Rally - On-premises: How to generate a PEM file for SFTP backups

Products

CA Agile Central On Premise (Rally)

Issue/Introduction

Version 2.0 of Rally on-premises introduces a new method for using remote SFTP backups. Instead of storing username and passwords, the appliance now stores a PEM file generated from the appliance that is stored on the SFTP server.

This article discusses the steps on generating that key pair, uploading it and configuring the backup settings in the appliance.

Environment

Release: 2.0+
Component: ACPREM

Resolution

This article assumes you have an account already created on your SFTP server that will be used for the backups. If you do not yet have this account created, please create this account before proceeding.

SSH into the on-premises services appliance

Run this command to generate a 2048 bit RSA key

$ ssh-keygen -t rsa -b 2048 -v

This will prompt you for a filename. Enter something simple and unique like "rally". There is no need to enter a password.

Sample Output:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/ops/.ssh/id_rsa): rally
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in rally.
Your public key has been saved in rally.pub.
The key fingerprint is:
SHA256:a2JVkaY7V2VtCum+uP6pcsuxCYLSDmM3Di5lMBl3GWI [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|XE=...ooooo      |
|&=o.. +          |
|oB  o+.o . .     |
|. .. + o.= + .   |
|     . =S* .     |
|    o . =.       |
|     o o         |
|    .........    |
|     +=++.       |
+----[SHA256]-----+

This will create two files; rally and rally.pub. The "rally" file is your private key and "rally.pub" is the public key.

Next, we need to copy the public key to the SFTP server. In this example, the SFTP server is 192.168.0.1, however, yours will likely be different.

$ ssh-copy-id -i rally.pub [email protected]

Sample Output:

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "rally.pub"
The authenticity of host '192.168.0.1 (192.168.0.1)' can't be established.
ECDSA key fingerprint is SHA256:ps0kmToFDj85quAVhRZhycd84KBnn1k7otGCQ30Senc.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with the following command:

$ ssh -i rally [email protected]

Next you'll want to test the accessibility with an SFTP command:

$ sftp -i rally [email protected]

Sample Output:

Connected to 192.168.0.1.
sftp>

Run a pwd to ensure that the files are being uploaded where you expect. For example, in this configuration it is expected to see files being sent to the /upload directory.

sftp> pwd

Output:

Remote working directory: /upload

The next step is to take the contents of the "rally" file and paste them into the Private Key PEM section in the Snapshot & Restore settings. This process will vary depending on the version of on-premises.

For versions 2.0 and 2.01 you will paste the private key into the Private PEM key field as shown below:

For 2.1, you can simply upload the file directly to the interface:

Additional Information

keywords: agile central