How to set up SSH Key Authorization to push install the Notification Server Agent for UNIX/Linux
search cancel

How to set up SSH Key Authorization to push install the Notification Server Agent for UNIX/Linux


Article ID: 180376


Updated On:


IT Management Suite




How do I set up SSH Key Authorization to push install the Notification Server Agent for UNIX/Linux?


  1. On computer to connect to:
    1. create /root/.ssh
    2. chmod 700 .ssh
  2. On the computer to connect from:
    1. Run ssh-keygen to generate rsa keys. In this case, there is id_rsa and It is recommended a 2048 bit count.
    2. scp to machine to connect to: scp root@myhost:.ssh
    3. copy id_rsa (the private key) to a secure location (unshared directory) on the Notification Server.
  3. On computer to connect to:
    1. cd to /root/.ssh
    2. cat >> authorized_keys
  4. On Notification Server Console:
    1. Add ip/hostname of computer to connect to.
    2. Click Install Settings.
    3. Select Try to connect via SSH using SSH Key authorization.
    4. In the SSH Key File box, browse to id_rsa; change the Files of type option from *.sk to *.* to get the file. In other words, you are not using a file generated by the Altiris utility.
    5. Set password, if needed. I did not have one and I am assuming this is the passphrase used to generate the rsa key.
    6. Select RSA as the key type.
    7. Click Apply and close.
    8. Click the Install Altiris Agent button. The connection should then complete.

Note the public key should have the format similar to this and that everything is on one line in the actual public key file. Note that it does not include the user@hostname entry at the end of the string.


Other Notes:

Normally, Linux/UNIX clients already have public and private RSA keys that are generated at system startup, so in most cases, it is not necessary to use the Altiris keygen utility.

Is this a new key that would need to be copied to the client ~/.ssh directory?

Yes, the public key needs to be copied to the target client computer to the appropriate directory. Usually this file needs to be updated: ~/.ssh/authorized_keys. 

Would the ssh_known_hosts file need to be updated?

No, list of known hosts should not necessarily be updated. 

How about the sshd_config file? Do we presume that the known hosts and sshd_config pubkeyauthentication is already setup?

Yes, we presume this and AFAIK this is set up by default on all platforms.

The default key is much shorter than a default key provided during the OS install?

Select a "bit count" of 2048 will create a key of matching length. Note that this utility does not add the user@hostname entry at the end of the key.