
  cat authorized_keys >>id_rsa.pub
Use the server/backup plane IP address to allocate the locally stored public key file to a node on which SAP Business One is to be installed.

The command is in the following format:

scp /root/.ssh/id_rsa.pub Peer IP address:/root/.ssh/
Use the server/backup plane IP address to allocate the private key file and authorized_keys file to all nodes excepting the SAP HANA Studio node.

The command is in the following format:

scp /root/.ssh/id_rsa Peer IP address:/root/.ssh/id_rsa

scp /root/.ssh/authorized_keys Peer IP address:/root/.ssh/
Verify the switching.

Use SSH to switch from the NAT server to all nodes excepting the SAP HANA Studio node for verification.

For example, the server/backup plane IP address of the SAP Business One node is 10.0.3.2. To switch from the NAT server to the SAP Business One node, run the following command:

ssh 10.0.3.2

After the switching, you must switch back to the NAT server. Then, verify the switching from the NAT server to other nodes.

During the first switching, the system displays the fingerprint as well as the message "Are you sure you want to continue connecting (yes/no)?". In such a case, enter yes and continue the switching.