SSH configuration

From ControlTier

ControlTier uses SSH for remote execution. You do not need to have root account access. The SSH configuration must allow the ControlTier server machine to dispatch commands to client machines. Therefore, SSH is assumed to be installed and configured appropriately to allow this access. Also, SSH should not prompt for a password. There are many resources available on how to configure ssh to use public key authentication instead of passwords such as here or here.

By default, the ControlTier framework is configured to use DSA not RSA type keys (however, it can be configured to use RSA, if required).

Here's an example of SSH DSA key generation on a Linux system:

[demo@centos52 ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/demo/.ssh/id_dsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/demo/.ssh/id_dsa.
Your public key has been saved in /home/demo/.ssh/id_dsa.pub.
The key fingerprint is:
37:d6:3a:b6:17:db:e2:2f:84:ca:b2:ed:7a:43:0d:26 demo@centos52

Configuring remote machine for SSH

• To be able to directly ssh to remote machines, the SSH public key of the client should be shared to the remote machine.
• Follow the steps given below to enable ssh to remote machines.

• The ssh public key should be copied to the authorized_keys file of the remote machine. The public key will be available in ~/etc/id_dsa.pub file.
• The authorized_keys file should be created in the .ssh directory of the remote machine.
• The file permission of the authorized key should be read/write for the user and nothing for group and others. To do this check the permission and change it as shown below.

  MacBook-Pro-15:.sshraj$ ls -la
  -rw-r--r--   1 raj  staff     0 Nov 22 18:14 authorized_keys
 MacBook-Pro-15:newnew raj$ chmod 600 authorized_keys 
 MacBook-Pro-15:newnew raj$ ls -la
  -rw-------   1 raj  staff     0 Nov 22 18:14 authorized_keys

• The permission for the .ssh directory of the remote machine should be read/write/execute for the user and nothing for the group and others. To do this, check the permission and change it as shown below.

   MacBook-Pro-15:raj$ ls -la
    drwxr-xr-x   2 raj  staff    68 Nov 22 18:19 .ssh
   MacBook-Pro-15:raj$ chmod 700 .ssh
   MacBook-Pro-15:raj$ ls -la
    drwx------   2 raj  staff    68 Nov 22 18:19 .ssh

If you are running ControlTier on Windows, we heartily recommend using Cygwin installation on Windows as it includes SSH and a number of Unix-like tools that are useful when you work in a command line environment.