How to set up SSH Key Authorization to push install the Notification Server Agent for UNIX/Linux

book

Article ID: 180376

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

 

Resolution

Question
How do I set up SSH Key Authorization to push install the Notification Server Agent for UNIX/Linux?

Answer

  1. On computer to connect to:
    1. create /root/.ssh
    2. chmod 700 .ssh
  2. On the computer to connect from:
    1. Run ssh-keygen to generate rsa keys. In this case, there is id_rsa and id_rsa.pub. It is recommended a 2048 bit count.
    2. scp id_rsa.pub to machine to connect to: scp id_rsa.pub [email protected]:.ssh
    3. copy id_rsa (the private key) to a secure location (unshared directory) on the Notification Server.
  3. On computer to connect to:
    1. cd to /root/.ssh
    2. cat id_rsa.pub >> authorized_keys
  4. On Notification Server Console:
    1. Add ip/hostname of computer to connect to.
    2. Click Install Settings.
    3. Select Try to connect via SSH using SSH Key authorization.
    4. In the SSH Key File box, browse to id_rsa; change the Files of type option from *.sk to *.* to get the file. In other words, you are not using a file generated by the Altiris utility.
    5. Set password, if needed. I did not have one and I am assuming this is the passphrase used to generate the rsa key.
    6. Select RSA as the key type.
    7. Click Apply and close.
    8. Click the Install Altiris Agent button. The connection should then complete.

Note the public key should have the format similar to this and that everything is on one line in the actual public key file. Note that it does not include the [email protected] entry at the end of the string.

ssh-rsa
ABCDInvalidyc2EAAAABIwAAAQEA0zCBY+0JdlY1UyJ/cmFVeFVURxPbVP6g0obnVSK29+THJZANKKSYv6ueyehXRL77Vy/RgGa84rDfuYQKw2j/GH+xKCbd1lO8YDT7gJbEBtbMiX5jAVrcPVI9a6B6Ype5MGXAtaZaPNguRB4aVfdUuBYHB4RBWnco8KMDtTUuj5LRuAnDqzfbKobxSx3XH5psEWlXxRT9TG/gK/L4h2EFRyM/Z6bQRQJxUNHDJ7L0GV75DSqgQle0wysko+aOgtT9diG3/ZvNVAy0VsWy74LFgHgyestdiFXUI0m0XKoZ+WtVb6fuyJU8vTMJEiVgqlmpqawm76aY0AC7o/eTNOzFVQ00

Other Notes:

Normally, Linux/UNIX clients already have public and private RSA keys that are generated at system startup, so in most cases, it is not necessary to use the Altiris keygen utility.

Is this a new key that would need to be copied to the client ~/.ssh directory?

Yes, the public key needs to be copied to the target client computer to the appropriate directory. Usually this file needs to be updated: ~/.ssh/authorized_keys. 

Would the ssh_known_hosts file need to be updated?

No, list of known hosts should not necessarily be updated. 

How about the sshd_config file? Do we presume that the known hosts and sshd_config pubkeyauthentication is already setup?

Yes, we presume this and AFAIK this is set up by default on all platforms.

The default key is much shorter than a default key provided during the OS install?

Select a "bit count" of 2048 will create a key of matching length. Note that this utility does not add the [email protected] entry at the end of the key.