How can I generate SSH key for public key based authentication in Server monitor ?
Please
use two similar servers for this procedure.
1. A RSA or DSA key pair must be generated on the client system (SERVER1). Use
the steps below to generate and use SSH2 keys.
Login as the user for monitoring and go to the /home/username/.ssh/ folder.If
there is no .ssh folder then create it.Give the permission to the folder as
follows,
chmod 700 ~/.ssh
ssh-keygen -t dsa or ssh-keygen -t rsa
2. The private portion of the key pair must be present in the client system
itself (SERVER1).
3. The public portion of the key pair must be copied to any other server
(SERVER2) that will be accessed by the client system (SERVER1).
Note: This public key file can be placed in remote server
/home/username/.ssh/authorized_keys file.If there is no .ssh folder then create
it.It can be placed in the similar path,file in same server also.
4. Give the permission to the folder as follows,
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
5.Also comment off or modify the following lines appropriately in the
/etc/ssh/sshd_config file (only SSH version 2 is supported).
#Ciphers aes128-cbc,blowfish-cbc,3des-cbc
#MACS hmac-sha1,hmac-md5
#Protocol 2,1
Protocol 2
#UsePAM yes
#UsePAM no
Then restart the ssh2 daemon with below command.
/etc/rc.d/sshd restart
6. Now from a command prompt in the client system (SERVER1) connect to the
server (SERVER2) as shown below.The username is the name of user with
which you have copied the public key in the server (SERVER2).
ssh username@hostname
You should be able to login to the server without prompting for the password.
7. If the above is successful then use the private key which is available in
the client system (SERVER1) to add the server (SERVER2) in Applications
Manager.
Then you can copy the same public key to any number of servers and then use the
same private key to monitor all those servers in Applications Manager.
Example:
[guest@SITE-CENTOS5-1 ~]$ pwd
/home/guest
[guest@SITE-CENTOS5-1 ~]$ mkdir .ssh
[guest@SITE-CENTOS5-1 ~]$ chmod 700 ~/.ssh
[guest@SITE-CENTOS5-1 ~]$ ls -l .ssh
total 0
[guest@SITE-CENTOS5-1 ~]$ cd .ssh
[guest@SITE-CENTOS5-1 .ssh]$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/guest/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/guest/.ssh/id_rsa.
Your public key has been saved in /home/guest/.ssh/id_rsa.pub.
The key fingerprint is:
12:c3:54:a2:bb:97:0f:55:f7:ff:67:f7:af:04:37:c8 guest@SITE-CENTOS5-1
[guest@SITE-CENTOS5-1 .ssh]$ cp id_rsa.pub authorized_keys
[guest@SITE-CENTOS5-1 .ssh]$ chmod 600 ~/.ssh/authorized_keys
[guest@SITE-CENTOS5-1 .ssh]$ ls -l
total 12
-rw------- 1 guest guest 402 Aug 24 01:41 authorized_keys
-rw------- 1 guest guest 1675 Aug 24 01:41 id_rsa
-rw-r--r-- 1 guest guest 402 Aug 24 01:41 id_rsa.pub
[guest@SITE-CENTOS5-1 .ssh]$
If you still have issues send below information to appmanager-support@manageengine.com for further troubleshooting
1) Send us complete output for the AppManagerHome\bin\ServerSSHTroubleshoot.bat
or ServerSSHTroubleshoot.sh script with remote server hostname or ipaddress.
Follow the below link for usage of the command
https://desk.zoho.com/portal/manageengine/kb/articles/how-to-execute-serversshtroubleshoot-bat-or-sh-file-7-7-2017
2) Send us copy of /etc/ssh/sshd_config file (or /etc/sshd_config file) from
the remote server which are trying to add in Applications Manager via SSH
3) Open command prompt in remote server that you are trying to monitor in
Applications Manager with SSH
uname -a
/sbin/ifconfig -a
dladm show-link
hostname
4) Open command prompt in Applications Manager host and execute below command
with remote server hostname or ipaddress and send us the screenshot of the
output
telnet <hostname> <ssh_port>
Example:
telnet app-centos 22
5) Open command prompt in Applications Manager host and execute below commands
with remote server hostname and ipaddress and send us the screenshot of the
output
ping hostname
nslookup hostname
ping ipaddress
nslookup ipaddress
6) Try to add the server monitor in Applications Manager a couple of times and
then immediately create a new support information file and upload it to our
ftp.Refer the below link for steps to create support information file and
uploading it.
https://desk.zoho.com/portal/manageengine/kb/articles/where-do-i-find-the-log-files-that-i-need-to-send-to-technical-support-team-for-analysis
7) Check if you are able to connect with the same username & SSH KEY using
any other SSL client tool other than Applications Manager.
Related Articles
I am not able to add Server monitor with SSH key generated with passphrase and steps to generate SSH2 keys without passphrase.
As of now we do not support usage of SSH2 keys generated with passphrase in Applications Manager. However you can use a key generated without passphrase. Use the steps below to generate and use SSH2 keys. Using Puttygen generate a new private key ...Real User Monitor (RUM) - Troubleshooting
If the monitor has not polled data for long time. Follow below steps for troubleshooting Check prerequisites to done : Real User Monitor requires RUM Agent to be installed and mapped to Applications Manager. Refer the help page to know how to setup ...Troubleshooting URL Monitor
Here are few of the common errors you may come across in URL monitor, we have mentioned the steps you can follow to troubleshoot them. General troubleshooting for URL monitor Ensure that the URL is accessible from the server in which Applications ...Self monitor Applications Manager using APM Insight Java Agent
Applications Manager is built with Java, hence we can monitor it using APM Insight Java Agent to measure it's performance continuously, which can be very much useful. Setting up APM Insight Java Agent Follow the below steps to download and set up the ...Authentication Methods in Applications Manager
Authentication involves validating an incoming user to facilitate the access to a specific resource. There are various authentication methods that you can use - based on the requirements and usage. In recent times, numerous organizations are ...